立即与支持人员聊天
与支持团队交流

Identity Manager 9.0 LTS - Web Portal User Guide

General tips and getting started Requests
Setting up and configuring request functions Requesting products Saved for Later list Managing my request templates Pending requests Displaying request history Canceling requests Renewing products with limit validity periods Unsubscribing products Displaying approvals Undoing approvals
Attestation Compliance Responsibilities
My responsibilities
Managing my departments Managing my application roles Managing my business roles Managing my identities Managing my cost centers Managing my locations Managing my system entitlements Managing my system roles
Delegating tasks Ownerships
Managing data
Managing identities Managing user accounts Managing system entitlements Managing departments Managing locations Managing cost centers Managing business roles Managing system roles
Appendix: Attestation conditions and approval policies from attestation procedures

Requesting products through peer groups

You can see and request products that other identities within your environment have already requested. As a manager, you can also see products from the peer group of an identity that you manage. This way, you have a quick method of requesting products that are important to you or your responsible identities.

A peer group contains all the identities that have the same manager or the same primary or secondary department as the request recipient.

To request other identities' products

  1. In the menu bar, click Requests > New request.

  2. (Optional) If you want to make a request for another identity or check which products have been requested by their peer group, proceeds as follows:

    1. On the New Request page, enable the For others option.

    2. In the Recipients field, click Assign.

    3. In the Change recipient pane, in the list, select the check boxes next to the identity you want to request products for.

      NOTE: The list may contain a maximum of one identity. To remove an identity from the list, clear the check box next to the respective identity.

    4. Click Apply.

  3. On the New Request page, click (Actions) > Show products other identities requested.

    This opens the New Request - By Peer Group page that, on the Products and Organizational Structures tabs, lists requests, memberships, and the peer group entitlements of the selected identity.

  4. Add the products that you want to save for later, to the shopping cart (see Adding products to the shopping cart).

  5. On the My Shopping Cart page, click Submit.

    TIP: You can also add more products to your shopping cart and configure various settings. For more information, see Managing products in the shopping cart.

Related topics

Requesting using request templates

You can use your own (private) request templates or request templates that are shared with all users (public) for making requests. This helps simplify proper provisioning for a particular job or function. For example, a template may contain all the products a new identity needs to get started. If you use a template for a request, you are not obliged to request all the products in the template. You only have to select the products you want from the template.

TIP: To find out how you can request the same products as another identity, see Requesting products through reference users.

To request products using a request template

  1. In the menu bar, click Requests > New request.

  2. On the New Request page, click the Request Templates tab.

  3. (Optional) On the Request Templates tab, select which request templates you want to display:

    • All request templates: Displays all available request templates (private and public).

    • Public request templates: Displays all request templates that users have shared with other users.

    • Private request templates: Displays all request templates that you have created and not shared with other users.

  4. To add products from request templates in the shopping cart, perform the following actions:

    TIP: To select all the displayed request templates, next to Selected products, click Select all on page.

    To remove the request template selection, next to Selected products, click Deselect all.

    TIP: If you want to see which products are contained in a request template, click Details.

  5. On the Shopping Cart page, click Submit.

    TIP: You can also add more products to your shopping cart and configure various settings. For more information, see Managing products in the shopping cart.

Related topics

Requesting privileged access

You can use the Privileged access requests service category to request privileged access to high-security systems (Privileged Account Management systems).

TIP: For more information on the topic of Privileged Account Management, see the One Identity Manager Administration Guide for Privileged Account Governance.

To request privileged access

  1. In the menu bar, click Requests > New request.

  2. On the New Request page, click Show products from service category.

  3. In the Service category pane, click Privileged access requests.

  4. On the New Request page, select how you want to access the system by selecting the check box in front of the corresponding option:

    • Password release request: Request a temporary password.

    • Remote desktop session request: Request temporary access through a remote desktop connection.

    • SSH key request: Request temporarily valid SSH key.

    • SSH session request: Request temporary access through an SSH session.

    • Telnet session requests: Request temporary access using a Telnet session.

  5. Click Add to cart.

  6. In the Request Details pane, expand the selected product.

  7. In the PAM user account menu, select the PAM user account that you want to use for PAM access.

  8. Depending on the type of access you have selected, perform one of the following actions:

    • Password request or SSH key request:

      1. In the System to access field, click Assign.

      2. In the System to access pane, select whether you want to request access for a PAM asset or a PAM directory.

      3. Next to the corresponding PAM directory or PAM asset, click Assign.

    • Remote desktop session request, SSH session request, or Telnet session request: In the System to access, select the corresponding PAM asset.

  9. Perform the following actions:

    1. In the Account to access field, click Assign.

    2. In the Account for access pane, select whether you want to request access for a PAM asset account or a PAM directory account.

    3. Next to the corresponding PAM asset account or PAM directory account, click Assign.

  10. (Optional) In the Comment field, enter a comment, for example, to justify why you are requesting this access.

  11. In the Valid from field, specify the time from which you want the access to be valid or clear the check box so that access is valid from the time of this request.

  12. In Checkout duration, enter the number of minutes for which the access is valid.

    NOTE: This duration refers to your entry in the Valid from field. For example, if you have specified that the access is valid from 12 noon tomorrow and should be valid for 60 minutes, then the validity period will expire at 1 pm tomorrow.

  13. Click Apply.

  14. (Optional) Repeat the steps for all other users and access types.

  15. Click Submit.

  16. On the Shopping Cart page, click Submit.

    TIP: You can also add more products to your shopping cart and configure various settings. For more information, see Managing products in the shopping cart.

    Once the request has been approved, a button will appear in the request details pane of the request history (see Displaying request history) that you can use to log in to the Privileged Account Management system to obtain the login credentials.

Related topics

Requests for Active Directory groups

To manage Active Directory groups, you can make different requests.

Detailed information about this topic
相关文档

The document was helpful.

选择评级

I easily found the information I needed.

选择评级