Identity Manager 9.2 - Installation Guide

Start the Launchpad and log in to the One Identity Manager database.
In the Installation overview pane, select the Configure vendor notification entry and click Run.

This starts the Designer and opens the Configuration Parameter Editor.
Disable the Common | MailNotification | VendorNotification configuration parameter.
Select the Database > Commit to database and click Save.

Setting up the email notification system

One Identity Manager sends email notifications about various actions taken within the system. Thus, various notifications are sent to requester and approver within the request process. In the same way, notifications about attestation cases are sent or reports delivered by email. Notifications are sent when an actions is successfully or unsuccessfully run during process handling.

You can implement custom notifications in addition to predefined notification processes.

To use the notification system

In the Launchpad, in the Configuration section, select Configure email connection.
Click Run.
On the home page of the Mail Configuration Wizard, click Next.
On the Create connection to the SMTP server page, configure the SMTP server connection to use for sending emails.
- To test the user account data, click Test connection.
SMTP connection properties
- SMTP Server: SMTP server for sending email notifications. If a server is not given, localhost is used.
- User name: User account name for authentication on an SMTP server.
- Domain: User account domain for authentication on the SMTP server.
- Password and Password repeat: User account password for authentication on the SMTP server.
- Port: Port of the SMTP service on the SMTP server. Default: 25
- Transport encryption: Encryption method for sending email notifications. If none of the following options are given, the port is used to define the behavior (port 25: no encryption, port 465: with SSL/TLS encryption).
  
  Permitted values are:
  - Auto: Identifies the encryption method automatically.
  - SSL: Encrypts the entire session with SSL/TLS.
  - STARTTLS: Uses the STARTTLS mail server extension. Switches TLS encryption after the greeting and loading the server capabilities. The connection fails if the server does not support the STARTTLS extension.
  - STARTTLSWhenAvailable: Uses the STARTTLS mail server extension if available. Switches on TLS encryption after the greeting and loading the server capabilities, however, only if it supports the STARTTLS extension.
  - None: No security for the transport layer. All data is sent as plain text.
- Accept self-signed certificates: Specifies whether self-signed certificates for TLS connections are accepted.
- Allow server name mismatch in certificates: Specifies whether server names that do not match are permitted by certificates for TLS connections.
On the Define SMTP Job servers page, select at least one Job server to take on the SMTP server functionality.
On the Email settings page, you can define the default email address of a sender and a recipient as well as the layout of the email.
Email properties
- Recipient address: Default email address of the recipient of the notifications.
- Sender address: Sender's default email address for sending automatically generated notifications.
  
  Syntax:
  
  sender@example.com
  
  Example:
  
  NoReply@company.com
  
  You can enter the sender's display name in addition to the email address. In this case, ensure that the email address is enclosed in chevrons (<>).
  
  Example:
  
  One Identity <NoReply@company.com>
- Language code: Default language used to send email notifications if a language cannot be determined for a recipient.
- Language: Default language for sending email notifications.
- Font: Default font for email notifications.
- Font size: Default font size for email notifications.
- Signature: Signature under the salutation.
- Company: Company name.
- Link: Link to the company's website.
- Link display: Display text for the link to the company's website.
On the Data security page, you can configure the data security settings.
Data security settings
- Certificate thumbprint: SHA1 thumbprint of the certificate to use for the signature. This can be in the computer's or the user's certificate store.
  
  NOTE: Ensure that the private key in the certificate is marked as exportable.
  
  If you want to use a digital signature, enable Certificate thumbprint and specify the thumbprint.
- Encryption: Specifies whether emails are encrypted. If you enable this function, additional settings are shown.
- Domain controller: Domain controller of the requested domain to use.
- Domain: Distinguished name of the domain to request.
- User account:User account for querying Active Directory.
- Password and Password repeat: Password of the user account.
On the Email notifications about requests page, make any changes to the general settings for email notifications about requests. In addition, define whether the Approval by mail feature can be used for requests. If you enable this feature, the settings you need are shown.
Settings for email notifications about requests
- Sender address: Sender's default email address for sending automatically generated notifications.
  
  Syntax:
  
  sender@example.com
  
  Example:
  
  NoReply@company.com
  
  You can enter the sender's display name in addition to the email address. In this case, ensure that the email address is enclosed in chevrons (<>).
  
  Example:
  
  One Identity <NoReply@company.com>
- Daily notifications about pending approvals: Specifies whether approvers only receive emails once a day if there are requests awaiting their approval decisions.
  
  If this option is not set, approvers immediately receive an email once a request is available for approval. Set this option to reduce the number of email notifications. This will mean that you cannot use the Approval by mail feature.
  
  TIP: To use a template other than the default one for this, change the value in the QER | ITShop | MailTemplateIdents | RequestApproverByCollection configuration parameter in the Designer.
- IT Shop approval by mail: Specifies whether the Approval by mail feature can also be used for approving requests. If you enable the feature, adjust the required settings. Then you cannot use the Daily notifications about pending approvals feature.
- User name: Name of the user account for authenticating the mailbox used for approval by mail.
- Domain: Domain of the user account for authenticating the mailbox used for approval by mail.
- Password and Password repeat: Password of the user account for authenticating the mailbox used for approval by mail.
- Web service URL:
- Mailbox: Microsoft Exchange mailbox to which approvals by mail are sent.
- Delete behavior: Specifies the way emails are deleted from the inbox.
- Application ID: Exchange Online application ID for authentication with OAuth 2.0. If the value is not set, the Basic or the NTML authentication method is used.
On the Email notifications about attestation page, make any changes to the general settings for email notifications about attestations. In addition, define whether the Approval by mail feature can be used for attestations. If you enable this feature, the settings you need are shown.
Settings for email notifications about attestation
- Sender address: Sender's default email address for sending automatically generated notifications.
  
  Syntax:
  
  sender@example.com
  
  Example:
  
  NoReply@company.com
  
  You can enter the sender's display name in addition to the email address. In this case, ensure that the email address is enclosed in chevrons (<>).
  
  Example:
  
  One Identity <NoReply@company.com>
- Daily notifications about pending approvals: Specifies whether attestors only receive emails once a day if there are attestation cases awaiting their approval decisions.
  
  If this option is not set, attestors immediately receive an email once an attestation case is available for approval. Set this option to reduce the number of email notifications. Then you cannot use the Approval by mail feature.
  
  TIP: To use a template other than the default one for this, change the value in the QER | Attestation | MailTemplateIdents | RequestApproverByCollection configuration parameter in the Designer.
- Attestation by mail: Specifies whether the Approval by mail feature can be used. If you enable the feature, adjust the required settings. Then you cannot use the Daily notifications about pending approvals feature.
- User name: Name of the user account for authenticating the mailbox used for approval by mail.
- Domain: Domain of the user account for authenticating the mailbox used for approval by mail.
- Password and Password repeat: Password of the user account for authenticating the mailbox used for approval by mail.
- Web service URL:
- Mailbox: Microsoft Exchange mailbox to which approvals by mail are sent.
- Delete behavior: Specifies the way emails are deleted from the inbox.
- Application ID: Exchange Online application ID for authentication with OAuth 2.0. If the value is not set, the Basic or the NTML authentication method is used.
On the Report subscriptions page, you can change the default settings for report subscriptions.
Report subscription settings
- Sender address: Sender's default email address for sending automatically generated notifications about report subscriptions. Replace the default address with a valid email address.
  
  Syntax:
  
  sender@example.com
  
  Example:
  
  NoReply@company.com
  
  You can enter the sender's display name in addition to the email address. In this case, ensure that the email address is enclosed in chevrons (<>).
  
  Example:
  
  One Identity <NoReply@company.com>
- Default report template: Default report that is used as a template for creating simple list reports.
- Store subscription: Specifies whether subscribed reports are saved in a repository. If you enable the feature, adjust the required settings.
- Report storage share: Path to the repository for subscribed reports. Syntax: \\<Server>\<Share>
- Storage life time (days) Maximum retention period (in days) that a report is available in the storage share. After this period, reports are deleted.
On the Email notifications about actions in the target system page, you can enter an email address for notifying about actions in the target system. This might be error or success messages about changes in the target system.
Target system notification settings
- <Target system type>: Specifies whether email notifications are sent with error or success messages about changes in target systems of this type. If you enable the feature, enter the email address to send notifications to.
On the last page of the Mail Configuration Wizard, click Finish.

In addition, other configuration parameters could be required for different notification processes. Enable these in the Designer. Some configuration parameters are only available if the module is installed.

Table 20: Additional configuration parameters for mail notification
Configuration parameter	Meaning
Common \| InternationalEMail	Specifies whether international domain names and unicode characters are supported in email addresses. IMPORTANT: The mail server must also support this function. If necessary, you must override the script VID_IsSMTPAddress
Common \| MailNotification \| Encrypt \| EncryptionCertificateScript	This configuration parameter contains the script that supplies a list of encrypted certificates (default: QBM_GetCertificates).
Common \| MailNotification \| NotifyAboutWaitingJobs	Specifies whether a message should be sent if the process steps have a particular status in the Job queue.
Common \| MailNotification \| SMTPUseDefaultCredentials	Specifies which credentials are used for authentication on the SMTP server. If this parameter is set, the One Identity Manager Service login credentials are used for authentication on the SMTP server. If the configuration parameter is not set, the login data defined in the Common \| MailNotification \| SMTPDomain and Common \| MailNotification \| SMTPAccount or Common \| MailNotification \| SMTPPassword configuration parameters is used. (Default)
Common \| MailNotification \| VendorNotification	Email address of your company's contact person. The email address is used as the return address for notifying vendors. If the configuration parameter is set, One Identity Manager generates a list of system settings once a month and sends the list to One Identity. This list does not contain any personal data. You can check the latest system information at any time by selecting Help > Info in the menu. The list will be reviewed by our customer support team, who will look for material changes in a proactive effort to identify potential issues before they materialize on your system. The lists may be used by our R&D staff for analysis, diagnosis, and replication for testing purposes. We will keep and refer to this information for as long as your company remains on support for this product.
TargetSystem \| ADS \| MemberShipRestriction \| MailNotification	Default email address for sending warning emails.

Installing and configuring the One Identity Manager Service

The One Identity Manager Service handles defined processes. The service has to be installed on the One Identity Manager network server to run the processes. The server must be declared as a Job server in the One Identity Manager database.

Setting up a Job server requires the following steps:

Create an entry for the Job server in the One Identity Manager database.
Specify the machine roles and server functions for the Job server.

Installation packages to be installed on the Job server are found, depending on the selected machine roles. The server function defines the functionality of a server in One Identity Manager. One Identity Manager processes are handled with respect to the server function.
Install the One Identity Manager Service.
Configure the One Identity Manager Service.
Start the One Identity Manager Service.

For more information about using the One Identity Manager Service, see the One Identity Manager Configuration Guide.

NOTE: On Linux operating systems, use of oneidentity/oneim-job docker images is recommended.

Setting up Job servers

Each Job server within the network must have a unique queue identifier. The process steps are requested by the Job queue using exactly this queue name:

A Job server must be known in the One Identity Manager database for each queue.
Enter this queue name in the One Identity Manager Service configuration file.

There are several methods for setting up a Job server:

For the initial schema installation with the Configuration Wizard, you already set up a Job server with the SQL processing server and Update server server functions. Use the Configuration Wizard to configure the service and install it on a server.
To configure further Job servers, use the Server Installer program.

Using the Server Installer, you create the Job server with its machine roles and server functions in the database. Use the Server Installer to configure the service and install it on a server.
You can create Job servers in the Designer.

Use the Designer, to create a Job server with the machine roles and server functions, configure the service on the server and install the service remotely. For more information, see the One Identity Manager Configuration Guide.
Alternatively, you can use the installation wizard to install the service components on the server and then configure the service using the Job Service Configuration program. For detailed information about configuring the One Identity Manager Service, see the One Identity Manager Configuration Guide.
If the Common | Jobservice | AutoCreateServerFromQueues configuration parameter is enabled, in response to queries from the One Identity Manager Service for unknown queues, new Job servers are created in the database. Information about machine roles and server functions is transferred to the database.

NOTE: If you subsequently change server functions for a Job server in the database, for example using the Designer, the system checks whether the required components are installed on the server, and updates the server if necessary. To enable this, automatic software updates must be active.

Identity Manager 9.2 - Installation Guide

Disabling vendor notification

Related topics

Setting up the email notification system

Related topics

Installing and configuring the One Identity Manager Service

Related topics

Setting up Job servers

Related topics

Please select your product:

To serve you better, please complete the Purpose of your Chat:

Recommended Solutions for Your Problem

Identity Manager 9.2 - Installation Guide

Disabling vendor notification

Related topics

Setting up the email notification system

Related topics

Installing and configuring the One Identity Manager Service

Related topics

Setting up Job servers

Related topics