To request roles and resources, click>
Before requesting permissions, review the following considerations:
You might be able to request access on behalf of another user. For example, if you are a team manager, you usually can act on behalf of team members. The process is the same, except you must specify that the request is forinstead of .
Do not use punctuation when specifying a permission that you want to request. If the name of the permission you want to request includes punctuation, omit the punctuation when searching.
Different permissions require different information, depending on how the administrator has configured the permission form. If the permission requires detailed information, the Dashboard redirects you to a separate window when you select the permission.
You can request multiple permissions at the same time.
However, if the permission form for one of the requests requires special types of information, you might not be able to include that permission in a multi-permission request. To request multiple permissions at once, the request forms for the various requests cannot require detailed information.
You can specify the expiry date while requesting for a resource or a role.
When you request a permission, you must specify a reason for the request. You can also specify the date that you need the permission to begin or expire.
You can request permissions in the following ways:
Select one of the. You cannot make this request on behalf of another person.
NOTE:By default,permission appears in the category. You can raise a helpdesk ticket using this permission.
Request several permissions at once.
Request a permission that is not among the.
Perform the request on behalf of someone else.
To request only Identity Manager permissions:
(Conditional) To choose a permission fromcategory, select the permission.
(Conditional) To choose a non-featured request or to request several permissions, complete the following steps:
(Conditional) To request access on behalf of other individuals, select, then specify the individual(s).
NOTE:As a team manager if you request permissions on behalf of other team members, you cannot individually select requesters from a group that is included in the team's recipients list. Thetab in the field will display the logged-in team manager and other user recipients in the team.
For, type the name or description matching the permission.
NOTE:To raise a helpdesk ticket, searchin the list.
In the displayed list, select the permission(s) that you want.
Specify a reason for the request.
(Conditional) If you are requesting a role permission, specify theand for the permission.
(Conditional) If you are requesting a resource permission, specify thefor the permission.
NOTE:You can specify theonly for the resources that have enabled expiration option. Administrators can enable expiration for the resources.
(Conditional) If required, specify additional information related to the request:
Some permissions might have secondary forms that you must complete as part of the request. For example, when requesting a laptop computer, you might need to specify the default operating system or graphics requirements.
Your organization might have two or more roles that could create security problems when assigned to the same individual. If these types of roles exist, administrators create a separation of duties (SoD) rule to constrain users from gaining access. When a user requests one of these roles while already having a conflicting role or requests two or more conflicting roles, the identity applications respond according to the SoD policies.
Conflicting roles when User is the Recipients If you request for or assign one or more conflicting roles to a user recipients, the application displays an SoD warning. To override the SOD constraint, you must provide the reason for making an exception in thefield.
Conflicting roles when Groups and/or Containers are the Recipients If you request for or assign one or more conflicting roles to groups and/or container recipients, the application displays a warning with a list of failed roles and SoDs conflicts. A modal window is also displayed that provides you the following information:
Recipients: Select the group or container from the list to view its affected users that are violating the SoD.
Select SoD to view details: Select the SoD from the list to view the conflicting roles and the affected users. Selection is allowed when the request is violating more than one SoD.
Conflicting Role 1 and Conflicting Role 2: Displays the roles violating the selected SoD.
Affected Users: Displays a list of affected user(s) based on the selected recipients and SoD.
Remove: Click to remove the selected recipient from the modal window.
Reset: Click to reset the original list of conflicts displayed in the modal window.
Done: Click to confirm the removal of the selected recipient from the modal window.
Applies only on two conditions namely, when you have enabled the option in the > page and when you request permission for .
IDM Catalogs: Lists all the available Identity Manager roles, resources, and workflows.
IG Applications: Lists all the applications collected in the Identity Governance. You can then select the permissions associated with the selected application.
IG Technical Roles: Lists all the technical roles of the Identity Governance. Select the IG roles that you want to request for and specify a reason for requesting the role.
For more information, click on the Dashboard.