Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

The following illustration shows the general flow of users shopping for resources in the IAM Shop.

...

...

Navigating the IAM Shop

With access to the IAM Shop, users can request roles and other resources provided by the organization. As detailed in the below table, the IAM Shop application features various controls to accommodate users' needs. Please note that not all users will see all controls, as it depends on their access to the IAM Shop.

Control

Description

Navigation Sidebar

Allows users to navigate from the IAM Shop to other EmpowerID applications

Resource Panel

Provides a grid or card view of the resources the user can request. Each record can be clicked to open a pane containing an Overview of the request and a Process Steps view from which users can see how far along the approval process the request is. Users can view and add comments here as well.

Shopping Cart

The shopping cart contains requested business items the user has requested but not yet submitted. Users who are shopping for themselves and others will see multiple shopping carts, one containing their items and the others containing items requested for others.

Image Added

Manage Access Page

The Manage Access page provides users with views of their current access, filtered by the selected resource type (Management Roles in the below image). Users caccess this page by selecting Manage Access. Once on the page, they can submit requests to revoke their access to a given resource item by clicking the Revoke button.

Image Added

Workflows Page

Provides a list of workflows the current user can initiate against the selected resource type. The below image shows workflows that can be initiated against groups. Users must have access to the page and the right to initiate the workflows to see them in the IAM Shop.

Image Added

Filter Pane

Provides filters to allow users to selectively filter the resources they see.

Filters

Resource Type

Filter available resources by resource type. Available resource types include:

  • Groups

  • Business Roles

  • Applications

  • Azure Licenses

  • Azure Roles

  • Management Roles

  • Mailboxes

  • Shared Folders

  • Computers

  • Credentials

Shopping For

Shop for yourself or another person.

Show Only Pre-Approved

Filter to show only resources user is pre-approved to receive via Eligibility policies. This filter appears only when shopping for groups, Business Roles, Management Roles, and computers.

Suggest Additional Resources

Filter to show additional resources suggested for the user via Eligibility policies. This filter appears only when shopping for groups, Business Roles, and Management Roles.

Target System

Filters available Application Roles based on the selected Account Store Type and/or Account Store.

  • Select Account Store Type allows users to filter groups to display only those belonging to Account Stores configured with the selected Account Store Type. Account Store Type is a configurable setting that can be used to logically categorize Account Stores.

  • Select Account Store allows users to filter groups to display only those belonging to the selected Account Store. To be a filter option, Account Stores must have the Is Visible in IAM Shop property set to true. The filter is used in conjunction with the selected Account Store Type filter to display groups belonging to the selected account store. Groups existing in other account stores are excluded.

    Image Added

Applications

Filter to show only the groups or roles that can be requested for a specific application. This filter appears only when shopping for groups, Business Roles, and Management Roles.

Business Domains

Filter available roles by Business Domain. This filter appears only when shopping for Business Roles and Management Roles.

Image Added

Business Functions

Filter available groups and roles by Business Functions. This filter appears only when shopping for groups, Business Roles, and Management Roles.

Image Added

Rights

Filter available roles by external system rights granted to those roles. This filter appears only when shopping for groups, Business Roles, and Management Roles.

Application Processes

Filters available groups based on the selected process. This filter appears only when shopping for groups.

Shop by Reference Person

Filters available resources to show only those given to the referenced person. This is useful for quickly requesting access to the same resources of the referenced person. The user shopping must be able to view the reference person and have the same eligibility to see that person’s resources.

Advanced Search

Provides advanced search capabilities to further filter resources.

The architecture of the IAM Shop Microservice

The IAM Shop microservice is a pre-built application that includes several protected subcomponents, which are the building blocks of the microservice. Each subcomponent comprises the individual pages and controls that users interact with to access the features of the IAM Shop. Each subcomponent essentially functions as an independent application, allowing its access to be modified for users via their Access Level assignments. This flexibility streamlines customization, enabling the addition and removal of subcomponents directly from EmpowerID's web interface.

...