サポートと今すぐチャット
サポートとのチャット

Identity Manager 9.0 LTS - Web Application Configuration Guide

Configuring requesting by reference users

Web Portal users can request products that have a specific identity. This is called requesting by reference user.

Required configuration key:

  • Products can be requested through reference user (VI_ITShop_ProductSelectionByReferenceUser ): Enables or disables the "By reference user" function in the Web Portal.

To configure requesting by reference user

  1. Log in to the Administration Portal (see Logging in to the Administration Portal).

  2. In the navigation, click Configuration.

  3. On the Configuration page, in the Show configuration for the following API project menu, select the API project for which you want to set up requesting by reference users.

  4. Expand the Products can be requested through reference user configuration key.

  5. Perform one of the following actions:

    • To enable the "By reference user" function, select the Products can be requested through reference user check box.

    • To disable the "By reference user" function, clear the Products can be requested through reference user check box.

  6. Click Apply.

  7. Perform one of the following actions:

    • If you want to apply the changes locally only, click Apply locally.

    • If you want to apply the changes globally, click Apply globally.

  8. Click Apply.

Configuring self-registration of new users

In the Password Reset Portal, users who are not yet registered have the option to register themselves to use the Web Portal and to create new accounts. Users who self-register, receive a verification email with a link to a verification page. On this page, users can complete registration themselves and then set their initial login password.

NOTE: To use this functionality, new users must supply an email address, otherwise the verification email cannot be sent.

NOTE: For more information about self-registration of new users in the Web Portal and associated attestation process, see the One Identity Manager Attestation Administration Guide.

To configure self-registration

  1. Start the Designer program.

  2. Connect to the relevant database.

  3. Configure the following configuration parameters:

    NOTE: For more information about editing configuration parameters in the Designer, see the One Identity Manager Configuration Guide.

    • QER | WebPortal | PasswordResetURL: Specify the Password Reset Portal's web address. This URL is used, for example, in the email notification to new users.

    • QER | Attestation | MailTemplateIdents | NewExternalUserVerification:

      By default, the verification message and link is sent with the Attestation - new external user verification link mail template.

      To use another template for this notification, change the value in the configuration parameter.

      TIP: In the Designer, you can configure the current mail template in the Mail templates > Person category. For more information about mail templates, see the One Identity Manager Operational Guide.

    • QER | Attestation | ApproveNewExternalUsers: Specify whether self-registered users must be attested before they are activated. A manager then decides whether to approve the new user's registration.

    • QER | Attestation | NewExternalUserTimeoutInHours: For new self-registered users, specify the duration of the verification link in hours.

    • QER | Attestation | NewExternalUserFinalTimeoutInHours: Specify the duration in hours, within which self-registration must be successfully completed.

  4. Assign at least one identity to the Identity & Access Governance | Attestation | Attestor for external users application role.

  5. In the API Server's installation directory, open the web.config file.

    NOTE: If the file is encrypted, decrypt it first.

  6. In the <connectionStrings> section, add the following entry:

    <add name="QER\Person\PasswordResetAuthenticator\ApplicationToken" connectionString="<application token>" />

    <Application token> is the application token that was set when the API Server was installed.

  7. In the <connectionStrings> section, add the following entry:

    <add name="sub:register" connectionString="Module=DialogUser;User=<USER>;(Password)Password=<PASSWORD>" />
    • <USER> is the user's login name for creating new user accounts.

    • <PASSWORD> stands for the user's password.

  8. Save your changes to the file.

    NOTE: If the file was encrypted beforehand, encrypt it again.

Configuring the Application Governance Module

The Application Governance Module allows you to quickly and simply run the onboarding process for new applications from one place using one tool. An application created with the Application Governance Module combines all the permissions application users require for their regular work. You can assign entitlements and roles to your application and plan when they become available as service items (for example, in the Web Portal).

Related topics

Configuring entitlements

To enable employees to view, create, and manage applications as well as approve requests for application products in the Web Portal, you must assign specific application roles to employees.

NOTE: Managing an application involves the following:

  • Editing the application's main data and the assigned entitlements and roles

  • Assigning entitlements and roles to the application

  • Unassigning entitlements and roles from the application

  • Deploying the application and associated entitlements and roles

  • Undeploying the application and its associated permissions and roles

To assign an application role for application governance to employees

  1. Start the Manager program.

  2. Connect to the relevant database.

  3. Select the One Identity Manager Administration category.

  4. In the upper navigation pane, click the application role you want to assign to employees:

    • Application Governance | Administrators: Members of this application role create new applications and manage all applications in the Web Portal.

    • Application Governance | Owners: If this application role is assigned to an application as an owner application role, the members manage the application in the Web Portal.

    • Application Governance | Approvers: If this application role is assigned to an application as an approver application role, the members can approve requests for products of this application (if the BE - Approver of an application approval procedure is used).

  5. In the Tasks pane, select the Assign employees task.

  6. In the Add Assignments area, double-click the employees to whom you want to assign the application role.

  7. Click (Save).

関連ドキュメント

The document was helpful.

評価を選択

I easily found the information I needed.

評価を選択