Chat now with support
Chat with Support

Active Roles 7.5 - Administration Guide

Introduction About Active Roles Getting Started Rule-based Administrative Views Role-based Administration
Access Templates as administrative roles Access Template management tasks Examples of use Deployment considerations Windows claims-based Access Rules
Rule-based AutoProvisioning and Deprovisioning
About Policy Objects Policy Object management tasks Policy configuration tasks
Property Generation and Validation User Logon Name Generation Group Membership AutoProvisioning E-mail Alias Generation Exchange Mailbox AutoProvisioning AutoProvisioning for SaaS products OneDrive Provisioning Home Folder AutoProvisioning Script Execution Office 365 and Azure Tenant Selection User Account Deprovisioning Office 365 Licenses Retention Group Membership Removal Exchange Mailbox Deprovisioning Home Folder Deprovisioning User Account Relocation User Account Permanent Deletion Group Object Deprovisioning Group Object Relocation Group Object Permanent Deletion Notification Distribution Report Distribution
Deployment considerations Checking for policy compliance Deprovisioning users or groups Restoring deprovisioned users or groups Container Deletion Prevention policy Picture management rules Policy extensions
Workflows
Understanding workflow Workflow activities overview Configuring a workflow
Creating a workflow definition Configuring workflow start conditions Configuring workflow parameters Adding activities to a workflow Configuring an Approval activity Configuring a Notification activity Configuring a Script activity Configuring an If-Else activity Configuring a Stop/Break activity Configuring an Add Report Section activity Configuring a Search activity Configuring CRUD activities Configuring a Save Object Properties activity Configuring a Modify Requested Changes activity Enabling or disabling an activity Enabling or disabling a workflow Using the initialization script
Example: Approval workflow E-mail based approval Automation workflow Activity extensions
Temporal Group Memberships Group Family Dynamic Groups Active Roles Reporting Management History
Understanding Management History Management History configuration Viewing change history
Workflow activity report sections Policy report items Active Roles internal policy report items
Examining user activity
Entitlement Profile Recycle Bin AD LDS Data Management One Identity Starling Management One Identity Starling Two-factor Authentication for Active Roles Managing One Identity Starling Connect Azure AD, Office 365, and Exchange Online management
Configuring Active Roles to manage hybrid AD objects Managing Hybrid AD Users Unified provisioning policy for Azure O365 Tenant Selection, Office 365 License Selection, and Office 365 Roles Selection, and OneDrive provisioning Office 365 roles management for hybrid environment users Managing Office 365 Contacts Managing Hybrid AD Groups Managing Office 365 Groups Managing Azure Security Groups Managing cloud-only Azure users Managing cloud-only Azure guest users Managing cloud-only Azure contacts Changes to Active Roles policies for cloud-only Azure objects Managing room mailboxes
Managing Configuration of Active Roles
Connecting to the Administration Service Adding and removing managed domains Using unmanaged domains Evaluating product usage Creating and using virtual attributes Examining client sessions Monitoring performance Customizing the console Using Configuration Center Changing the Active Roles Admin account Enabling or disabling diagnostic logs Active Roles Log Viewer
SQL Server Replication Appendix A: Using regular expressions Appendix B: Administrative Template Appendix C: Communication ports Appendix D: Active Roles and supported Azure environments Appendix E: Enabling Federated Authentication Appendix F: Active Roles integration with other One Identity and Quest products Appendix G: Active Roles integration with Duo MFA Appendix H: Active Roles integration with Okta MFA

Customization

You can configure the Approval activity to specify how the approval tasks created by that activity are to be identified in the Approval section of the Web Interface. The Approval section contains a list of approval tasks, with each task identified by a header that provides basic information about the task, including the title of the task and information about the target object of the operation that is subject to approval. The title of the task is located in the middle of the task’s header. The properties that identify the operation target object are displayed above the title of the task.

The pages for configuring an Approval activity in the Active Roles console provide the following customization options related to the header of the approval task:

  • Display this title to identify the approval task.  When performing the approval task, the approver will see this instruction on the page intended to review, supply or change the properties that are subject to the approval task. You can supply an instruction on how to perform the task.
  • Display these properties of the object submitted for approval.  These properties will be displayed in the task's header area on the pages for performing the approval task. You can add properties to help the approver identify the target object of the operation submitted for approval.
  • Display the operation summary in the task header area.  This option extends the approval task’s header area to provide summary information about the changes that are subject to approval, including the type of the changes and the reason for the changes.

You can configure the Approval activity to specify the actions the approver can take on the approval task. On the pages for performing the approval task, in the Approval section of the Web Interface, the task header contains the action buttons that are intended to apply the appropriate resolution to the task, such as Approve or Reject. The action buttons are located at the bottom of the header area. Which buttons are displayed depends upon configuration of the Approval activity.

The pages for configuring an Approval activity in the Active Roles console provide the following customization options related to the action buttons:

  • Customize action buttons.  Action buttons appear on the pages for performing the approval task. Each button applies a certain action to the task. Normally, two built-in buttons, titled Approve and Reject by default, are displayed for each approval task. Other buttons may be displayed depending on the configuration of the approval activity. You can add buttons to create custom actions. Depending on the button’s action type, clicking a custom action button causes the workflow to allow (Complete action type) or deny (Reject action type) the operation that is subject to approval. If-Else activities can refer to a custom action button by the button’s title and elect the appropriate branch of the workflow when the approver clicks that custom action button.
  • Show this instruction for action buttons.  You can use this option to supply an instruction on how to use action buttons. The approver will see this instruction above the action buttons on the pages for performing the approval task.
  • Suppress the confirmation dialog upon completion of approval task.  If this option is not selected, Active Roles requests the approver to fill in a confirmation dialog box every time the approver performs an approval task. You can select this option to prevent the confirmation dialog box from appearing so that the approver can complete the task without having to supply a reason for the completion of the task.

Notification

Notification is used to subscribe recipients to the notifications of approval-related events, configure notification e-mails, and set up e-mail transport. Approval rules provide e-mail notifications to workflow users in association with various events, such as the creation of approval tasks upon operation requests. Thus, approvers can be notified of the requests awaiting their approval via e-mails that include hypertext links to the approval-related section in the Web Interface. An Approval activity has the following notification settings.

Notification recipients

Notification recipients are the users or groups to which the activity sends e-mails. A recipient can be any mailbox-enabled user or mail-enabled group. There are also a number of options allowing you to select recipients based on their role, such as operation requestor, approver, manager of operation requestor, or manager of object affected by the operation.

Notification delivery

The delivery options determine whether notifications are to be sent immediately or on a scheduled basis. The option of immediate delivery causes the activity to generate a separate message upon every occurrence of the event to notify of. The option of scheduled delivery can be used for aggregating notifications. If you select the scheduled delivery option, all notifications about the event occurrences within a time period of your choice are grouped and sent as a single message.

Related Documents

The document was helpful.

Select Rating

I easily found the information I needed.

Select Rating