Table 8: Configuration parameter for approval decisions about URL links
VI_ITShop_Approvals _InteractiveApproval |
Requires consultation with the user before approval. This key is a SQL filter condition on the "AccProduct" table. |
Product fulfills filter condition |
Approval is not done directly. Displays form for confirming the approval decision. |
Product does not fulfill filter condition |
Approval decision is made when the page is called. Approvers receive a message that the approval decision has been entered into the system. |
An approval decision about a request can be made by opening a URL that is sent in an email, for example.
Cases that use this type of messaging for request approvals are special service items, which are required for informing the user about the approval decision. Approvals through these service items are not permitted without prior consultation.
To prevent a approval by URL link
- Open the Web Designer.
- Open a module and search for "VI_ITShop_Approvals_InteractiveApproval".
- Select the configuration parameter "VI_ITShop_Approvals_InteractiveApproval".
- In the Node editor, set the value to true.
A user-specific process is a process that is specifically configured for tracing by the user. It enables status tracking and confirmation of a processing result to the Web Portal.
A user who is logged on to the Web Portal can see all processes that they have initiated. The value in the XUserInserted column corresponds to the user who is currently logged on. A process can only be generated from within a session of the current logged on user if it is to be identified as a user-specific process.
The user-specific processes are displayed in the Web Portal in the My Processes view. For more information, see the One Identity Manager Web Designer Web Portal User Guide.
This section only covers the configuration for displaying the process information in the Web Portal. For more detailed information about process monitoring, recording process information, and the configuration of processes and process steps, see the One Identity Manager Configuration Guide.
Configuration recommendations for the recording of user-specific processes
- In the Designer, check the Common | ProcessState configuration parameter. The configuration parameter must be set.
-
In the Designer, check the Common | ProcessState | JobHistory configuration parameter. The configuration parameter must be set. As a value for the configuration parameter, select ERRORorSELECTED or SELECTED.
NOTE: The value ALL also takes into account the notifications from the process history. However, this setting can lead to an extremely large data volume.
- In the Designer, check the Common | ProcessState | ProgressView configuration parameter. The configuration parameter must be set and should have the value 2.
- In the Designer, check the Common | ProcessState | ProgressView | LifeTime and Common | ProcessState | JobHistory | LifeTime configuration parameters. These configuration parameters define the retention time of the process information and notifications in the process history. The configuration parameters must be set. Adjust the retention times if necessary. By default, the information is stored for 30 days before it is removed from the database.
- In the Designer, configure the processes and process steps for recording process information.
- In the Process information property for a process, select the value Web Portal tracking.
- In the Process information property for the process steps, select the value Web Portal tracking. Enable the Process history option.
- Use user-friendly informative display values for the processes and process steps. To do this, enter the formatting rules for the process information of processes and process steps.
Users who are not yet registered have the option to register themselves to use the Web Portal and to create new accounts. Users who self-register, receive a verification email with a link to a verification page. On this page, users can complete registration themselves and then set their initial login password.
NOTE: To use this functionality, new users must supply an email address, otherwise the verification email cannot be sent.
NOTE: For more information about self-registration of new users in the Web Portal and associated attestation process, see the One Identity Manager Attestation Administration Guide.
To configure self-registration
-
Start the Designer program.
-
Connect to the relevant database.
-
Configure the following configuration parameters:
NOTE: For more information about editing configuration parameters in the Designer, see the One Identity Manager Configuration Guide.
-
QER | WebPortal | PasswordResetURL: Specify the Password Reset Portal's web address. This URL is used, for example, in the email notification to new users.
-
QER | Attestation | MailTemplateIdents | NewExternalUserVerification:
By default, the verification message and link is sent with the Attestation - new external user verification link mail template.
To use another template for this notification, change the value in the configuration parameter.
TIP: In the Designer, you can configure the current mail template in the Mail templates > Person category. For more information about mail templates, see the One Identity Manager Operational Guide.
-
QER | Attestation | ApproveNewExternalUsers: Specify whether self-registered users must be attested before they are activated. A manager then decides whether to approve the new user's registration.
-
QER | Attestation | NewExternalUserTimeoutInHours: For new self-registered users, specify the duration of the verification link in hours.
-
QER | Attestation | NewExternalUserFinalTimeoutInHours: Specify the duration in hours, within which self-registration must be successfully completed.
-
Assign at least one identity to the Identity & Access Governance | Attestation | Attestor for external users application role.