Tchater maintenant avec le support
Tchattez avec un ingénieur du support

Active Roles 8.2 - Administration Guide

Introduction Getting started with Active Roles Configuring rule-based administrative views Configuring role-based administration Configuring rule-based autoprovisioning and deprovisioning
Configuring Provisioning Policy Objects
User Logon Name Generation E-mail Alias Generation Exchange Mailbox AutoProvisioning Group Membership AutoProvisioning Home Folder AutoProvisioning Property Generation and Validation Script Execution O365 and Azure Tenant Selection AutoProvisioning in SaaS products
Configuring Deprovisioning Policy Objects
User Account Deprovisioning Group Membership Removal User Account Relocation Exchange Mailbox Deprovisioning Home Folder Deprovisioning User Account Permanent Deletion Office 365 Licenses Retention Group Object Deprovisioning Group Object Relocation Group Object Permanent Deletion Script Execution Notification Distribution Report Distribution
Configuring entry types Configuring a Container Deletion Prevention policy Configuring picture management rules Managing Policy Objects Checking for policy compliance Deprovisioning users or groups Restoring deprovisioned users or groups Configuring policy extensions
Using rule-based and role-based tools for granular administration Workflows
About workflow processes Workflow processing overview Workflow activities overview Configuring a workflow
Creating a workflow definition for a workflow Configuring workflow start conditions Configuring workflow parameters Adding activities to a workflow Configuring an Approval activity Configuring a Notification activity Configuring a Script activity Configuring an If-Else activity Configuring a Stop/Break activity Configuring an Add Report Section activity Configuring a Search activity Configuring CRUD activities Configuring a Save Object Properties activity Configuring a Modify Requested Changes activity Enabling or disabling an activity Enabling or disabling a workflow Using the initialization script
Approval workflow Email-based approval Automation workflow Activity extensions
Temporal Group Memberships Group Family Dynamic groups Active Roles Reporting Management History Entitlement profile Recycle Bin AD LDS data management One Identity Starling Join and configuration through Active Roles Managing One Identity Starling Connect Configuring linked mailboxes with Exchange Resource Forest Management Configuring remote mailboxes for on-premises users Migrating Active Roles configuration with the Configuration Transfer Wizard Managing Skype for Business Server with Active Roles
About Skype for Business Server User Management Active Directory topologies supported by Skype for Business Server User Management User Management policy for Skype for Business Server User Management Master Account Management policy for Skype for Business Server User Management Access Templates for Skype for Business Server Configuring the Skype for Business Server User Management feature Managing Skype for Business Server users
Exchanging provisioning information with Active Roles SPML Provider Monitoring Active Roles with Management Pack for SCOM Configuring Active Roles for AWS Managed Microsoft AD Azure AD, Microsoft 365, and Exchange Online Management
Azure tenant types and environment types supported by Active Roles Using Active Roles to manage Azure AD objects Unified provisioning policy for Azure M365 Tenant Selection, Microsoft 365 License Selection, Microsoft 365 Roles Selection, and OneDrive provisioning Changes to Active Roles policies for cloud-only Azure objects
Managing the configuration of Active Roles
Connecting to the Administration Service Managed domains Using unmanaged domains Evaluating product usage Creating and using virtual attributes Examining client sessions Monitoring performance Customizing the Console Using Configuration Center Changing the Active Roles Admin account Enabling or disabling diagnostic logs Active Roles Log Viewer
SQL Server replication Using regular expressions Administrative Template Configuring federated authentication Communication ports and URLs used by Active Roles Integrating Active Roles with other products and services Active Roles Language Pack Active Roles Diagnostic Tools Active Roles Add-on Manager

Configuring an Approval activity

The task of configuring an Approval activity includes the following steps:

  • Choose approvers and configure escalation: You have to specify, at a minimum, a list of approvers for the initial approver level. Active Roles first assigns approval tasks to the approvers of that level. You can configure additional approver levels to enable escalation of approval tasks.

  • Choose properties for the approver to review, supply or change: You can list the object properties that the approver must supply when performing the approval tasks (request for additional information), and choose whether the approver is allowed to view or change the object properties that are submitted for approval (review request).

  • Customize the pages for performing the approval task: You can customize the header of the approval task page by choosing the task title and object properties to be included in the header, and configure custom action buttons in addition to the default action buttons (Approve and Reject).

  • Configure notification: You can choose the workflow events to notify of, specify the notification recipients and delivery options, and customize the notification message.

This section provides instructions on the following configuration procedures:

For more information on how to configure notification settings, see Configuring a Notification activity.

Configuring approvers

A valid approval rule must, at a minimum, specify a list of approvers for the initial approver level. Active Roles first assigns the approval task to the approvers of that level. You can configure additional approver levels to enable escalation of approval tasks.

To specify approvers for the initial approver level

  1. In the Active Roles Console tree, expand Configuration > Policies > Workflow, and select the workflow containing the Approval activity you want to configure.

    This opens the Workflow Designer in the Details pane, representing the workflow definition as a process diagram.

  2. In the process diagram, right-click the name of the Approval activity and click Properties.

  3. In the Properties dialog, navigate to the Approvers tab.

  4. Verify that the Initial approver - level 0 item is selected in the Select approver level to configure box.

  5. Click Designate approvers.

  6. On the Approvers Selection page, select check boxes to specify approvers.

  7. If you have selected These users or groups, use the Add and Remove buttons to configure the list of approvers.

If you enable escalation on the initial approver level (see Configuring escalation), then you have to specify approvers for escalation level 1 (the escalation level subsequent to the initial approver level). Active Roles supports up to 10 escalation levels, each containing a separate list of approvers. If you enable escalation on a given escalation level, then you have to specify approvers for the subsequent escalation level.

To specify approvers for a certain escalation level

  1. In the Select approver level to configure list, click the escalation level you want to configure.

    To configure a particular escalation level, you must first specify approvers and enable escalation on the preceding approver level.

  2. Click Designate approvers.

  3. On the Approvers Selection page, select check boxes to specify approvers.

  4. If you have selected These users or groups, use the Add and Remove buttons to configure the list of approvers.

The selection of approvers can be based on the Manager or Managed By property:

  • By selecting the Manager of person who requested operation check box, you configure the Approval activity so that the operations requested by a given user require approval from the manager of that user. With this option, the operation initiated by the user submits the approval task to the person specified as the manager of the user in the directory.

  • By selecting the Manager of operation target object or Manager of Organizational Unit where operation target object is located check box, you configure the Approval activity so that the changes to a given object require approval from the manager of that object or from the manager of the OU containing that object, respectively. With these options, the operation requesting changes to a given object submits the approval task to the person specified as the manager of the object or OU in the directory.

  • By selecting the Secondary owners of operation target object check box, you configure the Approval activity so that the changes to the operation target object require approval from any person who is designated as a secondary owner of that object. Secondary owners may be assigned to an object, in addition to the manager (primary owner), to load balance the management of the object.

  • By selecting the Manager of person being added or removed from target group check box, you configure the Approval activity so that the addition or removal of an object from the operation target group requires approval from the manager of that object. For example, given a request to add a user to the operation target group, this option causes the Approval activity to submit the approval task to the person specified as the manager of the user in the directory.

When you specify approvers for an escalation level, additional options are available:

  • Manager of approver of preceding level: Use this option to escalate the approval task to the manager of the user or group that is designated as an approver on the preceding approver level. Suppose a given user is an initial approver, and escalation is enabled on the initial approver level. When escalation occurs, the approval task will be assigned to the manager of that user.

  • Secondary owner of approver of preceding level: Use this option to escalate the approval task to the secondary owner of the user or group that is designated as an approver on the preceding approver level. Suppose a given group is an initial approver, and escalation is enabled on the initial approver level. When escalation occurs, the approval task will be assigned to the secondary owner of that group.

The selection of approvers may also be based on a script function that chooses the approver when the Approval activity is being executed. The function may access properties of objects involved in the operation, analyze the properties, and return an identifier of the user or group to be selected as an approver.

Configuring escalation

An Approval activity may define multiple approver levels, each containing a separate list of approvers. Active Roles uses approver levels when escalating time-limited approval tasks. For each approver, level the Approval activity can specify a certain time period. If an approver of a given level does not complete the approval task within the specified time period, then Active Roles assigns the task to the approvers of the next level. This process is called escalation.

A valid Approval activity must specify a list of approvers for the initial approver level. Active Roles first assigns the approval task to the approvers of that level. To enable escalation, a separate list of approvers must be specified for the subsequent escalation level.

To configure escalation on the initial approver level

  1. Specify approvers for the initial approver level (for instructions, see Configuring approvers).

  2. Verify that the Initial approver - level 0 item is selected in the Select approver level to configure box.

  3. Select one or both of these options:

    • Approval task has a time limit of <number> days <number> hours: Specify the time period within which the initial approver has to complete the approval task.

    • Allow approver to escalate approval task: When selected, allows the approvers of the initial level to reassign their approval tasks to the approvers of escalation level 1.

  4. If you have selected only the first option (a time limit for the task), then select the Escalate approval task to Escalation level 1 option. Otherwise, escalation is not enabled.

  5. In the Select approver level to configure box, click Escalation level 1.

  6. Specify approvers for escalation level 1 (for instructions, see Configuring approvers).

Active Roles allows up to 10 escalation levels, each containing a separate list of approvers. You can configure escalation levels one after another to create an escalation chain. Thus, after you have configured escalation on the initial approver level, you can configure escalation on escalation level 1, then you can configure escalation on escalation level 2, and so on. As a result, you could achieve the following sequence of events:

  • If the initial approvers do not complete the approval task on time, then the task is assigned to the approvers of escalation level 1.

  • If the approvers of escalation level 1 do not complete the approval task within their time frame, the task is assigned to the approvers of escalation level 2 with the new time limit. This escalation chain may contain up to 10 escalation levels.

To configure escalation on a certain escalation level

  1. In the Select approver level to configure list, click the escalation level you want to configure.

    To configure a particular escalation level, you must first specify approvers and enable escalation on the preceding approver level.

  2. Select one or both of these options:

    • Approval task has a time limit of <number> days <number> hours: Specify the time period within which the initial approver has to complete the approval task.

    • Allow approver to escalate approval task: When selected, allows the approvers of the current level to reassign their approval tasks to the approvers of the next level.

  3. If you have selected only the first option (a time limit for the task), then select the Escalate approval task to Escalation level <number> option. Otherwise, escalation is not enabled.

  4. In the Select approver level to configure box, click the item representing the subsequent escalation level.

    For example, if you are configuring escalation level 1, click the Escalation level 2 list item.

  5. Specify approvers for the subsequent escalation level (for instructions, see Configuring approvers).

NOTE: Each approver level has separate configuration, so the escalation options of a specific level apply only to that level. Therefore, each approver level has a separate time limit, the option that determines whether to escalate the approval task after the time limit has expired, and whether the approvers of that level are allowed to escalate the approval task manually.

Configuring request for additional information

You can configure the Approval activity so that the approver is requested to supply certain properties of the object when performing the approval task. Suppose the creation of a user is submitted for approval. The approver may be requested to supply certain properties of the user in addition to the the properties specified in the creation request. Thus, you may configure the Approval activity to prompt the approver to specify the mailbox database for the mailbox of the user to be created.

To configure request for additional information

  1. Navigate to the Request for information tab in the Properties dialog for the Approval activity.

  2. Add the desired properties to the Request the approver to supply or change these properties list.

When performing the Approval task, the approver will be prompted to supply or change the properties presented in that list. The approver can provide the requested information in the Approval section of the Web Interface, under the Supply or change the following properties heading on the Object Properties tab of the Approval Task page. The tab also displays an instruction specified by the Approval activity. You can view or change the instruction text on the Request for information tab in the Properties dialog for the Approval activity, under the Show this instruction to the approver heading.

Documents connexes

The document was helpful.

Sélectionner une évaluation

I easily found the information I needed.

Sélectionner une évaluation