About the IAM Shop
EmpowerID's IAM Shop is a powerful, centralized application that enables users to request access to the IT resources necessary to perform their job functions. The application's intuitive user interface allows users to view their current access and request additional resources with ease. Requests are submitted by adding desired items to the shopping cart, allowing users to initiate their own access requests for quicker fulfillment. To reduce frustration and ensure a positive user experience, the cart content is preserved even if the user navigates away from the IAM Shop.
The following illustration shows the general flow of users shopping for resources in the IAM Shop.
Navigating the IAM Shop
With access to the IAM Shop, users can request roles and other resources provided by the organization. As detailed in the below table, the IAM Shop application features various controls to accommodate users' needs. Please note that not all users will see all controls, as it depends on their access to the IAM Shop.
Control | Description |
|---|---|
Navigation Sidebar | Allows users to navigate from the IAM Shop to other EmpowerID applications |
Resource Panel | Provides a grid or card view of the resources the user can request. Each record can be clicked to open a pane containing an Overview of the request and a Process Steps view from which users can see how far along the approval process the request is. Users can view and add comments here as well. |
Shopping Cart | The shopping cart contains requested business items the user has requested but not yet submitted. Users who are shopping for themselves and others will see multiple shopping carts, one containing their items and the others containing items requested for others. |
Manage Access Page | The Manage Access page provides users with views of their current access, filtered by the selected resource type (Management Roles in the below image). Users caccess this page by selecting Manage Access. Once on the page, they can submit requests to revoke their access to a given resource item by clicking the Revoke button.
|
Workflows Page | Provides a list of workflows the current user can initiate against the selected resource type. The below image shows workflows that can be initiated against groups. Users must have access to the page and the right to initiate the workflows to see them in the IAM Shop. |
Filter Pane | Provides filters to allow users to selectively filter the resources they see. |
Filters | |
Resource Type | Filter available resources by resource type. Available resource types include:
|
Shopping For | Shop for yourself or another person. |
Show Only Pre-Approved | Filter to show only resources user is pre-approved to receive via Eligibility policies. This filter appears only when shopping for groups, Business Roles, Management Roles, and computers. |
Suggest Additional Resources | Filter to show additional resources suggested for the user via Eligibility policies. This filter appears only when shopping for groups, Business Roles, and Management Roles. |
Target System | Filters available Application Roles based on the selected Account Store Type and/or Account Store.
|
Applications | Filter to show only the groups or roles that can be requested for a specific application. This filter appears only when shopping for groups, Business Roles, and Management Roles. |
Business Domains | Filter available roles by Business Domain. This filter appears only when shopping for Business Roles and Management Roles. |
Business Functions | Filter available groups and roles by Business Functions. This filter appears only when shopping for groups, Business Roles, and Management Roles.
|
Rights | Filter available roles by external system rights granted to those roles. This filter appears only when shopping for groups, Business Roles, and Management Roles. |
Application Processes | Filters available groups based on the selected process. This filter appears only when shopping for groups. |
Shop by Reference Person | Filters available resources to show only those given to the referenced person. This is useful for quickly requesting access to the same resources of the referenced person. The user shopping must be able to view the reference person and have the same eligibility to see that person’s resources. |
Advanced Search | Provides advanced search capabilities to further filter resources. |
The architecture of the IAM Shop Microservice
The IAM Shop microservice is a pre-built application that includes several protected subcomponents, which are the building blocks of the microservice. Each subcomponent comprises the individual pages and controls that users interact with to access the features of the IAM Shop. Each subcomponent essentially functions as an independent application, allowing its access to be modified for users via their Access Level assignments. This flexibility streamlines customization, enabling the addition and removal of subcomponents directly from EmpowerID's web interface.
The below table lists some common subcomponents configured with the default IAM Shop microservice in EmpowerID:
| 1 | Type | Display Name | Description | Application Resource GUID |
| 2 | Control | Azure License Pool Control IT Shop | Control that lets users filter Azure licenses against a specific Azure license pool. | 829ac800-6fe9-4ce6-b2a1-f45d14518bbf |
| 3 | Control | Business Roles Advanced Search Control IT Shop | Control that lets users utilize Advanced Search when shopping for eligible Business Roles. | 24f98fbc-3e57-4965-a6fa-791569f59292 |
| 4 | Control | Local Sensitive Functions Grid Control IT Shop | Control that lets users see a list of local sensitive functions for a given application, Business Role or Management Role. | 0d069d60-4ff9-44f1-abf5-62860a3da140 |
| 5 | Control | Shared Folders Unc Path Control IT Shop
| Control that lets users filter shared folders they are eligible to request against a specific unc path. | 5894a2b2-6676-463e-b210-454811822773 |
| 6 | Control | Target System Control IT Shop
| Control that lets users filter the groups they are eligible to request against a specific account store type or account store. | 098dd81c-c109-449c-913e-56cd529b542a |
| 7 | Control | TCodes Grid Control IT Shop | Control that lets users view a list of transaction codes for a given application, Business Role or Management Role. | f0fe2ba3-3fd5-41b0-bb0a-f06ca0660384 |
| 8 | Control | Application Processes Control IT Shop
| Control that lets users search for groups against a specific application process | 45a073dc-dbd5-45b4-9823-c611fc5f9bec |
| 9 | Control | Application Roles Account Store Attribute Control IT Shop | Control that lets users see the account store for groups. | 1b3e4579-cdd8-48e3-bd35-6c5f4aaf1e2d |
| 10 | Control | Application Roles Advanced Search Control IT Shop
| Control that lets users utilize the Advanced Search option for groups. | c53978dc-5966-4c8f-82c0-982dc60bffb7 |
| 11 | Control | Application Roles Applications Control IT Shop
| Control that lets users filter the groups they are eligible for based on group applications. | d4b00b50-8a8a-4691-b9be-a2b81c00013b |
| 12 | Control | Application Roles Business Functions Control IT Shop | Control that lets users see the Business Functions filter on the Groups page. | 45c8f8ff-4abe-461c-bf66-c88a05c2cc02 |
| 13 | Control | Application Roles Granted Grid Control IT Shop | Control that lets users see the list of groups granted. | f86f9c28-6f23-40d2-a8e1-62c4089f51ae |
| 14 | Control | Application Roles High Level Classification Attribute Control IT Shop | Control that users see the high level classification of a group. | 8be9e3b7-90fd-4e53-81e1-2a8bfe65677c |
| 15 | Control | Application Roles Name Attribute Control IT Shop | Control that lets users see the name of a group. | e4d97e73-e271-4d98-8f14-6d757886c2ab |
| 16 | Control | Application Roles Owners Attribute Control IT Shop | Control that lets users see the owners of a group. | 6d4dd9f8-9c47-4b85-a2be-dfe67ca659b6 |
| 17 | Control | Application Roles Resource System Attribute Control IT Shop | Control that lets users see the resource system of a group. | f5f44c32-fa7d-4591-be83-31a7e9e6f04d |
| 18 | Control | Application Roles TCode Control IT Shop | Control that lets users search groups via TCode. | 29e9c44d-2ff8-4385-bb7c-2504059fc61f |
| 19 | Control | Applications Grid Control IT Shop | Control that lets users see the list of applications. | 4a70f07f-ec3e-4a50-af6c-fa1b45fd5ae2 |
| 20 | Control | Azure Admin Roles Advanced Search Control IT Shop | Control that lets users utilize Advanced Search on Azure Admin Roles. | 31e84699-a30e-4e6b-b596-3c67f1768400 |
| 21 | Control | Azure Admin Roles Global Functions Control ITShop | Control that lets users filter Azure admin roles by global functions. | 799bc995-4970-4a61-b0f2-3ada6020c1e5 |
| 22 | Control | Azure Admin Roles Resource System Attribute Control IT Shop | Control that lets users see the resource system of Azure admin roles. | 130ecb3a-7fde-4c52-a769-b56a27233854 |
| 23 | Control | Azure Admin Roles Role Group Type Attribute Control IT Shop | Control that lets users see the role group type of Azure admin roles | fd7f9a7c-175b-489f-b06b-287e673b5b2a |
| 24 | Control | Azure Admin Roles Role Type Attribute Control IT Shop | Control that lets users see the role type of Azure admin roles. | 47660631-8bc4-4724-9d51-948621dba14a |
| 25 | Control | Azure Admin Roles Role Types Control IT Shop | Control that lets users filter Azure admin roles by role type. | 01bc26db-6559-4cc6-871b-32af41bde8de |
| 26 | Control | Azure Admin Roles Tenants Control IT Shop | Control that lets users filter Azure admin roles by tenant. | 6fde230f-4dc0-4283-84ee-d773792f6382 |
| 27 | Control | Azure License Service Plans Section Control IT Shop | Control that lets users see the Azure License Service Plans section in detail view | bbc41813-0c45-4cc6-a22e-6a68a4e712e4 |
| 28 | Control | Azure Licenses Advanced Search Control IT Shop | Control that lets users utilize the Advanced Search on Azure Licenses. | 08d72ac2-57aa-4d2c-9c5c-33e9e059033d |
| 29 | Control | Azure Licenses License Pool Attribute Control IT Shop | Control that lets users see the license pool of the Azure licenses. | 029eb744-6c2f-407d-af43-e73e1c7be2b7 |
| 30 | Control | Azure Licenses Licensed Assignee Attribute Control IT Shop | Control that lets users see the licensed assignee of the Azure licenses. | 4685637c-256a-45c3-842e-edf48cadcabb |
| 31 | Control | Azure Licenses Name Attribute Control IT Shop | Control that lets users see the name of the Azure licenses. | f2604e7e-df64-4593-afd2-1ab5b078c062 |
| 32 | Control | Azure Licenses Price Per Unit Attribute Control IT Shop | Control that lets users see the price per unit of the Azure licenses. | 195f56bb-0b91-47b9-be32-7fa6f61647b9 |
| 33 | Control | Azure Licenses Resource System Attribute Control IT Shop | Control that lets users see the resource system of the Azure licenses. | 56e136ec-b75e-47aa-a8f4-fd57769ee9b5 |
| 34 | Control | Azure Licenses Tenant Subscription Attribute Control IT Shop | Control that lets users see the tenant subscription of the Azure licenses. | a87f204b-69e8-4aba-9dbc-c439ec1d2d12 |
| 35 | Control | Azure Licenses Tenants Control IT Shop | Control that lets users filter Azure licenses against a specific tenant. | d9515288-f659-411c-a160-154569f2dfe4 |
| 36 | Control | Azure Rbac Roles Global Functions Control ITShop | Control that lets users filter Azure RBAC roles by global functions. | 629eb9af-c796-4e73-a128-ad414549abe8 |
| 37 | Control | Azure Rbac Roles Role Types Control IT Shop | Control that lets users filter Azure RBAC roles by role type. | 3d343ff8-cde9-4492-9100-0596f7519614 |
| 38 | Control | Azure Roles Applications Control IT Shop | Control that lets users filter Azure roles based on applications. | ea57e24e-9067-40d5-a291-ac36a2ed6010 |
| 39 | Control | Azure Subscription Control IT Shop | Control that lets users filter Azure licenses against a specific subscription. | e64ac2cf-2755-47f4-a016-40dc06bf6e14 |
| 40 | Control | Business Domains Control IT Shop | Control that lets users search for Business Roles against a specific business domain. | 82c21d02-1786-4650-9a5c-c844c4a98134 |
| 41 | Control | Business Functions Control IT Shop | Control that lets users search for Business Roles against a specific business function. | 7e811a70-057a-42df-bdfa-75bd022a4cce |
| 42 | Control | Business Roles Applications Control IT Shop | Control that lets users filter Business Roles based on applications. | 6e0c8868-fdd7-4a78-95ab-66a568438513 |
| 43 | Control | Business Roles Business Functions Control IT Shop | Control that lets users see the Business Functions filter on the Business Roles page. | 4b8dd0b4-8ad1-42c1-89e4-6976d1fb5afc |
| 44 | Control | Business Roles High Level Classification Attribute Control IT Shop | Control that lets users see the High Level Classification attribute of Business Roles. | d66673a6-7786-4129-a06d-018c7c5534d4 |
| 45 | Control | Business Roles Name Attribute Control IT Shop | Control that lets users see the Name attribute of Business Roles. | be83af20-7105-4608-88ef-076f21a84770 |
| 46 | Control | Business Roles Owners Attribute Control IT Shop | Control that lets users see the Owners of Business Roles. | 9f0161e4-3727-48d7-a97a-90365816af76 |
| 47 | Control | Business Roles Parent Business Role Attribute Control IT Shop | Control that lets users see the parent Business Role of Business Roles. | e6a72be9-afd5-4402-ac83-97118313630b |
| 48 | Control | Business Roles Role Approvers Attribute Control IT Shop | Control that lets users see the Role Approvers of Business Roles. | 119b923a-08f5-464f-ab2c-9552286864eb |
| 49 | Control | Business Roles TCode Control IT Shop | Control that lets users search for Business Roles via TCode. | 588efa11-41da-4078-b8a1-be31f328f57f |
| 50 | Control | Cart Due Date Control IT Shop | Control that lets users set a due date for cart items. | da3bb867-42a5-4ef5-a38c-1d238fbbb493 |
| 51 | Control | Computer Operating System Control IT Shop | Control that lets users filter computers by operating system. | 17e3fea4-881a-4a49-8e3f-7645ef062e52 |
| 52 | Control | ComputerCapability Control IT Shop | Control that let user filter computers based on capabilities. | a9853de6-c684-4cd4-9a82-1136cf682566 |
| 53 | Control | Computers Active Sessions Filter IT Shop | Control that lets users filter computers based on active sessions. | 7687d34c-eed8-4710-8560-1d3509f47f48 |
| 54 | Control | Computers Advanced Search Control IT Shop | Control that lets users utilize the Advanced Search to search for computers. | bcd6559d-c5b2-4974-b299-abd56cc91153 |
| 55 | Control | Computers Computer Control IT Shop
|