Using Identity Request Management Services
Identity Request Management no longer supported
The Identity Request Management (IRM) module is no longer supported in versions 9.0 and later of BMC Service Request Management. However, IRM continues to be shipped for reference in version 9.1.00 of BMC Service Request Management.
For more information about the end of life of IRM, see Product announcements.
This topic discusses using Identity Request Management Services. With Identity Request Management requests, employees can request to obtain access rights, to unlock or enable accounts, and to change passwords. Users can also submit requests for other people.
Requests available through Identity Request Management Services
The following requests are included:
|Request Access Right||Controls access rights for yourself, people who report to you, or other people in the companies to which you have access rights.|
|Remove Access Right||Removes access right for yourself or for people who report to you.|
|Unlock Account Request||(Support team members only) Unlocks an account that was locked by a user.|
|Enable Account Request||(Support team members only) Enables an account that an administrator disabled or revoked.|
|Password Change Request|
Changes passwords of all or selected accounts. The request behavior depends on your organization's configuration.
Points to consider
Before you use this request, consider the following points:
To request access rights
- From the request catalog, select Request Access Right.
- In the Available Roles section on the Request Access Right form, filter the roles:
- In the Role field menu, select Name or Description.
- In the With field, enter text by which you want to search.
- Click Go.
- In the table of available roles, move the roles that you want to connect to the user account to the Roles to Connect list.
- To connect the selected roles, click Submit Request.
To request removal of access rights
- From the request catalog, select Remove Access Right, and click Request Now.
- On the Remove Access Right form, move the appropriate roles from the Connected Roles list to the Roles to Disconnect list.
- (Optional) In the Justification field, enter the reason why the access was removed.
- Click Submit Request.
To unlock or enable an account
- As a member of the Support team, from the request catalog, select Unlock Account Request or Enable Account Request.
The Unlock Account Request form displays the following account information:
- Account ID/Name — Name of the user account
- Target System Name — Name of the server or system where the account is registered
- Target System Type — Server or system operating system
- Disabled (revoked) — Indicates whether the account has been revoked
- Locked — Indicates whether the account is locked
- Password Required — Indicates whether you must enter a new password when the account is unlocked or enabled
- Select the check box next to each account that you want to unlock.
- If you select an account that requires a password for unlocking or enabling, enter the password in the New Password and Confirm New Password fields.
- Click Submit Request to enable the selected accounts.
To change passwords for all or selected accounts
- Review the Points to consider about the Password Change Request.
- From the request catalog, select Password Change Request.
- On the Password Change Request form, select or clear the check boxes of accounts to indicate for which accounts you want to change the password; to select all of the accounts, click Select All.
- Enter values for the following fields:
- Current Password — Enter your existing identity management backend password. (The current password is displayed. It is required only if the Password Configuration is set to enable it.)
- New Password — Enter your new password.
This password must satisfy the requirements for all the systems and applications in which you have user accounts. In addition, a history is kept of your recent passwords and will not allow you to immediately reuse a password.
- Confirm Password — Retype the new password for verification.
- Click Submit Request.
To submit requests for other people
- From the request catalog, select one of the following requests:
- Password Change Request
- Request Access Rights
- Unlock Account Request
- Enable Account Request
Remove Access Right
A menu with all the company names that the user has access to is displayed and enabled.
If you do not have access rights to other companies, but you have people who report to you and you have IRM Manager permissions, you do not see the company menu. However, you can click Person List to view the list of all the people who report to you.
- Select the company name, and click Person List.
The list of people from the company that you select appears.
- Select the person for whom you want to request access.
Use the Name Starts With field to search the list. To view all the people in all the companies that appear in the list, clear the company name and click Person List.
- Create the request from the Request Entry console.