Skip to end of banner
Go to start of banner

Edit Application IAM Shop Settings

Skip to end of metadata
Go to start of metadata

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 2 Current »

You can edit the IAM Shop settings for each application you own. Editable IAM Shop settings include the following:

  • Requestable in IAM Shop – Specifies whether users can request access to the group from the IAM Shop

  • Access Request Policy – Specifies the Access Request policy used to control access to the group and the approvals required before access is granted to the requesting person.

  • Eligible Assignees – Specifies who is eligible to request membership in the group.

  • Pre-Approved Assignees – Specifies who is pre-approved for membership in the group.

  • Suggested Assignees – Specifies who sees membership in the group as a suggested item in the IAM Shop.

Edit IAM Shop Settings

  1. Log in to Resource Admin.

  2. Select Applications from the Resource Type menu and search for the application you want to update.

  3. Click the gear icon on the application record and select Manage Application Wizard.

  4. Under Select Options, select Edit IAM Shop settings.

     

  5. Click Next.
    You should see the Edit IAM Shop Settings form.

     

  6. Update the IAM Shop settings information as needed.

 Requestable In IAM Shop

This true or false setting determines whether eligible users can request access to the application in the IAM Shop. In the below image, the setting is true. To remove the application from the IAM Shop, deselect the setting.

 Access Request Policy

This setting specifies the policy for enforcing how the system fulfills access requests for the application and whether those requests need to route for approval before being fulfilled. To change the policy, clear the current policy and then search for and select the new one.

 Eligible Assignees

This setting allows you to specify who is eligible to request access to the application. Eligible assignees can include the following:

  • Person – You can assign eligibility to individual people within your organization.

  • Group – You can assign eligibility to groups. When selected, members of those groups can request access.

  • Set Group – You can assign eligibility to Set Groups. When selected, members of those Set Groups can request access.

  • Management Role – You can assign eligibility to Management Roles. When selected, members of those Management Roles can request access.

  • Management Role Definition – You can assign eligibility to Management Role Definitions. When selected, all members of Management Roles derived from the Management Role Definition can request access.

  • Business Role and Location – You can assign eligibility to Business Roles and Locations. When selected, members of those Business Roles and Locations can request access.

 

To add eligible assignees, do the following:

  1. Under Eligible Assignees, select the assignee type from the Choose Type dropdown.

     

  2. Search for and select the appropriate assignee. For example, if assigning eligibility to a Management Role, search for and select the specific role.

  3. Click Add.

     

  4. Repeat the above steps to add other eligible assignees as needed.

 

To remove eligible assignees, do the following:

  1. Under Eligible Assignees, locate the record for the eligible assignee you want to remove.

  2. Toggle Keep to Remove.

     

  3. Repeat the above steps to remove other eligible assignees as needed.

     

 Pre-Approved Assignees

This setting allows you to specify who is pre-approved for the application. Users who are pre-approved simply need to activate their access. No further approvals are needed. Pre-approved assignees can include the following:

  • Person – You can assign pre-approval status to individual people within your organization.

  • Group – You can assign pre-approval status to groups. When selected, all members of those groups are pre-approved.

  • Set Group – You can assign pre-approval status to Set Groups. When selected, all members of those Set Groups are pre-approved.

  • Management Role – You can assign pre-approval status to Management Roles. When selected, all members of those Management Roles are pre-approved.

  • Management Role Definition – You can assign pre-approval status to Management Role Definitions. When selected, all members of Management Roles derived from the Management Role Definition are pre-approved.

  • Business Role and Location – You can assign pre-approval status to Business Roles and Locations. When selected, all members of those Business Roles and Locations are pre-approved.

 

To add pre-approved assignees, do the following:

  1. Under Pre-Approved Assignees, select the assignee type from the Choose Type dropdown.

     

  2. Search for and select the appropriate assignee. For example, if assigning pre-approval status to a Business Role and Location, search for and select the specific role and location.

     

  3. Click Add.

  4. Repeat the above steps to add other pre-approved assignees as needed.

 

To remove pre-approved assignees, do the following:

  1. Under Pre-Approved Assignees, locate the record for the assignee you want to remove.

  2. Toggle Keep to Remove.

     

  3. Repeat the above steps to remove other pre-approved assignees as needed.

     

 Suggested Assignees

This setting allows you to specify who sees the application as suggested in the IAM shop. Suggested assignees who request access to the application route through the regular approval process set by the Access Request policy for the application. Suggested assignees can include the following:

  • Person – You can assign suggested eligibility to individual people within your organization.

  • Group – You can assign suggested eligibility to groups. When selected, all members of those groups can request access.

  • Set Group – You can assign suggested eligibility to Set Groups. When selected, all members of those Set Groups can request access.

  • Management Role – You can assign suggested eligibility to Management Roles. When selected, all members of those Management Roles can request access.

  • Management Role Definition – You can assign suggested eligibility to Management Role Definitions. When selected, all members of Management Roles derived from the Management Role Definition can request access.

  • Business Role and Location – You can assign suggested eligibility to Business Roles and Locations. All members of those Business Roles and Locations can request access when selected.

To add suggested assignees, do the following:

  1. Select the assignee type from the Choose Type dropdown.

  2. Search for and select the appropriate assignee. For example, if assigning eligibility to a Set Group, search for the specific Set Group.

  3. Click Add.

  4. Repeat the above steps to add other suggested assignees as needed.

To remove suggested assignees, do the following:

  1. Under Suggested Assignees, locate the record for the assignee you want to remove.

  2. Toggle Keep to Remove.

  3. Repeat the above steps to remove other suggested assignees as needed.

  7. After making the needed updates to the IAM Shop Settings, click Next.

8. After the wizard completes the request, you should receive an Operation Execution Summary message stating the request was executed successfully.

9. Click Submit to close the summary message.

10. Click Yes or No when asked if you would like to manage another application. In this case, we are selecting No to exit the wizard.

Selecting No directs you to the Workflows page, where you can initiate other application-related workflows that you have access to run.

  • No labels