This document describes details of the Client Admin configuration to be created so that the configured users can view the self-service requests and reports on behalf of others. These subjects are covered:

Client Admin Introduction

The Client Admin feature enables advanced users or IaaS Client Administrators to view and manage features such as user requests and reports in the Admin tab in Self-Service. The advanced users or IaaS Client Administrators can be specific individuals or user groups who are part of the IaaS Client Administrators user group - a security policy user group.

The Client Admin configuration determines the capabilities of the Advanced users when they log into Self-Service and select the Admin tab. Only IaaS Client Administrators defined in the Client Admin configuration can view the Events, User Match Task and /or Reports features in the Admin tab in Self- Service.

Client Admin Overview

The main components of Client Admin are Events, Users Match and Reports..

Users Match

The purpose of the Users Match sub tab in Self-Service is to enable IaaS Client Administrators to view the status of user match requests for a specific group of users or all users, and to take action on a pending request. Therefore, the IaaS Client Administrators, their access permissions (view or manage requests) and the user or user groups whose requests are to be managed by the IaaS Client Administrators are all configured in the Users Match section of the Client Admin.

Events

The purpose of the Events sub tab in Self-Service is to enable IaaS Client Administrators to view the status of requests for a specific group of users or all users, and to stop or restart a pending request. Therefore, the IaaS Client Administrators, their access permissions (view or manage requests) and the user or user groups whose requests are to be managed by the IaaS Client Administrators are all configured in the Events section of the Client Admin.

Reports

The purpose of the Reports sub tab is to enable IaaS Client Administrators to perform a variety of report management functions such as creating, managing, scheduling, and execution of reports. Therefore, the users or user groups responsible for report management and the reports that are required for report generation and report management are configured in the Reports section of the Client Admin.

Exclusive Client Admin configurations can be created for either the Events or Reports feature or a combined configuration containing both Events and Reports features. In the event of multiple Client Admin configurations, only one configuration can be designated as the default. When a user qualifies for more than one Client Admin configuration then the default will be used. Therefore, it is recommended to configure the default with minimal rights when multiple configurations exist.

Compliance

The purpose of the Compliance sub tab is to enable IaaS Client Administrators to start compliance job from self service UI. The users or user groups responsible for compliance job management are configured in the Compliance Jobs section of the Client Admin configuration.

Client Admin Configuration

In order for a user or user group to have Client Administrator privileges enabling access to the Admin tab in Self-Service, they must qualify for the security policy IaaS Client Administration. Adding the user to the IaaS Client Administrators user group will qualify the user for the IaaS Client Administration policy. For a user group to qualify for the IaaS Client Administration policy, create a condition for group membership of the required user group, then create a rule referring to this condition. Finally, add this rule as a dynamic filter to the IaaS Client Administrators user group.

Client Admin for Events

In the Admin UI, select the Self-Service tab, and select Client Admin from the Function menu. The IaaS Client Administration View page displays. Click the Add button, the IaaS Client Administration Detail (Add New) page displays:
Enter the Name and Description for the Client Admin configuration. The Name field is mandatory.
The 3 sub sections under Events are listed below. To configure the subsections under Events section,

Click '+' preceding Events. The functionalities of sub sections are detailed below
1. View Requests on behalf of - Users/groups configured in this section ONLY will be able to view the Request tab under Admin_Events (Self-service UI), where all the self-service events will be displayed.
2. Administrators having Access to Notification Events - Users/groups configured in this section ONLY will be able to view the Notification tab under Admin->Events (Self-service UI). where all the Notification events will be displayed.
3. Administrators having Access to Provisioning Events - Users/Groups configured in this section ONLY will be able to view the Provisioning Events tab under Admin->Events (Self- service UI). where all the Provisioning events will be displayed.
  
  Note: Admin tab will be displayed for a user in self-service, only if that user qualifies for any of the three subsections
To configure the Events section, click + preceding Events.
Click the Add button under the Events section. A new row displays.
The User Type and User fields together define users whose request can be viewed and managed by the Client Administrator. In the User Type field, select Group or Dynamic from the drop-down list.
Under the User field, click the Select button:
- If the selected User Type is Group, then the User Group View page displays. Select the desired user group from the User Group View page
- If the selected User Type is Dynamic, the Self-Service Configuration Dynamic Beneficiary Filter page displays. Define a dynamic filter to determine the users whose requests are to be managed by the IaaS Client Administrators. The filter can be defined based on the profile attributes of the user.
- The Admin Type and Admin fields together define who has the privilege to view and/or manage the requests for the users selected. In the Admin Type field, select User or User Group from the drop-down list.
Under the Admin field, click the Select button:
- If the selected Admin Type is User, then the Requestor Search page displays. Select the desired user from the Requestor Search page.
- If the selected User Type is Group, then the User Group View page displays. Select the desired user group from the User Group View page.
Note: Ensure that the user or user group selected qualifies for the IaaS Client Administration
In the Manage field, click the check box to enable the manage permission. If the manage permission is not enabled, the Client Administrator can only view the requests.
Enter the desired Description.
Click Add to save the configuration.

Client Admin for Reports

In the Admin UI, select the Self-Service tab, and select Client Admin from the Function menu. The IaaS Client Administration View page displays. Click the Add button, the IaaS Client Administration Detail (Add New) page displays.
Enter the Name and Description for the Client Admin configuration. The Name field is mandatory.
To configure the Reports section, click + preceding Reports.
1. The Admin Type and Admin fields together define who have the privilege to view, execute, or manage the report schedules.
1. To enable Client Administrators to use the report feature in Self- Service, follow the steps below.
2. Click the Add button. A new row displays.
3. In the Admin Type field, select User or Group from the drop-down list
  1. Under the Admin field, click the Select button.
    If the selected Admin Type is User, then the Requestor Search page displays. Select the desired user from the Requestor Search page.
  2. If the selected User Type is Group, then the User Group View page displays. Select the desired user group from the User Group View page.
    Note: Ensure that the user or user group selected qualifies for the IaaS Client Administration security policy.

Enter the desired Description.

To add reports that can be used by the above configured Client Administrators in the Report feature in Self-Service, follow the steps below.
1. Click the Add button under the Report section.
2. Select the required reports. The selected Reports are displayed under the Reports section.
3. Enter the desired Comments.
Click the Add button to save the configuration.

Client Admin for User Match

In the Admin UI, select the Self-Service tab, and select Client Admin from the Function menu. The IaaS Client Administration View page displays. Click the Add button, the IaaS Client Administration Detail (Add New) page displays.
Enter the Name and Description for the Client Admin configuration. The Name field is mandatory.
To configure the UsersMatch section, click + preceding UsersMatch.
The User Type and User fields together define users whose request can be viewed and managed by the Client Administrator. In the User Type field, select "All Users" or Dynamic from the drop- down list.
Under the User field, click the Select button:

If the selected User Type is Dynamic, the Self-Service Configuration Dynamic Beneficiary Filter page displays. Define a dynamic filter to determine the users whose requests are to be managed by the IaaS Client Administrators. The filter can be defined based on the profile attributes of the user.

6. The Admin Type and Admin fields together define who have the privilege to view, execute, or manage the usermatch Events.

7. Under the Admin field, click the Select button:

If the selected Admin Type is User, then the Requestor Search page displays. Select the desired user from the Requestor Search page.
If the selected User Type is Group, then the User Group View page displays. Select the desired user group from the User Group View page.

Note: Ensure that the user or user group selected qualifies for the IaaS Client Administration security policy

8. In the Manage field, click the check box to enable the manage permission. If the manage permission is not enabled, the Client Administrator can only view the requests.

9. Enter the desired description.

10. Click Add to save the configuration.

Client Admin for Compliance

In the Admin UI, select the Self-Service tab, and select Client Admin from the Function menu. The IaaS Client Administration View page displays. Click the Add button, the IaaS Client Administration Detail (Add New) page displays.
Enter the Name and Description for the Client Admin configuration. The Name field is mandatory.
To configure the Compliance Jobs section, click +/- preceding Compliance Jobs to expand/ collapse section.
The Admin Type and Admin fields together define a rule which defines who have the privilege to run any compliance job.
Under the Admin field, click the Select button:

If the selected Admin Type is User, then the Requestor Search page displays. Select the desired user from the User Search page.
If the selected User Type is Group, then the User Group View page displays. Select the desired user group from the User Group View page.

Note: Ensure that the user or user group selected qualifies for the IaaS Client Administration security policy.

6. Enter the desired Description for each rule created.

A section with static and dynamic member configured is shown below for reference.

A user who qualifies for the compliance job configuration will be able to see the Admin Tab. The user can click the compliance sub tab and see the jobs listed. Users who qualify can start a compliance job of their choice from this list. The user can also search and sort against the list of compliance jobs.

Modifying Client Admin Configuration

In the IaaS Client Administration View page, click the Name of any Client Admin configuration. The IaaS Client Administration Details (Update) page displays.
1. The Name and Description can be modified as desired.
2. Under the Events section, users or user groups can be added, modified, or removed. In addition, the users or user groups can be granted permission to manage the events by checking the Manage check box corresponding to the admin.
3. Under the Reports section, users or user groups can be added, modified, or removed. Reports can be added or removed as desired.
Click Update. In the IaaS Client Administration View page, this message displays:
Configuration modified successfully.