...
The following illustration shows the general flow of users shopping for resources in the IAM Shop.
...
...
Navigating the IAM Shop
With access to the IAM Shop, users can request roles and other resources provided by the organization. As detailed in the below table, the IAM Shop application features various controls to accommodate users' needs. Please note that not all users will see all controls, as it depends on their access to the IAM Shop.
Control | Description |
---|---|
Navigation Sidebar | Allows users to navigate from the IAM Shop to other EmpowerID applications |
Resource Panel | Provides a grid or card view of the resources the user can request. Each record can be clicked to open a pane containing an Overview of the request and a Process Steps view from which users can see how far along the approval process the request is. Users can view and add comments here as well. |
Shopping Cart | The shopping cart contains requested business items the user has requested but not yet submitted. Users who are shopping for themselves and others will see multiple shopping carts, one containing their items and the others containing items requested for others. |
Manage Access Page | The Manage Access page provides users with views of their current access, filtered by the selected resource type (Management Roles in the below image). Users caccess this page by selecting Manage Access. Once on the page, they can submit requests to revoke their access to a given resource item by clicking the Revoke button. |
Workflows Page | Provides a list of workflows the current user can initiate against the selected resource type. The below image shows workflows that can be initiated against groups. Users must have access to the page and the right to initiate the workflows to see them in the IAM Shop. |
Filter Pane | Provides filters to allow users to selectively filter the resources they see. |
Filters | |
Resource Type | Filter available resources by resource type. Available resource types include:
|
Shopping For | Shop for yourself or another person. |
Show Only Pre-Approved | Filter to show only resources user is pre-approved to receive via Eligibility policies. This filter appears only when shopping for groups, Business Roles, Management Roles, and computers. |
Suggest Additional Resources | Filter to show additional resources suggested for the user via Eligibility policies. This filter appears only when shopping for groups, Business Roles, and Management Roles. |
Target System | Filters available Application Roles based on the selected Account Store Type and/or Account Store.
|
Applications | Filter to show only the groups or roles that can be requested for a specific application. This filter appears only when shopping for groups, Business Roles, and Management Roles. |
Business Domains | Filter available roles by Business Domain. This filter appears only when shopping for Business Roles and Management Roles. |
Business Functions | Filter available groups and roles by Business Functions. This filter appears only when shopping for groups, Business Roles, and Management Roles. |
Rights | Filter available roles by external system rights granted to those roles. This filter appears only when shopping for groups, Business Roles, and Management Roles. |
Application Processes | Filters available groups based on the selected process. This filter appears only when shopping for groups. |
Shop by Reference Person | Filters available resources to show only those given to the referenced person. This is useful for quickly requesting access to the same resources of the referenced person. The user shopping must be able to view the reference person and have the same eligibility to see that person’s resources. |
Advanced Search | Provides advanced search capabilities to further filter resources. |
The architecture of the IAM Shop Microservice
The IAM Shop microservice is a pre-built application that includes several protected subcomponents, which are the building blocks of the microservice. Each subcomponent comprises the individual pages and controls that users interact with to access the features of the IAM Shop. Each subcomponent essentially functions as an independent application, allowing its access to be modified for users via their Access Level assignments. This flexibility streamlines customization, enabling the addition and removal of subcomponents directly from EmpowerID's web interface.
...