IAM Shop User Experience
When users log in to the IAM Shop, they can view the pages and controls that their roles permit access to. (See Granting Access to the IAM Shop for a list of these roles and the access they grant.) For example, the image below shows pages and controls viewable to a user with full access to Resource Admin.
Shopping for resources
Users visit the IAM Shop to request resources for which they are eligible or to activate resource assignments they have been preapproved for. This action of requesting access to resources is referred to as creating or submitting a "Business Request." After a Business Request is submitted, EmpowerID routes it for approval according to the Approval Flow policies set up for the specifically requested resource.
The following demonstrates a typical IAM Shop user experience.
The user accesses the IAM Shop and filters the available resources to those for which that user is shopping.
The user clicks the Request Access button for a specific resource, which opens a panel with more information about the resource and options for requesting access.
Users then click Add to Cart to add the requested resource to their cart.
When ready to review the items in their carts, users click the cart icon to open the shopping cart.
When ready to submit their requests for approval, users do the following:
Enter a Business Request Name.
Optionally select a due date.
Optionally add a comment.
Click Submit.
Once successfully submitted, a window appears stating that the cart was successfully submitted with a link to track the request's status.
Clicking the link directs the user’s browser to the My Request page of the My Tasks application with the Overview card for the request open. Overview cards allow users to view details about their requests and the number of approvals needed for access to be granted.
Shopping for Resources and Risk Violations
The IAM Shop incorporates preventive risk management controls to identify potential risk violations when users request access to resources. This feature allows users to view any risk policy violations their access request may cause before submission, promoting transparency and informed decision-making. In such cases, users must acknowledge the violations to proceed with their access request.
When violations like those mentioned above are identified and submitted for approval, the requests undergo an additional layer of approval by risk owners. The risk owners can either accept the risk and implement mitigating controls or reject the risk and deny the access assignment.
Using the Manage Access Page
The Manage Access page lets users view their current access, filtered by resource type.
What can users do on this page?
Users can search for a specific resource assignment.
Users can view the details about a particular resource assignment by clicking the Details button.
Users with the authority to revoke their access to a resource can do so by clicking the Revoke button.
Users with the appropriate access can view the resources another person has access to by selecting that person in the Manage For field. Users must have access to view the person and the person’s resources to do so.
Users can view any resources they have access to that are limited to specific dates and times by toggling the Show Time Constrained button.
Users can view pending requests by clicking the View Pending Access button. Clicking the button directs the user’s browser to the My Requests View of the My Tasks application.
Users can activate login sessions for computers by clicking the Unlock button.
Using the Workflows Page
The Workflows page provides authorized users with workflows that can be initiated against a particular resource type. Users select the desired resource type and navigate to the Workflows page to view the workflows available for a resource type. The below image shows the workflows available for the Credential resource type.