立即与支持人员聊天
与支持团队交流

Identity Manager 8.1.4 - IT Shop Administration Guide

Setting up an IT Shop solution
One Identity Manager users in the IT Shop Implementing the IT Shop Requestable products Preparing products for requesting Assigning and removing products Preparing the IT Shop for multi-factor authentication Assignment requests and delegating Creating IT Shop requests from existing user accounts, assignments, and role memberships Adding Active Directory and SharePoint groups to the IT Shop automatically Adding Privileged Account Management user groups to the IT Shop automatically
Approval processes for IT Shop requests
Approval policies for requests Approval workflows for requests Determining the effective approval policies Selecting responsible approvers Request risk analysis Testing requests for rule compliance Approving requests from an approver Automatically approving requests Approval by peer group analysis Gathering further information about a request Appointing other approvers Escalating an approval step Approvers cannot be established Automatic approval on timeout Cancel request on timeout Approval by the chief approval team Approving requests with terms of use Using default approval processes
Request sequence Managing an IT Shop
IT Shop base data Setting up IT Shop structures Setting up a customer node Deleting IT Shop structures Templates for automatically filling the IT Shop Custom mail templates for notifications Request templates
Resolving errors in the IT Shop Configuration parameters for the IT Shop Request statuses Examples of request results

Sequence for limited requests

A recipient keeps a product on the shelf up to a specific point in time when they unsubscribe the products again. Sometimes, however, products are only required for a certain length of time and can be canceled automatically. The recipient is notified by email before the expiry date is reached and has the option to renew the request.

To set up the notification procedure

  1. In the Designer, set the QER | ITShop | ValidityWarning configuration parameter and enter the warning period (in days) for expiring requests.

  2. In the Designer, configure and activate the Reminder for IT Shop requests that expire soon schedule.

  3. Enter the following data for the approval policy:

    • Mail template expired: Select the mail template to be used for the email notification. The default installation provides the IT Shop request - product expires and IT Shop request - expired mail templates.

  4. Save the changes.
Related topics

Approving or denying request approval

When a request is granted approval or denied, the request recipient is notified by email. Notification may occur after approval or denial of a single approval step or once the entire approval process is complete. Requests can be automatically granted or denied approval once a specified time period has expired. The recipient is notified in the same way in this case.

To set up the notification procedure

  • If notification should be sent immediately after an approval decision is made for a single approval step, enter the following data on the Mail templates tab of the approval step.

    • Mail template approved: IT Shop request - approval granted for approval step

    • Mail template denied: IT Shop request - approval not granted for approval step

  • Enter the following data in the approval policy when notification should immediately follow the approval decision of the entire approval process:

    • Mail template approved: IT Shop request - approval granted

    • Mail template denied: IT Shop request - approval not granted

Related topics

Notifying delegates

A delegator can, if required, receive notifications if the recipient of the delegation has made an approval decision in the IT Shop. Notification is sent once an employee has been determined as an approver due to delegation and has made an approval decision for the request.

To send notification when the employee who was delegated an approval approves or denies the request

  • In the Designer, set the QER | ITShop | Delegation | MailTemplateIdents | InformDelegatorAboutDecisionITShop configuration parameter.

    By default, a notification is sent with the Delegation - inform delegator about decided request mail template.

TIP: To use custom mail templates for emails of this type, change the value of the configuration parameter.

Delegations are taken into account in the following default approval procedures.

Table 61: Delegation relevant default approval procedures

Delegation of

Approval procedure

Department responsibilities

D0, D1, D2, DM, DP, MS

Cost center responsibilities

P0, P1, P2, PM, PP, MS

Location responsibilities

MS

Business role responsibilities

OM, MS

Employee responsibilities

CM

IT Shop structure responsibilities

H0, H1, H2

Memberships in business roles

OR

Memberships in application roles

DI, DR, ID, IL, IO, IP, OA, OC, OH, PI, PR, RD, RL, RO, RP, TO

Example

Jon Blogs is responsible for the R1 business role. He delegates his responsibility for the business role to Clara Harris. Clara Harris is herself responsible for R2 business role.

A member of the R1 business role requests a product in the IT Shop. Jon Bloggs is established as an approver through the OM - Manager of a specific role approval process. The request is assigned to Clara Harris for approval through delegation. Jon Blogs is notified as soon as Clara Harris has made her approval decision.

A member of the R2 business role requests a product in the IT Shop. Clara Harris is determined as the approver through the OM - Manager of a specific role approval workflow. No notification is sent because Clara Harris does not make the approval decision due to delegation.

Bulk delegation

You have the option to delegate all your responsibilities to one person in the Web Portal. If you have a lot of responsibilities, it is possible that not all the delegations are carried out. A delegator can send a notification to themselves if an error occurs.

Detailed information about this topic
Related topics

Canceling requests

Requests can be automatically aborted for various reasons, for example, when a specified time period has expired or if no approver can be found. The request recipient is notified.

To set up the notification procedure

  • In the approval policy, on the Mail templates tab, enter the following data.

    Mail template aborted: IT Shop request - Aborted

Related topics
相关文档

The document was helpful.

选择评级

I easily found the information I needed.

选择评级