Additional configuration parameters for the IT Shop are available in One Identity Manager. The following table contains a summary of all applicable configuration parameters for the IT Shop.
Configuration parameter |
Description |
---|---|
QER | ITShop |
Preprocessor relevant configuration parameter to control the component parts for the IT Shop. If the parameter is set, the IT Shop components are available. Changes to this parameter require the database to be recompiled. If you disable the configuration parameter at a later date, model components and scripts that are not longer required, are disabled. SQL procedures and triggers are still carried out. For more information about the behavior of preprocessor relevant configuration parameters and conditional compiling, see the One Identity Manager Configuration Guide. |
QER | ITShop | AutoCloseInactivePerson |
This configuration parameter defines whether employees are removed from all customer nodes when they are permanently disabled. |
QER | ITShop | AutoDecision |
This configuration parameter controls automatic approval of IT Shop requests over several approval levels. |
QER | ITShop | AutoPublish |
General configuration parameter that defines automatic assignment of system entitlements to the IT Shop. |
QER | ITShop | AutoPublish | AADDeniedServicePlan |
Preprocessor relevant configuration parameter for automatically adding Azure Active Directory service plans to the IT Shop. If the parameter is set, all service plans are automatically assigned as products to the IT Shop. Changes to this parameter require the database to be recompiled. If you disable the configuration parameter at a later date, model components and scripts that are not longer required, are disabled. SQL procedures and triggers are still carried out. For more information about the behavior of preprocessor relevant configuration parameters and conditional compiling, see the One Identity Manager Configuration Guide. In effect in module: Azure Active Directory Module |
QER | ITShop | AutoPublish | AADDeniedServicePlan | ExcludeList |
List of all Azure Active Directory service plans that must not be automatically assigned to the IT Shop. Each entry is part of a regular search pattern and supports regular expression notation. |
QER | ITShop | AutoPublish | AADGroup |
Preprocessor relevant configuration parameter for automatically adding Azure Active Directory groups to the IT Shop. If the parameter is set, all groups are automatically assigned as products to the IT Shop. Changes to this parameter require the database to be recompiled. If you disable the configuration parameter at a later date, model components and scripts that are not longer required, are disabled. SQL procedures and triggers are still carried out. For more information about the behavior of preprocessor relevant configuration parameters and conditional compiling, see the One Identity Manager Configuration Guide. In effect in module: Azure Active Directory Module |
QER | ITShop | AutoPublish | AADGroup | ExcludeList |
List of all Azure Active Directory groups that must not be automatically assigned to the IT Shop. Each entry is part of a regular search pattern and supports regular expression notation. Example: .*Administrator.*|Exchange.*|.*Admins|.*Operators|IIS_IUSRS |
QER | ITShop | AutoPublish | AADSubSku |
Preprocessor relevant configuration parameter for automatically adding Azure Active Directory subscriptions to the IT Shop. If the parameter is set, all subscriptions are automatically assigned as products to the IT Shop. Changes to this parameter require the database to be recompiled. If you disable the configuration parameter at a later date, model components and scripts that are not longer required, are disabled. SQL procedures and triggers are still carried out. For more information about the behavior of preprocessor relevant configuration parameters and conditional compiling, see the One Identity Manager Configuration Guide. In effect in module: Azure Active Directory Module |
QER | ITShop | AutoPublish | AADSubSku | ExcludeList |
List of all Azure Active Directory subscriptions that must not be automatically assigned to the IT Shop. Each entry is part of a regular search pattern and supports regular expression notation. |
QER | ITShop | AutoPublish | ADSGroup |
Preprocessor relevant configuration parameter for automatically adding Active Directory groups to the IT Shop. If the parameter is set, all groups are automatically assigned as products to the IT Shop. Changes to this parameter require the database to be recompiled. If you disable the configuration parameter at a later date, model components and scripts that are not longer required, are disabled. SQL procedures and triggers are still carried out. For more information about the behavior of preprocessor relevant configuration parameters and conditional compiling, see the One Identity Manager Configuration Guide. In effect in modules: Active Directory Module, Active Roles Module |
QER | ITShop | AutoPublish | ADSGroup | ExcludeList |
List of all Active Directory groups that must not be automatically assigned to the IT Shop. Each entry is part of a regular search pattern and supports regular expression notation. Example: .*Administrator.*|Exchange.*|.*Admins|.*Operators|IIS_IUSRS |
QER | ITShop | AutoPublish | ADSGroup | AutoFillDisplayName |
The configuration parameter specifies whether the template should be applied to the ADSGroup.DisplayName column. |
QER | ITShop | AutoPublish | O3EDL |
Preprocessor relevant configuration parameter for automatically adding Exchange Online mail-enabled distribution groups to the IT Shop. If the parameter is set, all distribution groups are automatically assigned as products to the IT Shop. Changes to this parameter require the database to be recompiled. If you disable the configuration parameter at a later date, model components and scripts that are not longer required, are disabled. SQL procedures and triggers are still carried out. For more information about the behavior of preprocessor relevant configuration parameters and conditional compiling, see the One Identity Manager Configuration Guide. In effect in module: Exchange Online Module |
QER | ITShop | AutoPublish | O3EDL | ExcludeList |
List of all Exchange Online mail-enabled distribution groups that must not be automatically assigned to the IT Shop. Each entry is part of a regular search pattern and supports regular expression notation. Example: .*Administrator.*|Exchange.*|.*Admins|.*Operators|IIS_IUSRS |
QER | ITShop | AutoPublish | O3EUnifiedGroup |
Preprocessor relevant configuration parameter for automatically adding Office 365 groups to the IT Shop. If the parameter is set, all groups are automatically assigned as products to the IT Shop. Changes to this parameter require the database to be recompiled. If you disable the configuration parameter at a later date, model components and scripts that are not longer required, are disabled. SQL procedures and triggers are still carried out. For more information about the behavior of preprocessor relevant configuration parameters and conditional compiling, see the One Identity Manager Configuration Guide. In effect in module: Exchange Online Module |
QER | ITShop | AutoPublish | O3EUnifiedGroup | ExcludeList |
List of all Office 365 groups that must not be automatically assigned to the IT Shop. Each entry is part of a regular search pattern and supports regular expression notation. |
QER | ITShop | AutoPublish | O3TTeam |
Preprocessor relevant configuration parameter for automatically adding Microsoft Teams teams to the IT Shop. If the parameter is set, all teams are automatically assigned as products to the IT Shop. Changes to this parameter require the database to be recompiled. If you disable the configuration parameter at a later date, model components and scripts that are not longer required, are disabled. SQL procedures and triggers are still carried out. For more information about the behavior of preprocessor relevant configuration parameters and conditional compiling, see the One Identity Manager Configuration Guide. In effect in module: Microsoft Teams Module |
QER | ITShop | AutoPublish | O3TTeam | ExcludeList |
List of all Microsoft Teams teams that must not be automatically assigned to the IT Shop. Each entry is part of a regular search pattern and supports regular expression notation. |
QER | ITShop | AutoPublish | PAGUsrGroup |
Preprocessor relevant configuration parameter for automatically adding PAM user groups to the IT Shop. If the parameter is set, all user groups are automatically assigned as products to the IT Shop. Changes to this parameter require the database to be recompiled. If you disable the configuration parameter at a later date, model components and scripts that are not longer required, are disabled. SQL procedures and triggers are still carried out. For more information about the behavior of preprocessor relevant configuration parameters and conditional compiling, see the One Identity Manager Configuration Guide. In effect in module: Privileged Account Governance Module |
QER | ITShop | AutoPublish | PAGUsrGroup | ExcludeList |
List of all PAM user groups that must not be automatically assigned to the IT Shop. Each entry is part of a regular search pattern and supports regular expression notation. Example: .*Administrator.*|.*Admins|.*Operators |
QER | ITShop | AutoPublish | SPSGroup |
Preprocessor relevant configuration parameter for automatically adding SharePoint groups to the IT Shop. If the parameter is set, all groups are automatically assigned as products to the IT Shop. Changes to this parameter require the database to be recompiled. If you disable the configuration parameter at a later date, model components and scripts that are not longer required, are disabled. SQL procedures and triggers are still carried out. For more information about the behavior of preprocessor relevant configuration parameters and conditional compiling, see the One Identity Manager Configuration Guide. In effect in module: SharePoint Module |
QER | ITShop | AutoPublish | SPSGroup | ExcludeList |
List of all SharePoint groups that must not be automatically assigned to the IT Shop. Each entry is part of a regular search pattern and supports regular expression notation. Example: .*Administrator.*|Exchange.*|.*Admins|.*Operators|IIS_IUSRS |
QER | ITShop | ChallengeRoleRemoval |
General configuration parameter for dealing with role assignments that are modified by data import. Removal of role memberships can be challenged with the help of temporary requests. |
QER | ITShop | ChallengeRoleRemoval | DaysOfValidity |
This configuration parameter contains the validity period (in days) of temporary requests for challenged role memberships. |
QER | ITShop | ChallengeRoleRemoval | Department |
Temporary requests of department memberships are supported. |
QER | ITShop | ChallengeRoleRemoval | Department | Primary |
Temporary membership of the previous department is requested if changes are made to the primary membership in departments. |
QER | ITShop | ChallengeRoleRemoval | ITShopOrg |
This configuration parameter contains the product node that is assigned to the requested assignment resource. |
QER | ITShop | ChallengeRoleRemoval | Locality |
Temporary requests of location memberships are supported. |
QER | ITShop | ChallengeRoleRemoval | Locality | |
Temporary membership of the previous location is requested if changes are made to the primary membership in locations. |
QER | ITShop | ChallengeRoleRemoval | Org |
Temporary requests of business role memberships are supported. |
QER | ITShop | ChallengeRoleRemoval | Org | Primary |
Temporary membership of the previous business role is requested if changes are made to the primary membership in business roles. |
QER | ITShop | ChallengeRoleRemoval | ProfitCenter |
Temporary requests of cost center memberships are supported. |
QER | ITShop | ChallengeRoleRemoval | ProfitCenter | Primary |
Temporary membership of the previous cost center is requested if changes are made to the primary membership in cost centers. |
QER | ITShop | DecisionOnInsert |
This configuration parameter controls approval of a request the moment is it added. |
QER | ITShop | DefaultSenderAddress |
Sender's default email address for sending automatically generated notifications about requests. Replace the default address with a valid email address. Syntax: sender@example.com Example: NoReply@company.com You can enter the sender's display name in addition to the email address. In this case, ensure that the email address is enclosed in chevrons (<>). Example: One Identity <NoReply@company.com> |
QER | ITShop | Delegation |
Preprocessor relevant configuration parameter for controlling model components for delegation and role membership. Changes to the parameter require recompiling the database. If the parameter is set, delegation components are available. If you disable the configuration parameter at a later date, model components and scripts that are not longer required, are disabled. SQL procedures and triggers are still carried out. For more information about the behavior of preprocessor relevant configuration parameters and conditional compiling, see the One Identity Manager Configuration Guide. |
QER | ITShop | DeleteClosed |
This configuration parameter specifies whether closed requests are deleted. |
QER | ITShop | DeleteClosed | Aborted |
This configuration parameter specifies the maximum retention time (in days) of canceled requests. |
QER | ITShop | DeleteClosed | Dismissed |
This configuration parameter specifies the maximum retention time (in days) of denied requests. |
QER | ITShop | DeleteClosed | Unsubscribed |
This configuration parameter specifies the maximum retention time (in days) of canceled requests. |
QER | ITShop | ExceededValidUntilUnsubscribe |
The configuration parameter specifies whether requests of limited validity are unsubscribed or canceled once their limit is exceeded. If the parameter is set and the request has the status Assigned or Renewal, the request is unsubscribed if not other request exist for the product that is currently in effect. Expired requests with the status Unsubscription and Unsubscribed are no longer taken into account. Expired requests with the status approved, pending, request are canceled. If the parameter is not set, the request will be canceled in any case. |
QER | ITShop | GapBehavior |
Defines behavior when checking the validity period of new requests. |
QER | ITShop | GapBehavior | GapDefinition |
This configuration parameter specifies which requests are checked. |
QER | ITShop | GapBehavior | GapFitting |
This configuration parameter specifies whether validity periods of two or more pending requests can overlap. |
QER | ITShop | GenProcIDBehavior |
This configuration parameter specifies how many GenProcIDs should be generated for a shopping cart's requests. If the configuration parameter is not set, a separate GenProcID is generated for each shopping cart request. |
QER | ITShop | LimitOfNodeCheck |
Maximum number of product nodes that can be generated or deleted by a DBQueue Processor run. Once this number is exceeded, a task for generating the rest of the nodes is queued in the DBQueue. |
QER | ITShop | MailApproval | Account |
Name of the user account for authenticating the mailbox used for approval by mail. |
QER | ITShop | MailApproval | AppID |
Exchange Online application ID for authentication with OAuth 2.0. If the value is not set, the Basic or the NTML authentication method is used. |
QER | ITShop | MailApproval | DeleteMode |
Specifies the way emails are deleted from the inbox. |
QER | ITShop | MailApproval | Domain |
Domain of the user account for authenticating the mailbox used for approval by mail. |
QER | ITShop | MailApproval | ExchangeURI |
|
QER | ITShop | MailApproval | Inbox |
Microsoft Exchange mailbox to which approvals by mail are sent. |
QER | ITShop | MailApproval | Password |
Password of the user account for authenticating the mailbox used for approval by mail. |
QER | ITShop | MailTemplateIdents | AnswerToApprover |
This mail template is used to send a notification with an answer to a question from an approver. |
QER | ITShop | MailTemplateIdents | InformAddingPerson |
This mail template is used to notify approvers that an approval decision has been made for the step they added. |
QER | ITShop | MailTemplateIdents | InformDelegatingPerson |
This mail template is used to notify approvers that an approval decision has been made for the step they delegated. |
QER | ITShop | MailTemplateIdents | ITShopApproval |
Mail template used for requests made through "Approval by mail". |
QER | ITShop | MailTemplateIdents | QueryFromApprover |
This mail template is used to send a notification with a question from an approver to an employee. |
QER | ITShop | MailTemplateIdents | RequestApproverByCollection |
This mail template is used for generating an email when there are pending requests for an approver. If this configuration parameter is not set, a "Mail template demand" or "Mail template reminder" for single approval steps can be entered to send an email for each request. If this configuration parameter is set, single mails are not sent. |
QER | ITShop | OnWorkflowAssign |
This configuration parameter specifies how pending orders are handled when an approval, change, or cancellation workflow is reassigned to the approval policy. |
QER | ITShop | OnWorkflowUpdate |
This configuration parameter specifies how pending orders are handled when the approval workflow is changed. |
QER | ITShop | PeerGroupAnalysis |
This configuration parameter allows automatic approval of requests by peer group analysis. |
QER | ITShop | PeerGroupAnalysis | ApprovalThreshold |
This configuration parameter defines a threshold for peer group analysis between 0 and 1. The default value is 0.9. |
QER | ITShop | PeerGroupAnalysis | CheckCrossfunctionalAssignment |
This configuration parameter specifies whether functional areas should be take into account in peer group analysis. If the parameter is set, the request is only approved if the request's recipient and the requested product belong to the same functional area. |
QER | ITShop | PeerGroupAnalysis | IncludeManager |
This configuration parameter specifies whether employees can be added to the peer group who have the same manager as the request's recipient. |
QER | ITShop | PeerGroupAnalysis | IncludePrimaryDepartment |
This configuration parameter determines whether employees who are primary members of the primary department of the request's recipient are included in the peer group. |
QER | ITShop | PeerGroupAnalysis | IncludeSecondaryDepartment |
This configuration parameter determines whether employees who are a secondary members of the primary or secondary department of the request's recipient are included in the peer group. |
QER | ITShop | PersonInsertedNoDecide |
This configuration parameter specifies whether the employee that triggered the request may approve it. |
QER | ITShop | PersonOrderedNoDecide |
This configuration parameter specifies whether the employee for whom the request was triggered, may approve it. |
QER | ITShop | PersonInsertedNoDecideCompliance |
This configuration parameter specifies whether the employee who initiated the request can issue exception if compliance rules are violated by the request. |
QER | ITShop | PersonOrderedNoDecideCompliance |
This configuration parameter specifies whether the employee for whom the request was initiated can issue exception if compliance rules are violated by the request. |
QER | ITShop | ReducedApproverCalculation |
This configuration parameter specifies, which approval steps are recalculated if the IT Shop approver must be recalculated. |
QER | ITShop | ReplaceAssignmentRequestOnLeaveCU |
If an employee leaves a customer node, all assigned requests are canceled and assignment requests are converted to direct assignments. If this parameter is set, then assignment requests can be transferred to the manager or central approver group, and to the UID_PersonFallback if necessary. (Note: These employees must have approval authorization for this assignment). |
QER | ITShop | ReplaceAssignmentRequestOnLeaveCU | UID_PersonFallback |
UID_Person is an employee who is set as the fallback if no other request recipient can be found for an assignment request. This employee must be a customer in all shops in which assignments can be requested. |
QER | ITShop | ReuseDecision |
This configuration parameter specifies if approval granted by one approver to all approval steps of an approval process is transferred. If the parameter is set, the current step is approved if an approval step is reached in the approval process for which an employee with approval authorization has already granted approval. If the parameter is not set, the approver must separately approve each step for which they have approval authorization. If approval has not been granted, it is not transferred. |
QER | ITShop | ShoppingCartPattern |
This configuration parameter specifies whether request templates can be used in the IT Shop. |
QER | ITShop | ShoppingCartPattern | AutoQualified |
This configuration parameter specifies whether public request templates are automatically labeled as "shared" or whether they have to be manually shared by a manager. |
QER | ITShop | ShowClosedAssignmentOrders |
This configuration parameter specifies whether the manager of an organization or business role can view completed assignment requests for their organization or business role. If this parameter is not set, the manager can only view open assignment requests for their organization or business role. |
QER | ITShop | Templates |
Preprocessor relevant configuration parameter for controlling the database model components for the Shelf Filling Wizard. Changes to the parameter require recompiling the database. Shelf templates can be used. Changes to this parameter require the database to be recompiled. If you disable the configuration parameter at a later date, model components and scripts that are not longer required, are disabled. SQL procedures and triggers are still carried out. For more information about the behavior of preprocessor relevant configuration parameters and conditional compiling, see the One Identity Manager Configuration Guide. |
QER | ITShop | Templates | DeleteRecursive |
This configuration parameter specifies whether the recursive deletion is allowed from shelf templates. This configuration parameter is disabled by default. |
QER | ComplianceCheck | DisableSelfExceptionGranting |
Excludes rule violators from becoming exception approvers. If this parameter is set, no one can approve their own rule violations. |
QER | ComplianceCheck | EnableITSettingsForRule |
IT Shop properties for the compliance rule are visible and can be edited. |
QER | Person | Defender |
This configuration parameter specifies whether classic Starling Two-Factor Authentication integration is supported. |
QER | Person | Starling |
This configuration parameter specifies whether One Identity Starling Cloud is supported. Initiate your subscription within your One Identity on-prem product and join your on-prem solutions to our One Identity Starling cloud platform. Giving your organization immediate access to a number of cloud-delivered microservices, which expand the capabilities of your One Identity on-prem solutions. We will continuously make available new products and features to One Identity Starling. For a free trial of our One Identity Starling offerings and to get the latest product feature updates, visit cloud.oneidentity.com. |
QER | Person | Starling | UseApprovalAnywhere |
This configuration parameter defines whether requests can be approved by Starling 2FA app. |
QER | Person | Starling | UseApprovalAnywhere | SecondsToExpire |
This configuration parameter specifies the timeout in seconds after which approval by Starling 2FA app expires. |
QER | WebPortal |
General configuration parameter for Web Portal settings. |
QER | WebPortal | BaseURL |
Web Portal URL. This address is used in mail templates to add hyperlinks to the Web Portal. |
QER | WebPortal | DisplayName |
This configuration parameter contains the display name of the Web Portal. This name is used in mail templates. |
QER | WebPortal | PasswordResetURL |
Password Reset Portal URL. This address is used to navigate within the Web Portal. |
QER | WebPortal | PersonChangeWorkdesk |
This configuration parameter specifies whether Web Portal users can change their default workdesk. If the configuration parameter is set, users can relocate their workdesk through the Web Portal. |
QER | WebPortal | ShowProductImages |
This configuration parameter specifies whether pictures of products are displayed in the Web Portal. |
Hardware | Workdesk | WorkdeskAutoPerson |
If this configuration parameter is set, creating a workdesk automatically creates an associated employee object. This employee object can be used to make requests for this workstation. |
Some general configuration parameters are also relevant for the IT Shop.
Configuration parameter |
Description |
---|---|
Common | MailNotification | Signature |
Data for the signature in email automatically generated from mail templates. |
Common | MailNotification | Signature | Caption |
Signature under the salutation. |
Common | MailNotification | Signature | Company |
Company name. |
Common | MailNotification | Signature | Link |
Link to the company's website. |
Common | MailNotification | Signature | LinkDisplay |
Display text for the link to the company's website. |
Common | ProcessState |
If this configuration parameter is set, a process monitoring entry (DialogProcess table) is created when the request is created. |
Common | ProcessState | PropertyLog |
When this configuration parameter is set, changes to individual values are logged and shown in the process view. Changes to the parameter require recompiling the database. If you disable the configuration parameter at a later date, model components and scripts that are not longer required, are disabled. SQL procedures and triggers are still carried out. For more information about the behavior of preprocessor relevant configuration parameters and conditional compiling, see the One Identity Manager Configuration Guide. |
Common | ProcessState | UseGenProcIDFromPWO |
If this configuration parameter is set, the GenProcID of an IT Shop request is retained for the entirety of the approval process. If the configuration parameter is not set, a new GenProcID is used for each approval decision. |
TargetSystem | ADS | ARS_SSM |
Preprocessor relevant configuration parameter for controlling the database model components for Active Roles Self-Service Management in the One Identity Manager IT Shop. If the parameter is set, Self-Service Management components are available. Changes to this parameter require the database to be recompiled. If you disable the configuration parameter at a later date, model components and scripts that are not longer required, are disabled. SQL procedures and triggers are still carried out. For more information about the behavior of preprocessor relevant configuration parameters and conditional compiling, see the One Identity Manager Configuration Guide. In effect in module: Active Roles Module |