Versions Compared

Old Version 1

changes.mady.by.user Phillip Hanegan

Saved on

compared with

New Version 2

changes.mady.by.user Phillip Hanegan

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

When users log in to the IAM Shop, they can see the pages and controls to which their roles grant them access. (See IAM Shop Management Roles for access granted.) In the below image, the logged-in user has full access to the IAM Shop and can see all pages and controls. Users can see and request access to those entitlements for which they are eligible or which the person they are shopping for is eligible. Entitlement display names and descriptions can be localized.

...

...

From the IAM Shop, users can shop for roles or other published resources and submit Business Requests for those objectsrequest access to those objects. This requesting action is known as submitting a Business Request.

The IAM Shop application includes the following controls. Depending Not all users will see all controls depending on their access to the IAM Shop, not all users will see all controls.

Control

Description

Navigation Sidebar

Allows users to seamlessly navigate from the IAM Shop to other EmpowerID applications

Resource Panel

Provides a grid or card view of the resources the user can request. Each record can be clicked to open a pane containing an Overview of the request and a Process Steps view from which users can see how far along the approval process the request is. Users can view and add comments here as well.

Shopping Cart

The shopping causer's requested business itemser has requested but not yet submitteers shopping for both themselves and others will see two shopping carts, one containing items for themselves and the other containing items requested for others.

Image Added

Manage Access Page

The Manage Access page provides users with views of their current access, filtered by the selected resource type (Management Roles in the below image). Users caccess this page by selecting Manage Access. Once on the page, they can submit requests to revoke their access to a given resource item by clicking the Revoke button.

Image Added

Workflows Page

Provides a list of workflows the current user can initiate against the selected resource type. The below image shows workflows that can be initiated against groups. Users must have access to the page and the right to initiate the workflows to see them in the IAM Shop.

Image Added

Filter Pane

Provides filters to allow users to selectively filter the resources they see.

Filters

Resource Type

Filter available resource availabresourcesrce by resource type. Available resource types include:

  • ApplicationsGroupsApplication

  • Roles (Groups)Business Roles

  • Applications

  • Azure Licenses

  • Azure Roles

  • Management Roles

  • Mailboxes

  • Shared Folders

  • Computers

  • Credentials

Shopping For

Shop for self yourself or another person.

Show Only Pre-Approved

Filter to show only roles for which the resources user is pre-approved to receive via Eligibility policies. This filter appears only when shopping for groups, Business Roles, Application Management Roles, and Management Rolescomputers.Show Suggested Roles

Suggest Additional Resources

Filter to show roles additional resources suggested for the user via Eligibility policies. This filter appears only when shopping for Business Roles and Management Roles.

Applications

Filter to show only roles that can requested for a specific application. This filter appears only when shopping for Business Roles, Application Roles, and Management Roles.

Business Domains

Filter available roles by Business Domain. This filter appears only when shopping for Business Roles and Management Roles.

Business Functions

Filter available Business Roles by Business Functions. This filter appears only when shopping for Business Roles, Application Role, and Management Roles.

Rights

Filter available roles by external system rights granted to those roles. This filter appears only when shopping for Business Roles, Application Roles, groups, Business Roles, and Management Roles.

Suggest Application Roles

Filter to show roles suggested for the user via Eligibility policies. This filter appears only when shopping for Application Roles.

Target System

Filters available Application Roles based on the selected Account Store Type and/or Account Store.

Filters available Application Roles based on the selected process

  • Select Account Store Type allows users to filter Application Roles groups to display only those roles belonging to Account Stores configured with the selected Account Store Type. Account Store Type is a configurable setting that can be used to logically categorize Account Stores.

  • Select Account Store allows users to filter Application Roles groups to display only those roles belonging to the selected Account Store. To be a filter option, Account Stores must have the IsPublishedInITShop Is Visible in IAM Shop property set to true. The filter is used in conjunction with the selected Account Store Type filter to display to users only the Application Roles groups belonging to the selected account store. Application Roles from Groups existing in other account stores are excluded.

    Image Removed

Application Processes

  • Image Added

Applications

Filter to show only the groups or roles that can be requested for a specific application. This filter appears only when shopping for groups, Business Roles, and Management Roles.

Business Domains

Filter available roles by Business Domain. This filter appears only when shopping for Business Roles and Management Roles.

Image Added

Business Functions

Filter available groups and roles by Business Functions. This filter appears only when shopping for Application groups, Business Roles, and Management Roles.

Image Added

TCode

SearchRights

Filters Filter available Application Roles by TCoderoles by external system rights granted to those roles. This filter appears only when shopping for Application RolesShop By groups, Business Roles, and Management Roles.

Application Processes

Filters available groups based on the selected process. This filter appears only when shopping for groups.

Shop by Reference Person

Filter Filters available resources to show only those given to the referenced person. This is useful for quickly requesting access to the same resources of the referenced person when that person has the same job function as the person shopping for resources. The user shopping must be able to view the reference person and have the same eligibility and visibility of the referenced person to see that person’s resources.

This filter appears only when shopping for

Advanced Search

Provides advanced search capabilities to further filter the resources that appear to the shopper.

Resource Panel

Provides a grid or card view of the roles for which the user can request. Each record can be clicked to open a pane that contains an Overview of the request and a Process Steps view from which users can see how far along in the approval process the request is. Users can view and add comments here as well.

Shopping Cart

The shopping cart contains the business items the user has requested but not yet submitted. Users shopping for both themselves and others will see two shopping carts. One containing items for themselves and the other containing items requested for others.

Image Removed

Manage Access Page

The Manage Access page provides users with views of their current access, filtered by the selected resource type (Management Roles in the below image). Users can access this page selecting Manage Access. Once on the page, they can submit requests to revoke their access to a given resource item by clicking the Revoke button.

Image Removed

Shopping for resources

Users access the IAM Shop to request available resources. resources they are eligible to receive or to activate resource assignments they are preapproved This requesting action is known as creating or submitting a “Business Request.” Once a Business Request is submitted, EmpowerID routes it for approval based on the Approval Flow policies configured for that request. the requested resource.

Easy html macro
theme{"label":"solarized_dark","value":"solarized_dark"}
contentByMode{"html":"<!doctype html>\r\n<link href=\"https://cdn.jsdelivr.net/npm/bootstrap@5.0.2/dist/css/bootstrap.min.css\" rel=\"stylesheet\" integrity=\"sha384-EVSTQN3/azprG1Anm3QDgpJLIm9Nao0Yz1ztcQTwFspd3yD65VohhpuuCOmLASjC\" crossorigin=\"anonymous\">\r\n<link href=\"https://docs.empowerid.com/new_docs.css\" rel=\"stylesheet\">\r\n<script src=\"https://cdn.jsdelivr.net/npm/bootstrap@5.0.2/dist/js/bootstrap.bundle.min.js\" integrity=\"sha384-MrcW6ZMFYlzcLA8Nl+NtUVF0sA7MsXsP1UyJoMp4YLEuNSfAP+JcXn/tWtIaxVXM\" crossorigin=\"anonymous\"></script>\r\n<div class = \"bd-callout bd-callout-success\">\r\n <p>If users are preapproved for a \r\nresource via Eligibility policies, they will see an <b>Activate</b> button \r\nfor the resource. When this is the case, they can click the button to gain \r\naccess. No business requests are created as no further approvals are needed \r\nfor EmpowerID to fulfill the assignment.</p>\r\n <p><img src=\"https://docs.empowerID.com/assets/img/confluence/IAM Shop/IAMShop_buttonPreapproved.png\" style=\"padding: 10px;max-height: 600px\"/></p>\r\n</div>","javascript":"","css":".bd-callout {\n overflow:hidden;\n}"}

The following demonstrates a typical IAM Shop user experience.
  1. The user accesses the IAM Shop and filters the available resources to those for which that user is shopping.
  2. The user 
...
  1. clicks the Request Access button for a specific resource, which opens 
...
  1. a panel with more information about the resource 
...
  1. and options for requesting access.
...
  1. Image Added
  2. Users then click Add to Cart to add the requested 
...
  1. resource to their cart.
...
  1. When ready to review the items in their carts, users click the cart icon 
...
  1. to open the shopping cart. 
    Image Added
  2. When ready to submit 
...
  1. their requests for approval, users do the following:
...
Optionally enter a Business Request Type
    • Enter a Business Request Name.
    • Optionally 
...
    • select a due date.
    • Optionally 
...
    • add a comment.
...
    • Click Submit.
  2. Once successfully submitted, a window appears stating that the cart was successfully submitted with a link to track the status of the request.
...
  1. Image Added
  2. Clicking the link directs the user’s browser to the My Request page of the My Tasks application with the Overview card for the request open. 
...
  1. Overview cards allow users to view details about 
...
  1. their requests and the number of approvals needed for 
...
  1. access to be granted.
...
  1. Image Added
Using the Manage Access Page
The Manage Access page provides users with a view of their current access, filtered by resource type. When users navigate to the page, the default view they see is a grid view with records of their current resources for the selected resource type. Each record includes a Details button that users can click to open an Overview pane containing more information about the role, including who owns the role and the access granted to the user by the role. The below image shows the default view of the Manage Access page for a user with one Azure Role.
...
. 
...
What can users do on this page?
  • Users can search for a specific resource and type by using the search bar and filter located at the top of the page.
    Image Removed
    Users can view all roles to which they have access by selecting the filter for that role typeassignment.
  • Users can view the details about a particular role they have resource assignment by clicking the Details button for the role. 
  • Users with the authority to revoke their access to a role resource can do so by clicking the Revoke button for the role.
    Image Added
  • Users with the appropriate access can view all roles to which the resources another person has access to by selecting that person as in the Shopping Manage Forrecipient field. Users must have access to view the person and the person’s roles resources to do so.
    Image RemovedImage Added
  • Users can view any roles resources they have access to that are limited to specific dates and times by toggling the Show Time Constrained button.
  • Users can view pending requests by clicking the View Pending Access button. Clicking the button directs the user’s browser to the My Requests View of the My Tasks application.
    Image RemovedImage Added
 Insert excerpt
IL:External Stylesheet
IL:External Stylesheet
nopaneltrue
Using the Workflows Page
The Workflows page provides authorized users with workflows that can be initiated against a particular resource type. To view the workflows available for a resource type, users select the desired resource type and navigate to the Workflows page. The below image shows the workflows available for the Credential resource type. 
...