Chatta subito con l'assistenza
Chat con il supporto

Active Roles 8.2 - Administration Guide

Introduction Getting started with Active Roles Configuring rule-based administrative views Configuring role-based administration Configuring rule-based autoprovisioning and deprovisioning
Configuring Provisioning Policy Objects
User Logon Name Generation E-mail Alias Generation Exchange Mailbox AutoProvisioning Group Membership AutoProvisioning Home Folder AutoProvisioning Property Generation and Validation Script Execution O365 and Azure Tenant Selection AutoProvisioning in SaaS products
Configuring Deprovisioning Policy Objects
User Account Deprovisioning Group Membership Removal User Account Relocation Exchange Mailbox Deprovisioning Home Folder Deprovisioning User Account Permanent Deletion Office 365 Licenses Retention Group Object Deprovisioning Group Object Relocation Group Object Permanent Deletion Script Execution Notification Distribution Report Distribution
Configuring entry types Configuring a Container Deletion Prevention policy Configuring picture management rules Managing Policy Objects Checking for policy compliance Deprovisioning users or groups Restoring deprovisioned users or groups Configuring policy extensions
Using rule-based and role-based tools for granular administration Workflows
About workflow processes Workflow processing overview Workflow activities overview Configuring a workflow
Creating a workflow definition for a workflow Configuring workflow start conditions Configuring workflow parameters Adding activities to a workflow Configuring an Approval activity Configuring a Notification activity Configuring a Script activity Configuring an If-Else activity Configuring a Stop/Break activity Configuring an Add Report Section activity Configuring a Search activity Configuring CRUD activities Configuring a Save Object Properties activity Configuring a Modify Requested Changes activity Enabling or disabling an activity Enabling or disabling a workflow Using the initialization script
Approval workflow Email-based approval Automation workflow Activity extensions
Temporal Group Memberships Group Family Dynamic groups Active Roles Reporting Management History Entitlement profile Recycle Bin AD LDS data management One Identity Starling Join and configuration through Active Roles Managing One Identity Starling Connect Configuring linked mailboxes with Exchange Resource Forest Management Configuring remote mailboxes for on-premises users Migrating Active Roles configuration with the Configuration Transfer Wizard Managing Skype for Business Server with Active Roles
About Skype for Business Server User Management Active Directory topologies supported by Skype for Business Server User Management User Management policy for Skype for Business Server User Management Master Account Management policy for Skype for Business Server User Management Access Templates for Skype for Business Server Configuring the Skype for Business Server User Management feature Managing Skype for Business Server users
Exchanging provisioning information with Active Roles SPML Provider Monitoring Active Roles with Management Pack for SCOM Configuring Active Roles for AWS Managed Microsoft AD Azure AD, Microsoft 365, and Exchange Online Management
Azure tenant types and environment types supported by Active Roles Using Active Roles to manage Azure AD objects Unified provisioning policy for Azure M365 Tenant Selection, Microsoft 365 License Selection, Microsoft 365 Roles Selection, and OneDrive provisioning Changes to Active Roles policies for cloud-only Azure objects
Managing the configuration of Active Roles
Connecting to the Administration Service Managed domains Using unmanaged domains Evaluating product usage Creating and using virtual attributes Examining client sessions Monitoring performance Customizing the Console Using Configuration Center Changing the Active Roles Admin account Enabling or disabling diagnostic logs Active Roles Log Viewer
SQL Server replication Using regular expressions Administrative Template Configuring federated authentication Communication ports and URLs used by Active Roles Integrating Active Roles with other products and services Active Roles Language Pack Active Roles Diagnostic Tools Active Roles Add-on Manager

Approval activity

An Approval activity, also referred to as an approval rule, represents a decision point in a workflow that is used to obtain authorization from a person before continuing the workflow. Workflow start conditions determine which operations start the workflow and the approval rules added to the workflow determine who is designated to approve the operation, the required sequence of approvals, and who needs to be notified of approval tasks or decisions.

Active Roles creates an approval task as part of the processing of an approval rule, and assigns the task to the approvers. The approver is expected to complete the task by making a decision to allow or deny the operation. Until the task is completed, the operation remains in a pending state.

Approvers and escalation

Approvers are the users or groups of users designated to perform approval tasks. When processing an approval rule, Active Roles creates an approval task and assigns it to the approvers defined by the rule. The state of the task governs the workflow transition: The task must receive the Approve resolution for the operation to pass the approval rule. If the task has received the Reject resolution, the operation is denied and the workflow instance is completed.

Approvers may be selected by browsing the available users and groups, or particular role holders may be designated as approvers. For example, an approval rule can be configured so as to require approval by the manager of the operation requestor or by the manager of the group or container that is affected by the operation.

An approval rule may define two or more approver levels, with each level containing a separate list of approvers. Active Roles uses approver levels when escalating time-limited approval tasks. For each approver level the approval rule can specify a certain time period. If an approver of a given level does not complete the approval task within the specified time period, then Active Roles can assign the task to the approvers of the next level. This process is referred to as escalation.

Each approver level has the following configuration options:

  • List of approvers: Specifies the users or groups of users that are designated as approvers for the approver level in question.

    A valid approval rule must, at a minimum, specify a list of approvers for the initial approver level. Active Roles first assigns the approval task to the approvers of that level. To enable escalation, a separate list of approvers must be specified for one or more escalation levels.

  • Approval task has no time limit: When this option is selected, the approval rule does not require that the approvers of the given level complete the approval task within a certain time period.

  • Approval task has a time limit of <number> days <number> hours: When this option is selected, the approval rule requires that the approvers of the given level complete the approval task within the specified time period.

    If the approval task is not completed within the specified time period, then, depending upon the selected configuration option, the approval rule can either cancel the operation waiting for approval or escalate the approval task. The latter option requires a list of approvers to be specified for the subsequent escalation level.

  • Allow approver to delegate approval task: When this option is selected, the approver of the given level is allowed to assign the approval task to other persons. On the pages for performing the approval task, the approver can use the Delegate button to select the persons to assign the task to.

  • Allow approver to escalate approval task: When this option is selected, the approver of the given level is allowed to escalate the approval task. On the pages for performing the approval task, the approver can click Escalate to assign the task to the approvers of the subsequent escalation level. This option requires a list of approvers to be specified for the subsequent escalation level.

Request for information

You can configure the Approval activity so that the approver will be requested to supply certain properties of the object when performing the approval task. Suppose the creation of a user is submitted for approval. The approver may be requested to supply certain properties of the user in addition to the properties specified in the creation request. Thus, you may configure the Approval activity to prompt the approver to specify the mailbox database for the mailbox of the user to be created.

It is also possible to configure the Approval activity so that the approver will be requested to review the object properties submitted for approval. One more option is to allow the approver to make changes to those properties.

The pages for configuring an Approval activity in the Active Roles Console include the following options related to request for information:

  • Show this instruction to the approver: When performing the approval task, the approver will see this instruction on the page intended to review, supply, or change the properties that are subject to the approval task. You can supply an instruction on how to perform the task.

  • Request the approver to supply or change these properties: When performing the approval task, the approver will be prompted to supply or change the properties specified in this option.

  • Show the original request to the approver: This option adds a separate section on the pages for performing the approval task that lists the properties submitted for approval.

  • Allow the approver to modify the original request: Unless this option is selected, the approver is only allowed to view the properties submitted for approval. You could select this check box to allow the approver to change those properties.

Customization

You can configure the Approval activity to specify how the approval tasks created by that activity are to be identified in the Approval section of the Web Interface. The Approval section contains a list of approval tasks, with each task identified by a header that provides basic information about the task, including the title of the task and information about the target object of the operation that is subject to approval. The title of the task is located in the middle of the task header. The properties that identify the operation target object are displayed above the title of the task.

The pages for configuring an Approval activity in the Active Roles Console provide the following customization options related to the header of the approval task:

  • Display this title to identify the approval task: When performing the approval task, the approver will see this instruction on the page intended to review, supply or change the properties that are subject to the approval task. You can supply an instruction on how to perform the task.

  • Display these properties of the object submitted for approval: These properties will be displayed in the task's header area on the pages for performing the approval task. You can add properties to help the approver identify the target object of the operation submitted for approval.

  • Display the operation summary in the task header area: This option extends the approval task’s header area to provide summary information about the changes that are subject to approval, including the type of the changes and the reason for the changes.

You can configure the Approval activity to specify the actions the approver can take on the approval task. On the pages for performing the approval task, in the Approval section of the Web Interface, the task header contains the action buttons that are intended to apply the appropriate resolution to the task, such as Approve or Reject. The action buttons are located at the bottom of the header area. Which buttons are displayed depends upon configuration of the Approval activity.

The pages for configuring an Approval activity in the Active Roles Console provide the following customization options related to the action buttons:

  • Customize action buttons: Action buttons appear on the pages for performing the approval task. Each button applies a certain action to the task. Normally, two built-in buttons, titled Approve and Reject by default, are displayed for each approval task. Other buttons may be displayed depending on the configuration of the approval activity. You can add buttons to create custom actions.

    Depending on the button’s action type, clicking a custom action button causes the workflow to allow (Complete action type) or deny (Reject action type) the operation that is subject to approval. If-Else activities can refer to a custom action button by the button’s title and elect the appropriate branch of the workflow when the approver clicks that custom action button.

  • Show this instruction for action buttons: You can use this option to supply an instruction on how to use action buttons. The approver will see this instruction above the action buttons on the pages for performing the approval task.

  • Suppress the confirmation dialog upon completion of approval task: If this option is not selected, Active Roles requests the approver to fill in a confirmation dialog box every time the approver performs an approval task. You can select this option to prevent the confirmation dialog box from appearing so that the approver can complete the task without having to supply a reason for the completion of the task.

Related Documents

The document was helpful.

Seleziona valutazione

I easily found the information I needed.

Seleziona valutazione