Previous Topic: Managed Services (Basic Access Requests)

Next Topic: Understand Service Creation

Creating a Service

Services simplify entitlement management. A service bundles together all the entitlements - tasks, roles, groups, and attributes - a user needs for a given business role. Services are available to the user through Access request tasks in the CA IdentityMinder User Console. Access request tasks enable a user or administrator to request, assign, revoke and renew a service.

Services allow an administrator to combine user entitlements into a single package, which are managed as a set. For example, all new Sales employees need access to a defined set of tasks and accounts on specific endpoint systems. They also need specific information added to their user account profiles. An administrator creates a service named Sales Administration, containing all the required tasks, roles, groups, and profile attribute information for a new Sales employee. When an administrator assigns the Sales Administration service to a user, that user receives the entire set of roles, tasks, groups and account attributes that are defined by the service.

Another way users can access services is to request access themselves. In the User Console, each user has a list of services available for their request. This list is populated with services marked as "Self Subscribing" by an administrator with the appropriate privileges, typically during service creation. From the list of available services, users can request access to the services they need. When the user requests access to a service, the request is fulfilled automatically, and the associated entitlements are assigned to the user immediately. An administrator with the appropriate privileges can also configure service fulfillment to require workflow approval, or to generate email notifications.

The following diagram shows the information to understand, and the steps to perform, to create a service.

This diagram illustrates the steps required to create a service.

The following topics explain how to create a service and make it available to users:

  1. Understand Service Creation.
  2. Begin Service Creation.
  3. Define the Service Profile.
  4. Define Admin Policies for the Service.
  5. Define Owner Rules for the Service.
  6. Define Prerequisites for the Service.
  7. Configure Email Notification for Service Renewal.
  8. Understand Fulfillment and Revocation Actions.
  9. Define Fulfillment and Revocation Actions for the Service.
  10. Allow users to request access to services.

    In the User Console, when the user clicks My Access, then Request & View Access, the user sees a list of services available for their request. The services that appear in this list are those marked "Self Subscribing" by an administrator with the appropriate privileges, typically during service creation.

  11. Assign a Service Directly to a User.
  12. Confirm the Service Assignment.