IAM Shop Overview

Owned by Phillip Hanegan
Last updated: Jul 09, 2023
6 min read

The IAM Shop makes requesting access to resources easy. Instead of navigating the Web site looking for a specific resource – like an application, a role, or a group – you can go to the IAM Shop. The IAM Shop lets you quickly see what resources you currently have access to and shop for more. You simply search for what you want and put it in your cart. Once an item is placed in the cart, it stays until you check out or remove it. In this way, you can go about your business, navigating away from the IAM Shop without losing the contents of your cart. When you are ready to submit your request for access (known as a business request in EmpowerID), review the items in your cart, add a reason for requesting those items and click Submit. Your requests route for approval – to managers and, if necessary, other designated approvers.



Navigating the IAM Shop

When you log in to the IAM Shop, you can see the pages and controls you have access to. In the below image, the logged-in user has full access to the IAM Shop and can see all pages and controls. Depending on your access, you may or may not see everything shown.

 

The IAM Shop application includes the following controls. Depending on your access to the IAM Shop, you may not see all controls listed in the table.

Control

Description

Control

Description

Navigation Sidebar

Allows you to navigate from the IAM Shop to other EmpowerID applications

Resource Panel

Provides a grid or card view of the resources you can request. Each record can be clicked to open a pane containing an Overview of the request and a Process Steps view from which you can see how far along the approval process the request is. You can view and add comments here as well.

Shopping Cart

The shopping cart contains requested business items you have requested but not yet submitted. If you are shopping for yourself and another person, you will see two shopping carts, one containing your items and the other containing items requested for the other person.

Manage Access Page

The Manage Access page provides views of your current access, filtered by the selected resource type (Management Roles in the below image). You access this page by selecting Manage Access. Once on the page, you can submit requests to revoke your access to a given resource item by clicking the Revoke button.

 

Workflows Page

Provides a list of workflows you can initiate against the selected resource type. The below image shows workflows that can be initiated against groups. You must have access to the page and the right to initiate the workflows to see them in the IAM Shop.

Filter Pane

Provides filters to selectively filter the resources you see.

Filters

Resource Type

Filter available resources by resource type. Available resource types include:

  • Groups

  • Business Roles

  • Applications

  • Azure Licenses

  • Azure Roles

  • Management Roles

  • Mailboxes

  • Shared Folders

  • Computers

  • Credentials

Shopping For

Shop for yourself or another person.

Show Only Pre-Approved

Filter to show only resources you are pre-approved to receive via Eligibility policies. This filter appears only when shopping for groups, Business Roles, Management Roles, and computers.

Suggest Additional Resources

Filter to show additional resources suggested for you via Eligibility policies. This filter appears only when shopping for groups, Business Roles, and Management Roles.

Target System

Filters available Application Roles based on the selected Account Store Type and/or Account Store.

  • Select Account Store Type allows you to filter groups to display only those belonging to Account Stores configured with the selected Account Store Type.

  • Select Account Store allows you to filter groups to display only those belonging to the selected Account Store. The filter is used in conjunction with the selected Account Store Type filter to display groups belonging to the selected account store. Groups existing in other account stores are excluded.

     

Applications

Filter to show only the groups or roles that can be requested for a specific application. This filter appears only when shopping for groups, Business Roles, and Management Roles.

Business Domains

Filter available roles by Business Domain. This filter appears only when shopping for Business Roles and Management Roles.

Business Functions

Filter available groups and roles by Business Functions. This filter appears only when shopping for groups, Business Roles, and Management Roles.

 

Rights

Filter available roles by external system rights granted to those roles. This filter appears only when shopping for groups, Business Roles, and Management Roles.

Application Processes

Filters available groups based on the selected process. This filter appears only when shopping for groups.

Shop by Reference Person

Filters available resources to show only those given to the referenced person. This is useful for quickly requesting access to the same resources of the referenced person. You must be able to view the reference person and have the same eligibility to see that person’s resources.

Advanced Search

Provides advanced search capabilities to further filter resources.


Using the Manage Access Page

The Manage Access page lets you view your current access, filtered by role type. When you navigate to the page, the default view you see is a grid view with records of your current Business Roles. Each record includes a Details button that you can click to open an Overview pane containing more information about the requested resource. The below image shows the default view of the Manage Access page for a user with one Business Role.

 

What can I do on this page?

  • You can search for a specific resource assignment.

  • You can view the details about a particular resource assignment by clicking the Details button.

  • If authorized, you can revoke your access to a resource by clicking the Revoke button.

     

  • If authorized, you can view the resources another person has access to by selecting that person in the Manage For field. You must have access to view the person and the person’s resources to do so.

     

  • You can view any resources you have access to that are limited to specific dates and times by toggling the Show Time Constrained button.

  • You can view pending requests by clicking the View Pending Access button. Clicking the button directs your browser to the My Requests View of the My Tasks application.

  • You can activate login sessions for computers by clicking the Unlock button.

Using the Workflows Page

The Workflows page provides authorized users with workflows that can be initiated against a particular resource type. Select the desired resource type and navigate to the Workflows page to view the workflows available for a resource type. The below image shows the workflows available for the Credential resource type.

Â