立即与支持人员聊天
与支持团队交流

Identity Manager 9.2 - IT Shop Administration Guide

Setting up an IT Shop solution
One Identity Manager users in the IT Shop Implementing the IT Shop Using the IT Shop with the Application Governance Module Requestable products Preparing products for requesting Assigning and removing products Preparing the IT Shop for multi-factor authentication Assignment requests Delegations Creating IT Shop requests from existing user accounts, assignments, and role memberships Adding system entitlements automatically to the IT Shop Deleting unused application roles for product owners
Approval processes for IT Shop requests
Approval policies for requests Approval workflows for requests Determining effective approval policies Selecting responsible approvers Request risk analysis Testing requests for rule compliance Approving requests from an approver Automatically approving requests Approval by peer group analysis Approval recommendations for requests Gathering further information about a request Appointing other approvers Escalating an approval step Approvers cannot be established Automatic approval on timeout Halting a request on timeout Approval by the chief approval team Approving requests with terms of use Using default approval processes
Request sequence
The request overview Requesting products more than once Requests with limited validity period Relocating a customer or product to another shop Changing approval workflows of pending requests Requests for employees Requesting change of manager for an employee Canceling requests Unsubscribe products Notifications in the request process Approval by mail Adaptive cards approval Requests with limited validity period for changed role memberships Requests from permanently deactivated identities Deleting request procedures and deputizations
Managing an IT Shop
IT Shop base data Setting up IT Shop structures Setting up a customer node Deleting IT Shop structures Restructuring the IT Shop Templates for automatically filling the IT Shop Custom mail templates for notifications Product bundles Recommendations and tips for transporting IT Shop components with the Database Transporter
Troubleshooting errors in the IT Shop Configuration parameters for the IT Shop Request statuses Examples of request results

Moving products to another shelf

A product can be moved to another shelf. If the shelf is in another shop, the system checks whether the request recipient is also a customer in the new shop.

NOTE: Standard products cannot be moved.

To move a product to another shelf

  1. In the Manager, select the IT Shop > IT Shop > <shop> > Shelf: <shelf> or the IT Shop > IT Shop > <shopping center> > <shop> > Shelf: <shelf> category.

  2. Select an object in the result list.

  3. Select the Move to another shelf task.

  4. Select the new shelf.

  5. Click OK.

To move multiple products to another shelf

  1. In the Manager, select the IT Shop > IT Shop > <shop> category or the IT Shop > IT Shop > <shopping center> > <shop> category.

  2. Select the shelf in the result list.

  3. Select the Move products to another shelf task.

  4. Select the shelf to move the products to.

  5. Select which products to move.

  6. Click OK.
Detailed information about this topic

Replacing products

A product can be replaced by another product at a specified time. All identities who have requested this product are notified by an email telling them to request a replacement product.

To replace a product with another one

  1. In the Manager, select the IT Shop > Service catalog > Hierarchical by service categories > <service category> category.

    - OR -

    In the Manager, select the IT Shop > Service catalog > Hierarchical by service categories > Singles category.

  2. Select the product's service item to replace in the result list.

  3. Select the Change product task.

  4. Enter the following data:

    • Expiry date: Date on which the product is replaced by a different product.

    • Alternative product: Service item that can be requested instead.

  5. Click OK.
Related topics

Preparing the IT Shop for multi-factor authentication

You can use multi-factor authentication for specific security-critical resource requests, which requires every approver for the request approval to authenticate themselves again. Define which products require this authentication in your service items.

One Identity Manager uses OneLogin for multi-factor authentication. Usable authentication modes are determined through the OneLogin user accounts linked to the identities.

Prerequisites

In OneLogin:

  • At least one authentication method is configured on all user accounts that are going to use multi-factor authentication.

In One Identity Manager:

  • The OneLogin Module is installed.

  • Synchronization with a OneLogin domain is set up and has been run at least once.

  • Identities linked to OneLogin user accounts.

  • The API Server and the web application are configured as required.

For more information about setting up multi-factor authentication, see the One Identity Manager Authorization and Authentication Guide.

To use multi-factor authentication in the IT Shop

  • In the Manager, create service items for the product that can only be requested with multi-factor authentication.

    • Enable the Approval by multi-factor authentication option.

Once the Approval by multi-factor authentication option is enabled on a service item, additional authentication is requested in each approval step of the approval process. Approvers can select any one of the authentication methods assigned to their OneLogin user accounts.

IMPORTANT: An approval cannot be sent by email if multi-factor authentication is configured for the requested product. Approval mails for such requests produce an error message.

For more information about requesting products requiring multi-factor authentication and about canceling products, see the One Identity Manager Web Portal User Guide.

Related topics

Assignment requests

You can also use One Identity Manager to request hierarchical roles, like departments, or business roles, through the IT Shop and assign them to identities, devices, and workdesks. This allows any number of assignments to be made through IT Shop requests. The advantage of this method is that any assignments can be authorized using an approval process. Assignment renewals and assignment recall are also subject to an approval process in the same way. The request history makes it possible to follow which assignments were requested, renewed, or canceled, why, when, and by whom.

The managers of business roles, organizations, and system roles can make assignments requests for their roles.

In the Web Portal, managers of business roles, organizations, and system roles can see assignments requests for roles under their supervision. Use the QER | ITShop | ShowClosedAssignmentOrders configuration parameter to specify whether all assignment requests are displayed or only open ones. By default, pending as well as closed assignment requests are displayed.

To only display a manager's pending assignment requests in the Web Portal

  • Disable the QER | ITShop| ShowClosedAssignmentOrders configuration parameter in the Designer.

相关文档

The document was helpful.

选择评级

I easily found the information I needed.

选择评级