Application Governance Module
Application Governance Module 
 
The Application Governance Module allows you to quickly and simply run the onboarding process for new applications from one place using one tool. An application created with the Application Governance Module combines all the permissions application users require for their regular work. You can assign entitlements and roles to your application and plan when they become available as service items (for example, in the Web Portal).
Related topics
 
    Configuring entitlements
To enable employees to view, create, and manage applications as well as approve requests for application products in the Web Portal, you must assign specific application roles to employees.
NOTE: Managing an application involves the following:
- 
Editing the application's main data and the assigned entitlements and roles 
- 
Assigning entitlements and roles to the application 
- 
Unassigning entitlements and roles from the application 
- 
Deploying the application and associated entitlements and roles 
- 
Undeploying the application and its associated permissions and roles 
 
To assign an application role for application governance to employees
- 
Start the Manager. 
- 
Connect to the relevant database. 
- 
Select the One Identity Manager Administration category. 
- 
In the upper navigation pane, click the application role you want to assign to employees: 
- 
Application Governance | Administrators: Members of this application role create new applications and manage all applications in the Web Portal. 
- 
Application Governance | Owners: If this application role is assigned to an application as an owner application role, the members manage the application in the Web Portal. 
- 
Application Governance | Approvers: If this application role is assigned to an application as an approver application role, the members can approve requests for products of this application (if the BE - Approver of an application approval procedure is used). 
 
- 
In the Tasks pane, select the Assign employees task. 
- 
In the Add Assignments area, double-click the employees to whom you want to assign the application role. 
- 
Click  (Save). (Save).
 
 
    Filling application hyperviews
In the Web Portal, an overview is available to users for each application in the form of a hyperview. The Fill application overview schedule collects all the data for this hyperview and fills it.
To start the schedule to populate the hyperview
- 
Start the Designer. 
- 
In the Designer, select the Base data > General > Schedules category. 
- 
In the list, select the Fill application overview schedule. 
- 
In the schedule's details pane, click Start. 
- 
Confirm the security prompt with Yes. 
To edit the schedule for filling the application's hyperview
- 
Start the Designer. 
- 
In the Designer, select the Base data > General > Schedules category. 
- 
In the list, select the Fill application overview schedule. 
- 
In the schedule's details pane, edit the schedule's main data. For more information about schedule and their properties, see One Identity Manager Operational Guide. 
- 
Select the Database > Commit to database menu item and click Save. 
 
    Configuring password questions
Configuring password questions 
 
If Web Portal users forget their password, they can set a new one with the help of the password questions.
To configure the use of password questions.
- 
Start the Designer. 
- 
Configure the following configuration parameters: 
NOTE: See the One Identity Manager Configuration Guide, to find out how to edit configuration parameters in the Designer. 
 
- 
QER | Person | PasswordResetAuthenticator | QueryAnswerDefinitions: Specify how many password questions and answers users must enter. Users who do not enter enough or any questions and answers, cannot reset their password. 
NOTE: The value must not be less than the value in the QueryAnswerRequests configuration parameter. 
 
- 
QER | Person | PasswordResetAuthenticator | QueryAnswerRequests: Specify how many password questions users have to answer before they can reset their password. 
NOTE: The value must not be higher than the value in the QueryAnswerDefinitions configuration parameter. 
 
- 
QER | Person | PasswordResetAuthenticator | InvalidateUsedQuery: Specify whether users must enter new password questions and answers after successfully resetting their password. In this case, correctly answered questions are deleted.