Chat now with support
Chat with Support

Active Roles 7.5 - Administration Guide

Introduction About Active Roles Getting Started Rule-based Administrative Views Role-based Administration
Access Templates as administrative roles Access Template management tasks Examples of use Deployment considerations Windows claims-based Access Rules
Rule-based AutoProvisioning and Deprovisioning
About Policy Objects Policy Object management tasks Policy configuration tasks
Property Generation and Validation User Logon Name Generation Group Membership AutoProvisioning E-mail Alias Generation Exchange Mailbox AutoProvisioning AutoProvisioning for SaaS products OneDrive Provisioning Home Folder AutoProvisioning Script Execution Office 365 and Azure Tenant Selection User Account Deprovisioning Office 365 Licenses Retention Group Membership Removal Exchange Mailbox Deprovisioning Home Folder Deprovisioning User Account Relocation User Account Permanent Deletion Group Object Deprovisioning Group Object Relocation Group Object Permanent Deletion Notification Distribution Report Distribution
Deployment considerations Checking for policy compliance Deprovisioning users or groups Restoring deprovisioned users or groups Container Deletion Prevention policy Picture management rules Policy extensions
Workflows
Understanding workflow Workflow activities overview Configuring a workflow
Creating a workflow definition Configuring workflow start conditions Configuring workflow parameters Adding activities to a workflow Configuring an Approval activity Configuring a Notification activity Configuring a Script activity Configuring an If-Else activity Configuring a Stop/Break activity Configuring an Add Report Section activity Configuring a Search activity Configuring CRUD activities Configuring a Save Object Properties activity Configuring a Modify Requested Changes activity Enabling or disabling an activity Enabling or disabling a workflow Using the initialization script
Example: Approval workflow E-mail based approval Automation workflow Activity extensions
Temporal Group Memberships Group Family Dynamic Groups Active Roles Reporting Management History
Understanding Management History Management History configuration Viewing change history
Workflow activity report sections Policy report items Active Roles internal policy report items
Examining user activity
Entitlement Profile Recycle Bin AD LDS Data Management One Identity Starling Management One Identity Starling Two-factor Authentication for Active Roles Managing One Identity Starling Connect Azure AD, Office 365, and Exchange Online management
Configuring Active Roles to manage hybrid AD objects Managing Hybrid AD Users Unified provisioning policy for Azure O365 Tenant Selection, Office 365 License Selection, and Office 365 Roles Selection, and OneDrive provisioning Office 365 roles management for hybrid environment users Managing Office 365 Contacts Managing Hybrid AD Groups Managing Office 365 Groups Managing Azure Security Groups Managing cloud-only Azure users Managing cloud-only Azure guest users Managing cloud-only Azure contacts Changes to Active Roles policies for cloud-only Azure objects Managing room mailboxes
Managing Configuration of Active Roles
Connecting to the Administration Service Adding and removing managed domains Using unmanaged domains Evaluating product usage Creating and using virtual attributes Examining client sessions Monitoring performance Customizing the console Using Configuration Center Changing the Active Roles Admin account Enabling or disabling diagnostic logs Active Roles Log Viewer
SQL Server Replication Appendix A: Using regular expressions Appendix B: Administrative Template Appendix C: Communication ports Appendix D: Active Roles and supported Azure environments Appendix E: Enabling Federated Authentication Appendix F: Active Roles integration with other One Identity and Quest products Appendix G: Active Roles integration with Duo MFA Appendix H: Active Roles integration with Okta MFA

Integration with Microsoft Outlook

For organizations that have deployed Microsoft Exchange Server 2013 or later, and use Microsoft Office Outlook 2010 or later as their standard e-mail client, Active Roles provides an approvals management facility integrated in Outlook. This allows Microsoft Office end-users to manage approvals in Active Roles through the e-mail application they use on a day-to-day basis.

The Add-in for Outlook component that is included with Active Roles offers the basic functionality for processing and submitting approvals. Active Roles Add-in for Outlook allows Microsoft Outlook users to approve or reject requests that are sent to them for approval. Requests are delivered through notification e-mail messages, and can be approved or rejected directly from the notification e-mail message, without having to use Active Roles’ Web Interface pages. In every e-mail message from Active Roles that notifies of an approval request, Active Roles Add-in for Outlook adds the Approve and Reject buttons along with Approve and Reject menu commands allowing the approver to respond by selecting the appropriate button or command.

Software and configuration requirements

Integration with Microsoft Office Outlook requires the following software and configuration prerequisites:

  • Microsoft Exchange Server 2013 or later. Integration with Outlook requires at least one server running Exchange 2013 or later that holds the Client Access server role and Mailbox server role, to be deployed in your Exchange organization.
  • Microsoft Office Outlook 2010 or later. The approvers use Outlook 2010 or later as their e-mail client application.

  • Active Roles Add-in for Outlook (32-bit). The Add-in for Outlook component of Active Roles is installed on the computer running Microsoft Office Outlook. The software requirements specific to Active Roles Add-in for Outlook are listed in the Active Roles Quick Start Guide.

    NOTE: The Active Roles Add-in for Outlook does not support the 64-bit version of Microsoft Office Outlook.

  • Approvers’ mailboxes. The mailboxes where approval and rejection takes place are on a Mailbox server running Exchange 2013 or later. Although not mandatory, this condition is highly advisable.
  • Active Roles’ mailbox. A mailbox reserved for the exclusive use of Active Roles. This mailbox should be on a Mailbox server running Exchange 2013 or later.
  • Exchange Web Services. The approval workflow has the approval rule notification settings configured so that Active Roles uses Exchange Web Services to communicate with Exchange. These settings include the address (URL) of the Exchange Web Services endpoint on an Exchange server that holds the Client Access server role, along with the credentials that identify Active Roles’ mailbox.

Integration with non-Outlook e-mail clients

For organizations that have deployed Microsoft Exchange Server 2013 or later, but use an e-mail client application other than Outlook 2010 or later, Active Roles offers the ability to approve or reject change requests by simply replying to notification messages that inform approvers of approval tasks. In this case, the notification message contains selectable options that, when clicked or tapped, cause the e-mail application to create a new message in reply to the notification message. The reply message contains indication of the approval decision (approve or reject) and prompts the approver to supply a comment on the approval decision (approval or rejection reason). Then, the approver sends the reply message, thereby completing the approval task.

Software and configuration requirements

The ability to manage approvals from non-Outlook e-mail clients calls for the same software and configuration prerequisites as Outlook integration (see Integration with Microsoft Outlook), with the following exceptions and additions:

  • The e-mail client applications that can be used to manage approvals are not restricted to Microsoft Office Outlook 2010 or later. It is possible to use, for instance, earlier Outlook versions or e-mail applications on mobile devices.
  • Active Roles Add-in for Outlook does not need to be installed on the computer running the e-mail client application.
  • The approval rule notification settings are configured so that the notification messages originated by Active Roles have integration with the Web Interface turned off. Ensure that the Send approval response by e-mail option is selected in the properties of the e-mail configuration that is used by the approval rule (this is the default setting).
Related Documents

The document was helpful.

Select Rating

I easily found the information I needed.

Select Rating