Services simplify entitlement management. A Service bundles together all the entitlements a user needs for a given business role. Services are available to the user through Access Request tasks in the User Console. Access Request tasks enable a user or administrator to request, assign, revoke and renew a Service through the user interface.
Services allow a system administrator to combine user activities and information - tasks, roles, groups, and attributes - into a single package, which are managed as a set. For example, all new Sales employees need access to a defined set of tasks, accounts on specific endpoint systems, and specific information added to their user account profiles. A system administrator creates a service named Sales Administration, containing all the required tasks, roles, groups, and profile attribute information for a new Sales employee. When an administrator assigns the Sales Administration service to a user, that user receives the entire set of roles, tasks, groups and account attributes that are defined by the service.
Another way users can access services is to request access themselves. In the User Console, each user has a list of services available for their request. This list is populated with services marked as "Self Subscribing" by a system administrator with the appropriate privileges, typically during service creation. From the list of available services, users can request access to the services they need. When the user requests access to a service, the request is fulfilled automatically. The associated tasks, roles, groups and attributes are assigned to the user immediately. A CA IdentityMinder administrator with the appropriate privileges can also configure service fulfillment to require workflow approval, or to generate email notifications.
The following diagram shows the information to understand, and the steps to perform, to make services available to users.
You can make services available to users using the following methods:
In the CA IdentityMinder User Console, when the user clicks My Access, then Request & View Access, the user sees a list of services available for their request. The services that appear in this list are those marked "Self Subscribing" by a CA IdentityMinder administrator with the appropriate privileges, typically during service creation.
When the user requests access, the system assigns the service to the user. The user receives all applications, roles, groups and attributes associated with the service. If the service includes a Launch Role for an application, an icon and a link to the application appear in the User Console Home page.
Copyright © 2013 CA.
All rights reserved.
|
|