BigFix is IBM's client computer management product, similar to Microsoft's ConfigMgr (SCCM). Shopping's BigFix integrations allow Shopping to serve you in much the same way as it does for ConfigMgr customers. In particular, this integration supports:

  • Administrators can set up an application in the Shopping console so that users can request it. The applications can include core details such as a description, icon, cost, licensing details, categorization, visibility restrictions, etc.
  • Users can request the applications. BigFix is automatically provided the computer name the user shopped from and the user can receive the application within minutes
    • The reception of the application is expedited by default 
  • Approvals can be used as usual, including ServiceNow or similar integration if desired
  • Shopping status is updated within minutes for the deployment including 'pending', 'installed', installed time, and 'failed' status. Users can check the status in Shopping and administrators can report the status

The integration does not support:

  • Rentals. A product change would be needed for this (another integration point)
  • OSD. This might work but it hasn't been tested. It hasn't been a customer priority so far
  • Shop on-behalf-of. This might work but hasn't been tested 

To enable BigFix with Shopping, see this page: Enabling BigFix Integration

Security Considerations

The main security considerations are:

  • BigFix REST APIs are powerful and so a BigFix "operator" account with very limited privileges is used for the BigFix operations 
    • A key means to minimize the privileges of the operator account is to create a BigFix "site" (container, essentially) and create the Shopping-related computer groups in that site (and nothing else goes in that site). The operator account is limited to only accessing that site
    • Otherwise the operator account is limited to running REST APIs and accessing actions created by other operators 
  • The BigFix database is central to BigFix so a Windows service account with limited read-only privileges is used for the BigFix status query
  • The Shopping data is central to Shopping so a Windows service account with limited privileges is used