QER | ITShop |
Preprocessor relevant configuration parameter to control the component parts for the IT Shop. If the parameter is set, the IT Shop components are available. Changes to this parameter require the database to be recompiled.
If you disable the configuration parameter at a later date, model components and scripts that are no longer required, are disabled. SQL procedures and triggers are still carried out. For more information about the behavior of preprocessor relevant configuration parameters and conditional compiling, see the One Identity Manager Configuration Guide. |
QER | ITShop | AutoCloseInactivePerson |
This configuration parameter defines whether identities are removed from all customer nodes when they are permanently disabled. |
QER | ITShop | AutoDecision |
This configuration parameter controls automatic approval of IT Shop requests over several approval levels. |
QER | ITShop | AutoPublish |
General configuration parameter that defines automatic assignment of system entitlements to the IT Shop. |
QER | ITShop | AutoPublish | AADDeniedServicePlan |
Preprocessor relevant configuration parameter for automatically adding Azure Active Directory service plans to the IT Shop. If the parameter is set, all service plans are automatically assigned as products to the IT Shop. Changes to this parameter require the database to be recompiled.
If you disable the configuration parameter at a later date, model components and scripts that are no longer required, are disabled. SQL procedures and triggers are still carried out. For more information about the behavior of preprocessor relevant configuration parameters and conditional compiling, see the One Identity Manager Configuration Guide.
In effect in module: Azure Active Directory Module |
QER | ITShop | AutoPublish | AADDeniedServicePlan | ExcludeList |
List of all Azure Active Directory service plans that must not be automatically assigned to the IT Shop. Each entry is part of a regular search pattern and supports regular expression notation. |
QER | ITShop | AutoPublish | AADGroup |
Preprocessor relevant configuration parameter for automatically adding Azure Active Directory groups to the IT Shop. If the parameter is set, all groups are automatically assigned as products to the IT Shop. Changes to this parameter require the database to be recompiled.
If you disable the configuration parameter at a later date, model components and scripts that are no longer required, are disabled. SQL procedures and triggers are still carried out. For more information about the behavior of preprocessor relevant configuration parameters and conditional compiling, see the One Identity Manager Configuration Guide.
In effect in module: Azure Active Directory Module |
QER | ITShop | AutoPublish | AADGroup | ExcludeList |
List of all Azure Active Directory groups that must not be automatically assigned to the IT Shop. Each entry is part of a regular search pattern and supports regular expression notation.
Example:
.*Administrator.*|Exchange.*|.*Admins|.*Operators|IIS_IUSRS |
QER | ITShop | AutoPublish | AADSubSku |
Preprocessor relevant configuration parameter for automatically adding Azure Active Directory subscriptions to the IT Shop. If the parameter is set, all subscriptions are automatically assigned as products to the IT Shop. Changes to this parameter require the database to be recompiled.
If you disable the configuration parameter at a later date, model components and scripts that are no longer required, are disabled. SQL procedures and triggers are still carried out. For more information about the behavior of preprocessor relevant configuration parameters and conditional compiling, see the One Identity Manager Configuration Guide.
In effect in module: Azure Active Directory Module |
QER | ITShop | AutoPublish | AADSubSku | ExcludeList |
List of all Azure Active Directory subscriptions that must not be automatically assigned to the IT Shop. Each entry is part of a regular search pattern and supports regular expression notation. |
QER | ITShop | AutoPublish | ADSGroup |
Preprocessor relevant configuration parameter for automatically adding Active Directory groups to the IT Shop. If the parameter is set, all groups are automatically assigned as products to the IT Shop. Changes to this parameter require the database to be recompiled.
If you disable the configuration parameter at a later date, model components and scripts that are no longer required, are disabled. SQL procedures and triggers are still carried out. For more information about the behavior of preprocessor relevant configuration parameters and conditional compiling, see the One Identity Manager Configuration Guide.
In effect in modules: Active Directory Module, Active Roles Module |
QER | ITShop | AutoPublish | ADSGroup | ExcludeList |
List of all Active Directory groups that must not be automatically assigned to the IT Shop. Each entry is part of a regular search pattern and supports regular expression notation.
Example:
.*Administrator.*|Exchange.*|.*Admins|.*Operators|IIS_IUSRS |
QER | ITShop | AutoPublish | ADSGroup | AutoFillDisplayName |
The configuration parameter specifies whether the template should be applied to the ADSGroup.DisplayName column. |
QER | ITShop | AutoPublish | O3EDL |
Preprocessor relevant configuration parameter for automatically adding Exchange Online mail-enabled distribution groups to the IT Shop. If the parameter is set, all distribution groups are automatically assigned as products to the IT Shop. Changes to this parameter require the database to be recompiled.
If you disable the configuration parameter at a later date, model components and scripts that are no longer required, are disabled. SQL procedures and triggers are still carried out. For more information about the behavior of preprocessor relevant configuration parameters and conditional compiling, see the One Identity Manager Configuration Guide.
In effect in module: Exchange Online Module |
QER | ITShop | AutoPublish | O3EDL | ExcludeList |
List of all Exchange Online mail-enabled distribution groups that must not to be automatically assigned to the IT Shop. Each entry is part of a regular search pattern and supports regular expression notation.
Example:
.*Administrator.*|Exchange.*|.*Admins|.*Operators|IIS_IUSRS |
QER | ITShop | AutoPublish | O3EUnifiedGroup |
Preprocessor relevant configuration parameter for automatically adding Office 365 groups to the IT Shop. If the parameter is set, all groups are automatically assigned as products to the IT Shop. Changes to this parameter require the database to be recompiled.
If you disable the configuration parameter at a later date, model components and scripts that are no longer required, are disabled. SQL procedures and triggers are still carried out. For more information about the behavior of preprocessor relevant configuration parameters and conditional compiling, see the One Identity Manager Configuration Guide.
In effect in module: Exchange Online Module |
QER | ITShop | AutoPublish | O3EUnifiedGroup | ExcludeList |
List of all Office 365 groups that must not be automatically assigned to the IT Shop. Each entry is part of a regular search pattern and supports regular expression notation. |
QER | ITShop | AutoPublish | O3TTeam |
Preprocessor relevant configuration parameter for automatically adding Microsoft Teams teams to the IT Shop. If the parameter is set, all teams are automatically assigned as products to the IT Shop. Changes to this parameter require the database to be recompiled.
If you disable the configuration parameter at a later date, model components and scripts that are no longer required, are disabled. SQL procedures and triggers are still carried out. For more information about the behavior of preprocessor relevant configuration parameters and conditional compiling, see the One Identity Manager Configuration Guide.
In effect in module: Microsoft Teams Module |
QER | ITShop | AutoPublish | O3TTeam | ExcludeList |
List of all Microsoft Teams teams that must not be automatically assigned to the IT Shop. Each entry is part of a regular search pattern and supports regular expression notation. |
QER | ITShop | AutoPublish | PAGUsrGroup |
Preprocessor relevant configuration parameter for automatically adding PAM user groups to the IT Shop. If the parameter is set, all user groups are automatically assigned as products to the IT Shop. Changes to this parameter require the database to be recompiled.
If you disable the configuration parameter at a later date, model components and scripts that are no longer required, are disabled. SQL procedures and triggers are still carried out. For more information about the behavior of preprocessor relevant configuration parameters and conditional compiling, see the One Identity Manager Configuration Guide.
In effect in module: Privileged Account Governance Module |
QER | ITShop | AutoPublish | PAGUsrGroup | ExcludeList |
List of all PAM user groups that are not to be automatically assigned to the IT Shop. Each entry is part of a regular search pattern and supports regular expression notation.
Example: .*Administrator.*|.*Admins|.*Operators |
QER | ITShop | AutoPublish | SPSGroup |
Preprocessor relevant configuration parameter for automatically adding SharePoint groups to the IT Shop. If the parameter is set, all groups are automatically assigned as products to the IT Shop. Changes to this parameter require the database to be recompiled.
If you disable the configuration parameter at a later date, model components and scripts that are no longer required, are disabled. SQL procedures and triggers are still carried out. For more information about the behavior of preprocessor relevant configuration parameters and conditional compiling, see the One Identity Manager Configuration Guide.
In effect in module: SharePoint Module |
QER | ITShop | AutoPublish | SPSGroup | ExcludeList |
List of all SharePoint groups that must not be automatically assigned to the IT Shop. Each entry is part of a regular search pattern and supports regular expression notation.
Example:
.*Administrator.*|Exchange.*|.*Admins|.*Operators|IIS_IUSRS |
QER | ITShop | AutoPublish | OLGRole |
Preprocessor relevant configuration parameter for automatically adding OneLogin roles to the IT Shop. If the parameter is set, all roles are automatically assigned as products to the IT Shop. Changes to this parameter require the database to be recompiled.
If you disable the configuration parameter at a later date, model components and scripts that are no longer required, are disabled. SQL procedures and triggers are still carried out. For more information about the behavior of preprocessor relevant configuration parameters and conditional compiling, see the One Identity Manager Configuration Guide.
In effect in module: OneLogin |
QER | ITShop | AutoPublish | OLGRole| ExcludeList |
List of all OneLogin roles that must not be automatically assigned to the IT Shop. Each entry is part of a regular search pattern and supports regular expression notation.
Example:
.*Administrator.*|Exchange.*|.*Admins|.*Operators|IIS_IUSRS |
QER | ITShop | ChallengeRoleRemoval |
General configuration parameter for dealing with role assignments that are modified by data import. Removal of role memberships can be challenged with the help of temporary requests. |
QER | ITShop | ChallengeRoleRemoval | DaysOfValidity |
This configuration parameter contains the validity period (in days) of temporary requests for challenged role memberships. |
QER | ITShop | ChallengeRoleRemoval | Department |
Temporary requests of department memberships are supported. |
QER | ITShop | ChallengeRoleRemoval | Department | Primary |
Temporary membership of the previous department is requested if changes are made to the primary membership in departments. |
QER | ITShop | ChallengeRoleRemoval | ITShopOrg |
This configuration parameter contains the product node that is assigned to the requested assignment resource. |
QER | ITShop | ChallengeRoleRemoval | Locality |
Temporary requests of location memberships are supported. |
QER | ITShop | ChallengeRoleRemoval | Locality | Primary |
Temporary membership of the previous location is requested if changes are made to the primary membership in locations. |
QER | ITShop | ChallengeRoleRemoval | Org |
Temporary requests of business role memberships are supported. |
QER | ITShop | ChallengeRoleRemoval | Org | Primary |
Temporary membership of the previous business role is requested if changes are made to the primary membership in business roles. |
QER | ITShop | ChallengeRoleRemoval | ProfitCenter |
Temporary requests of cost center memberships are supported. |
QER | ITShop | ChallengeRoleRemoval | ProfitCenter | Primary |
Temporary membership of the previous cost center is requested if changes are made to the primary membership in cost centers. |
QER | ITShop | DecisionOnInsert |
This configuration parameter controls approval of a request the moment is it added. |
QER | ITShop | DefaultSenderAddress |
Sender's default email address for sending automatically generated notifications about requests. Replace the default address with a valid email address.
Syntax:
sender@example.com
Example:
NoReply@company.com
You can enter the sender's display name in addition to the email address. In this case, ensure that the email address is enclosed in chevrons (<>).
Example:
One Identity <NoReply@company.com> |
QER | ITShop | Delegation |
Preprocessor relevant configuration parameter for controlling model components for delegation and role membership. Changes to the parameter require recompiling the database. If the parameter is set, delegation components are available.
If you disable the configuration parameter at a later date, model components and scripts that are no longer required, are disabled. SQL procedures and triggers are still carried out. For more information about the behavior of preprocessor relevant configuration parameters and conditional compiling, see the One Identity Manager Configuration Guide. |
QER | ITShop | DeleteClosed |
This configuration parameter specifies whether closed requests are deleted. |
QER | ITShop | DeleteClosed | Aborted |
This configuration parameter specifies the maximum retention time (in days) of canceled requests. |
QER | ITShop | DeleteClosed | Dismissed |
This configuration parameter specifies the maximum retention time (in days) of denied requests. |
QER | ITShop | DeleteClosed | Unsubscribed |
This configuration parameter specifies the maximum retention time (in days) of canceled requests. |
QER | ITShop | ExceededValidUntilUnsubscribe |
The configuration parameter specifies whether requests of limited validity are unsubscribed or canceled once their limit is exceeded. If the parameter is set and the request has the status Assigned or Renewal, the request is unsubscribed if not other request exist for the product that is currently in effect. Expired requests with the status Unsubscription and Unsubscribed are no longer taken into account. Expired requests with the status approved, pending, request are canceled. If the parameter is not set, the request will be canceled in any case. |
QER | ITShop | GapBehavior |
Defines behavior when checking the validity period of new requests. |
QER | ITShop | GapBehavior | GapDefinition |
This configuration parameter specifies which requests are checked. |
QER | ITShop | GapBehavior | GapFitting |
This configuration parameter specifies whether validity periods of two or more pending requests can overlap. |
QER | ITShop | GenProcIDBehavior |
This configuration parameter specifies how many GenProcIDs should be generated for a shopping cart's requests. If the configuration parameter is not set, a separate GenProcID is generated for each shopping cart request. |
QER | ITShop | LimitOfNodeCheck |
Maximum number of product nodes that can be generated or deleted by a DBQueue Processor run. Once this number is exceeded, a task for generating the rest of the nodes is queued in the DBQueue. |
QER | ITShop | MailApproval | Account |
Name of the user account for authenticating the mailbox used for approval by mail. |
QER | ITShop | MailApproval | AppID |
Exchange Online application ID for authentication with OAuth 2.0. If the value is not set, the Basic or the NTML authentication method is used. |
QER | ITShop | MailApproval | DeleteMode |
Specifies the way emails are deleted from the inbox. |
QER | ITShop | MailApproval | Domain |
Domain of the user account for authenticating the mailbox used for approval by mail. |
QER | ITShop | MailApproval | ExchangeURI |
URL of the Microsoft Exchange web service for accessing the mailbox. If this is not given, AutoDiscover mode is used to detect the URL. |
QER | ITShop | MailApproval | Inbox |
Microsoft Exchange mailbox to which approvals by mail are sent. |
QER | ITShop | MailApproval | Password |
Password of the user account for authenticating the mailbox used for approval by mail. |
QER | ITShop | MailTemplateIdents | AnswerToApprover |
This mail template is used to send a notification with an answer to a question from an approver. |
QER | ITShop | MailTemplateIdents | InformAddingPerson |
This mail template is used to notify approvers that an approval decision has been made for the step they added. |
QER | ITShop | MailTemplateIdents | InformDelegatingPerson |
This mail template is used to notify approvers that an approval decision has been made for the step they delegated. |
QER | ITShop | MailTemplateIdents | ITShopApproval |
Mail template used for requests made through "Approval by mail". |
QER | ITShop | MailTemplateIdents | QueryFromApprover |
This mail template is used to send a notification with a question from an approver to an identity. |
QER | ITShop | MailTemplateIdents | RequestApproverByCollection |
This mail template is used for generating an email when there are pending requests for an approver. If this configuration parameter is not set, a "Mail template request" or "Mail template reminder" for single approval steps can be entered to send an email for each request. If this configuration parameter is set, single mails are not sent. |
QER | ITShop | OnWorkflowAssign |
This configuration parameter specifies how pending orders are handled when an approval, change, or cancellation workflow is reassigned to the approval policy. |
QER | ITShop | OnWorkflowUpdate |
This configuration parameter specifies how pending orders are handled when the approval workflow is changed. |
QER | ITShop | PeerGroupAnalysis |
This configuration parameter allows automatic approval of requests by peer group analysis. |
QER | ITShop | PeerGroupAnalysis | ApprovalThreshold |
This configuration parameter defines a threshold for peer group analysis between 0 and 1. The default value is 0.9. |
QER | ITShop | PeerGroupAnalysis | CheckCrossfunctionalAssignment |
This configuration parameter specifies whether functional areas should be take into account in peer group analysis. If the parameter is set, the request is only approved if the request's recipient and the requested product belong to the same functional area. |
QER | ITShop | PeerGroupAnalysis | IncludeManager |
This configuration parameter specifies whether identities can be added to the peer group who have the same manager as the request's recipient. |
QER | ITShop | PeerGroupAnalysis | IncludePrimaryDepartment |
This configuration parameter determines whether identities that are primary members of the primary department of the request's recipient are included in the peer group. |
QER | ITShop | PeerGroupAnalysis | IncludeSecondaryDepartment |
This configuration parameter determines whether identities that are a secondary members of the primary or secondary department of the request's recipient are included in the peer group. |
QER | ITShop | PersonInsertedNoDecide |
This configuration parameter specifies whether the identity that triggered the request may approve it. |
QER | ITShop | PersonOrderedNoDecide |
This configuration parameter specifies whether the identity for whom the request was triggered, may approve it. |
QER | ITShop | PersonInsertedNoDecideCompliance |
This configuration parameter specifies whether the identity that initiated the request can issue exception if compliance rules are violated by the request. |
QER | ITShop | PersonOrderedNoDecideCompliance |
This configuration parameter specifies whether the identity for whom the request was initiated can issue exception if compliance rules are violated by the request. |
QER | ITShop | Recommendation |
Threshold values for approval recommendations are defined under this configuration parameter. |
QER | ITShop | Recommendation | ApprovalRateThreshold |
This configuration parameter specifies the threshold for the approval rate. The approval rate determines the proportion of approvals for this product in previous requests that were decided with the same approval procedure. The lower the threshold, the more likely granting approval will be recommended. |
QER | ITShop | Recommendation | PeerGroupThreshold |
This configuration parameter specifies the threshold for the peer group factor. The peer group factor determines the proportion of identities in the peer group who already own the product. The lower the threshold, the more likely granting approval will be recommended. |
QER | ITShop | Recommendation | RiskIndexThreshold |
This configuration parameter specifies the threshold for the risk index of the request's recipient. The current request is already taken into account. The higher the threshold, the more likely granting approval will be recommended. |
QER | ITShop | ReducedApproverCalculation |
This configuration parameter specifies, which approval steps are recalculated if the IT Shop approver must be recalculated. |
QER | ITShop | ReplaceAssignmentRequestOnLeaveCU |
If an identity leaves a customer node, all assigned requests are canceled and assignment requests are converted to direct assignments. If this parameter is set, then assignment requests can be transferred to the manager or central approver group, and to the UID_PersonFallback if necessary. (Note: These identities must have approval authorization for this assignment). |
QER | ITShop | ReplaceAssignmentRequestOnLeaveCU | UID_PersonFallback |
UID_Person is an identity that is set as the fallback if no other request recipient can be found for an assignment request. This identity must be a customer in all shops in which assignments can be requested. |
QER | ITShop | ReuseDecision |
This configuration parameter specifies if approval granted by one approver to all approval steps of an approval process is transferred. If the parameter is set, the current step is approved if an approval step is reached in the approval process for which an identity with approval authorization has already granted approval. If the parameter is not set, the approver must separately approve each step for which they have approval authorization. If approval has not been granted, it is not transferred. |
QER | ITShop | ShoppingCartPattern |
This configuration parameter specifies whether product bundles can be used in the IT Shop. |
QER | ITShop | ShoppingCartPattern | AutoQualified |
This configuration parameter specifies whether public product bundles are automatically labeled as "shared" or whether they have to be manually shared by a manager. |
QER | ITShop | ShowClosedAssignmentOrders |
This configuration parameter specifies whether the manager of an organization or business role can view completed assignment requests for their organization or business role.
If this parameter is not set, the manager can only view open assignment requests for their organization or business role. |
QER | ITShop | Templates |
Preprocessor relevant configuration parameter for controlling the database model components for the Shelf Filling Wizard. Changes to the parameter require recompiling the database. Shelf templates can be used. Changes to this parameter require the database to be recompiled.
If you disable the configuration parameter at a later date, model components and scripts that are no longer required, are disabled. SQL procedures and triggers are still carried out. For more information about the behavior of preprocessor relevant configuration parameters and conditional compiling, see the One Identity Manager Configuration Guide. |
QER | ITShop | Templates | DeleteRecursive |
This configuration parameter specifies whether the recursive deletion is allowed from shelf templates. This configuration parameter is disabled by default. |
QER | ComplianceCheck | DisableSelfExceptionGranting |
Excludes rule violators from becoming exception approvers. If this parameter is set, no one can approve their own rule violations. |
QER | ComplianceCheck | EnableITSettingsForRule |
IT Shop properties for the compliance rule are visible and can be edited. |
QER | Person | Starling |
Specifies whether connecting to the One Identity Starling cloud platform is supported.
Initiate your subscription within your One Identity on-prem product and join your on-prem solutions to our One Identity Starling cloud platform. Giving your organization immediate access to a number of cloud-delivered microservices, which expand the capabilities of your One Identity on-prem solutions. We will continuously make available new products and features to One Identity Starling. For a free trial of our One Identity Starling offerings and to get the latest product feature updates, visit cloud.oneidentity.com. |
QER | Person | Starling | ApiEndpoint |
Token endpoint for logging in to One Identity Starling The value is determined by the Starling configuration wizard. |
QER | Person | Starling | ApiKey |
Credential string for logging in to One Identity Starling. The value is determined by the Starling configuration wizard. |
QER | Person | Starling | UseApprovalAnywhere |
This configuration parameter defines whether requests and attestation cases can be approved by adaptive cards. |
QER | Person | Starling | UseApprovalAnywhere | SecondsToExpire |
This configuration parameter specifies the time in seconds by which the adaptive card must be answered. |
QER | WebPortal |
General configuration parameter for Web Portal settings. |
QER | WebPortal | BaseURL |
API Server URL. This address is used in mail templates to add hyperlinks to the Web Portal. |
QER | WebPortal | DisplayName |
This configuration parameter contains the display name of the Web Portal. This name is used in mail templates. |
QER | WebPortal | PasswordResetURL |
Password Reset Portal URL. This address is used to navigate within the Web Portal. |
QER | WebPortal | PersonChangeWorkdesk |
This configuration parameter specifies whether Web Portal users can change their default workdesk. If the configuration parameter is set, users can relocate their workdesk through the Web Portal. |
QER | WebPortal | ShowProductImages |
This configuration parameter specifies whether pictures of products are displayed in the Web Portal. |
Hardware | Workdesk | WorkdeskAutoPerson |
If this configuration parameter is set, creating a workdesk automatically creates an associated identity. This identity can be used to make requests for this workstation. |