The IT The IAM Shop makes requesting access to resources easy. Instead of navigating throughout the Web site looking for a specific resource—like resource – like an application, a role, or a group , or a hard asset like a laptop—you – you can go to the IT IAM Shop. The IT IAM Shop allows you to quickly see what resources you currently have access to and shop for more—both for yourself and for othersmore. You simply search for what you want and put it in your cart. Once an item is placed in the cart, it stays in the cart until you check out or remove it. In this way, you can go about your business, navigating away from the IT Shop and even logging out of the EmpowerID Web application IAM Shop without losing the contents of your cart. When you are ready to checkout, that is, submit your request for access request(s(known as a business request in EmpowerID), you review the items in your cart, add a reason for requesting those items and click click then Submit. Your requests then route for approval—first approval – to managers and then to those with the RBAC delegations needed to make the final decision.
IT Shop Pages
The IT Shop contains the following four pages.
Request Access
The Request Access page (shown in the image above) contains all resources that have been published to the IT Shop. This page is the page you see when shopping for resources. From this page, you can search for and request access to any resources in the shop. Once your requests are in your cart, you simply submit them and wait for a response. If you have been given the delegations needed to access the resources without needing approval, the EmpowerID system grants you immediate access.
Resources in the IT Shop are divided by resource type (applications, roles, computers, groups, etc.) to allow you to filter the items for which you are shopping. You can tell which filter is being applied to the IT Shop by the image associated with the search field. To change the filter, you select the image that represents the resource type. These filters are as follows:
...
...
...
This is the application filter. When you apply this filter to the IT Shop search field, your search returns applications available to you in the IT Shop.
...
...
This is the Exchange mailbox filter. When you apply this filter to the IT Shop search field, your search returns mailboxes available to you in the IT Shop.
...
This is the group filter. When you apply this filter to the IT Shop search field, your search returns groups available to you in the IT Shop.
...
This is the Management Role filter. When you apply this filter to the IT Shop search field, your search returns Management Roles available to you in the IT Shop.
...
...
This is the Shared Folder filter. When you apply this filter to the IT Shop search field, your search returns shared folders available to you in the IT Shop.
...
...
My Access
The My Access page provides a central location for you to see all the resources to which you currently have access, as well as the type of access to those resources you have. Similar to the Find Resources page, the My Access page can be filtered to show resources by resource type.
...
The My Access page is comprised of a number of tabs as well as a Show Access link for each resource to which you you currently have access. The below table provides a description of each of the page elements.
...
Resources I Manage
The Resources I Manage page provides a central location for you to see and manage all the resources for which you are a resource owner. In EmpowerID, resource owners have the ability to grant other users access to the resources they own. As with the Request Access and My Access pages, the Resources I Manage page can be filtered by resource type.
...
As shown in the above image, each resource item record contains an Who Has Access link. When clicked, this link opens a pane that allows the resource owner to see who currently has access to the resource and the type of access they have, as well as provides them with the ability to grant new access assignments against the resource.
Workflows
The Workflows page provides a central location for you to access any self-service workflow to which you are entitled, such as the Change Your Password and Edit Your Profile workflows.
, if necessary, other designated approvers.
...
Navigating the IAM Shop
When you log in to the IAM Shop, you can see the pages and controls to which you have access. In the below image, the logged-in user has full access to the IAM Shop and can see all pages and controls. Depending on your access, you may or may not see everything shown.
...
The IAM Shop application includes the following controls. Depending on your access to the IAM Shop, you may not see all controls listed in the table.
Control | Description |
|---|---|
Navigation Sidebar | Allows you to seamlessly navigate from the IAM Shop to other EmpowerID applications |
Filter Pane | Provides filters to allow you to selectively filter the resources they see. |
Filters | |
Resource Type | Filter available resource by resource type. Available resource types include:
|
Shopping For | Shop for self or another person |
Show Only Pre-Approved | Filter to show only roles for which the user is pre-approved to receive via Eligibility policies. This filter appears only when shopping for either Business Roles, Application Roles, or Management Roles. |
Show Suggested Roles | Filter to show roles suggested for the user via Eligibility policies. This filter appears only when shopping for either Business Roles or Management Roles. |
Applications | Filter to show only roles that can requested for a specific application. This filter appears only when shopping for either Business Roles, Application Roles, or Management Roles. |
Business Domains | Filter available roles by Business Domain. This filter appears only when shopping for either Business Roles or Management Roles. |
Business Functions | Filter available Business Roles by Business Functions. This filter appears only when shopping for either Business Roles, Application Role, or Management Roles. |
Rights | Filter available roles by external system rights granted to those roles. This filter appears only when shopping for either Business Roles, Application Roles, or Management Roles. |
Suggest Application Roles | Filter to show roles suggested for the user via Eligibility policies. This filter appears only when shopping for Application Roles. |
Target System | Filters available Application Roles based on the selected Account Store Type and / or Account Store.
|
Application Processes | Filters available Application Roles based on the selected process. This filter appears only when shopping for Application Roles. |
TCode Search | Filters available Application Roles by TCode. This filter appears only when shopping for Application Roles |
Shop By Reference Person | Filter available resources to show only those given to the referenced person. This is useful for quickly requesting access to the same resources of the referenced person when that person has the same job function as the person shopping for resources. The user shopping must have the same eligibility and visibility of the referenced person to see that person’s resources. |
Advanced Search | Provides advanced search capabilities to further filter the resources that appear to the shopper. |
Resource Panel | Provides a grid or card view of the roles for which the user can request. Each record can be clicked to open a pane that contains an Overview of the request and a Process Steps view from which you can see how far along in the approval process the request is. You can view and add comments here as well. |
Shopping Cart | The shopping cart contains the business items the user has requested but not yet submitted. You shopping for both themselves and others will see two shopping carts. One containing items for themselves and the other containing items requested for others.  |
Manage Access Page | The Manage Access page provides you with views of their current access. (Users with the appropriate delegations can view the access that others have in addition to their own access.) You can access this page by clicking their name and selecting Manage Access.  The page contains the following elements:
|
Using the Manage Access Page
The Manage Access page provides you with a view of your current access, filtered by role type. When you navigate to the page, the default view you see is a grid view with records of your current Business Roles. Each record includes a Details button that you can click to open an Overview pane containing more information about the requested resource. The below image shows the default view of the Manage Access page for a user with one Business Role.
...
Figure 2: Manage Access Page of the IAM Shop
What can I do on this page?
You can search for a specific resource item and type by using the search bar and filter located at the top of the page.
You can view all resources to which you have access by selecting the filter for that resource type.
You can view the details about a particular role they have by clicking the Details button for the role.
You with the authority to revoke access to a role can do so by clicking the Revoke button for the role.
You can view all roles to which another person has access by selecting that person as the Target Person. You must have access to view the person and the person’s roles to do so.
You can view any roles they have that are limited to specific dates and times by toggling the Show Time Constrained button.
You can view pending requests by clicking the View Pending Access button. Clicking the button directs the user’s browser to the My Requests View of the My Tasks application.
| Insert excerpt | ||||||
|---|---|---|---|---|---|---|
|