When you request a permission, you must specify a reason for the request. You can also specify the date that you need the permission to begin or expire.
You can request permissions in the following ways:
Select one of the Featured Items. You cannot make this request on behalf of another person.
NOTE:By default, Helpdesk Ticket permission appears in the Featured Items category. You can raise a helpdesk ticket using this permission.
Request several permissions at once.
Request a permission that is not among the Featured Items.
Perform the request on behalf of someone else.
To request only Identity Manager permissions:
(Conditional) To choose a permission from Featured Items category, select the permission.
(Conditional) To choose a non-featured request or to request several permissions, complete the following steps:
Select New Request.
(Conditional) To request access on behalf of other individuals, select Others, then specify the individual(s).
For Permissions, type the name or description matching the permission.
NOTE:To raise a helpdesk ticket, search Helpdesk Ticket in the Permissions list.
In the displayed list, select the permission(s) that you want.
Specify a reason for the request.
(Conditional) If you are requesting a role permission, specify the Effective Date and Expiration Date for the permission.
(Conditional) If you are requesting a resource permission, specify the Expiration Date for the permission.
NOTE:You can specify the Expiration Date only for the resources that have enabled expiration option. Administrators can enable expiration for the resources.
(Conditional) If required, specify additional information related to the request:
Some permissions might have secondary forms that you must complete as part of the request. For example, when requesting a laptop computer, you might need to specify the default operating system or graphics requirements.
Your organization might have two or more roles that could create security problems when assigned to the same individual. If these types of roles exist, administrators create a separation of duties (SoD) rule to constrain users from gaining access. When a user requests one of these roles while already having a conflicting role or requests two or more conflicting roles, the identity applications respond according to the SoD policies.
Conflicting roles when User is the Recipients If you request for or assign one or more conflicting roles to a user recipients, the application displays an SoD warning. To override the SOD constraint, you must provide the reason for making an exception in the Justification field.
Conflicting roles when Groups and/or Containers are the Recipients If you request for or assign one or more conflicting roles to groups and/or container recipients, the application displays a warning with a list of failed roles and SoDs conflicts. A modal window is also displayed that provides you the following information:
Recipients: Select the group or container from the list to view its affected users that are violating the SoD.
Select SoD to view details: Select the SoD from the list to view the conflicting roles and the affected users. Selection is allowed when the request is violating more than one SoD.
Conflicting Role 1 and Conflicting Role 2: Displays the roles violating the selected SoD.
Affected Users: Displays a list of affected user(s) based on the selected recipients and SoD.
Remove: Click to remove the selected recipient from the modal window.
Reset: Click to reset the original list of conflicts displayed in the modal window.
Done: Click to confirm the removal of the selected recipient from the modal window.
Select Request.
To request Identity Manager and Identity Governance permissions:
Applies only when you have enabled the Show IG Catalog in request page option in the Configuration > Identity Governance page.
Select New Request.
By default, the request for Self is displayed. The following tabs are displayed:
IDM Catalogs: Lists all the available Identity Manager roles, resources, and workflows.
IG Applications: Lists all the applications collected in the Identity Governance. You can then select the permissions associated with the selected application.
IG Technical Roles: Lists all the technical roles of the Identity Governance. Select the IG roles that you want to request for and specify a reason for requesting the role.
(Conditional) To request access on behalf of other individuals, select Others, then specify the recipients (user, group, or team) and the permission associated with the selected recipient.
Click Request to complete the request.
The Request form displays in the Form Renderer. Based on the designed form (approval,request), and the workflow, the approver needs to login and perform the required actions in Tasks tab.