Services simplify entitlement management. A service bundles together all the entitlements - tasks, roles, groups, and attributes - a user needs for a given business role. Services are available to the user through Access request tasks in the CA IdentityMinder User Console. Access request tasks enable a user or administrator to request, assign, revoke and renew a service.
Services allow an administrator to combine user entitlements into a single package, which are managed as a set. For example, all new Sales employees need access to a defined set of tasks and accounts on specific endpoint systems. They also need specific information added to their user account profiles. An administrator creates a service named Sales Administration, containing all the required tasks, roles, groups, and profile attribute information for a new Sales employee. When an administrator assigns the Sales Administration service to a user, that user receives the entire set of roles, tasks, groups and account attributes that are defined by the service.
Another way users can access services is to request access themselves. In the User Console, each user has a list of services available for their request. This list is populated with services marked as "Self Subscribing" by an administrator with the appropriate privileges, typically during service creation. From the list of available services, users can request access to the services they need. When the user requests access to a service, the request is fulfilled automatically, and the associated entitlements are assigned to the user immediately. An administrator with the appropriate privileges can also configure service fulfillment to require workflow approval, or to generate email notifications.
The following diagram shows the information to understand, and the steps to perform, to create a service.
The following topics explain how to create a service and make it available to users:
In the User Console, when the user clicks My Access, then Request & View Access, the user sees a list of services available for their request. The services that appear in this list are those marked "Self Subscribing" by an administrator with the appropriate privileges, typically during service creation.
|Copyright © 2012 CA. All rights reserved.||