Chat now with support
Chat with Support

Active Roles 8.0 LTS - Administration Guide

Introduction About Active Roles Getting Started Rule-based Administrative Views Role-based Administration
Access Templates as administrative roles Access Template management tasks Examples of use Deployment considerations Windows claims-based Access Rules
Rule-based AutoProvisioning and Deprovisioning
About Policy Objects Policy Object management tasks Policy configuration tasks
Property Generation and Validation User Logon Name Generation Group Membership AutoProvisioning E-mail Alias Generation Exchange Mailbox AutoProvisioning AutoProvisioning for SaaS products OneDrive Provisioning Home Folder AutoProvisioning Script Execution Office 365 and Azure Tenant Selection User Account Deprovisioning Office 365 Licenses Retention Group Membership Removal Exchange Mailbox Deprovisioning Home Folder Deprovisioning User Account Relocation User Account Permanent Deletion Group Object Deprovisioning Group Object Relocation Group Object Permanent Deletion Notification Distribution Report Distribution
Deployment considerations Checking for policy compliance Deprovisioning users or groups Restoring deprovisioned users or groups Container Deletion Prevention policy Picture management rules Policy extensions
Workflows
Understanding workflow Workflow activities overview Configuring a workflow
Creating a workflow definition Configuring workflow start conditions Configuring workflow parameters Adding activities to a workflow Configuring an Approval activity Configuring a Notification activity Configuring a Script activity Configuring an If-Else activity Configuring a Stop/Break activity Configuring an Add Report Section activity Configuring a Search activity Configuring CRUD activities Configuring a Save Object Properties activity Configuring a Modify Requested Changes activity Enabling or disabling an activity Enabling or disabling a workflow Using the initialization script
Example: Approval workflow E-mail based approval Automation workflow Activity extensions
Temporal Group Memberships Group Family Dynamic Groups Active Roles Reporting Management History
Understanding Management History Management History configuration Viewing change history
Workflow activity report sections Policy report items Active Roles internal policy report items
Examining user activity
Entitlement Profile Recycle Bin AD LDS Data Management One Identity Starling Management Managing One Identity Starling Connect Configuring linked mailboxes with Exchange Resource Forest Management Configuring remote mailboxes for on-premises users Azure AD, Office 365, and Exchange Online management
Configuring Active Roles to manage hybrid AD objects Managing Hybrid AD Users Unified provisioning policy for Azure O365 Tenant Selection, Office 365 License Selection, and Office 365 Roles Selection, and OneDrive provisioning Office 365 roles management for hybrid environment users Managing Office 365 Contacts Managing Hybrid AD Groups Managing Microsoft 365 Groups Managing Azure Security Groups Managing cloud-only distribution groups Managing cloud-only Azure users Managing cloud-only Azure guest users Managing cloud-only Azure contacts Changes to Active Roles policies for cloud-only Azure objects Managing room mailboxes Managing cloud-only shared mailboxes
Managing Configuration of Active Roles
Connecting to the Administration Service Adding and removing managed domains Using unmanaged domains Evaluating product usage Creating and using virtual attributes Examining client sessions Monitoring performance Customizing the console Using Configuration Center Changing the Active Roles Admin account Enabling or disabling diagnostic logs Active Roles Log Viewer
SQL Server Replication Appendix A: Using regular expressions Appendix B: Administrative Template Appendix C: Communication ports Appendix D: Active Roles and supported Azure environments Appendix E: Active Roles integration with other One Identity and Quest products Appendix F: Active Roles integration with Duo Appendix G: Active Roles integration with Okta Active Roles Language Pack

Configure request for review

You can configure the Approval activity so that the approver will be requested to review the object properties submitted for approval. One more option is to allow the approver to make changes to those properties.

To configure request for review

  1. Go to the Request for information tab in the Properties dialog box for the Approval activity.
  2. Select the Show the original request to the approver check box to enable the approver to review the properties submitted for approval.
  3. Optionally, select the Allow the approver to modify the original request check box to allow the approver to make changes to the properties submitted for approval.

When the Show the original request to the approver check box is selected, the Object Properties tab of the Approval Task page in the Approval section of the Web Interface displays the object properties submitted for approval. The property values are shown read-only in the area under the Review the properties submitted for approval heading. You can configure the Approval activity to allow the approver to change those property values by selecting the Allow the approver to modify the original request check box. If you do not want the approver to view the properties submitted for approval, clear the Show the original request to the approver check box.

Customize the header of the approval task page

You can configure the Approval activity to specify how the approval tasks created by that activity are identified in the Approval section of the Web Interface. The Approval section contains a list of approval tasks, with each task identified by a header that provides basic information about the task, including the title of the task and information about the target object of the operation that is subject to approval. The title of the task is located in the middle of the task’s header. The properties that identify the operation target object are displayed above the title of the task.

To change the title of the approval task

  1. Go to the Customization tab in the Properties dialog box for the Approval activity.
  2. Click Customize the task header area.
  3. Type the appropriate title in the Display this title to identify the approval task box.

    By default, the title is Approve operation.

To change the properties that identify the operation target object

  1. Under Customize the task header area, verify that the Display these properties of the object submitted for approval check box is selected.
  2. Use the Add and Remove buttons to configure the list of properties.

    By default, the list contains the Friendly Name property, which causes Active Roles to use the display name of the object. If the object does not have a display name, then Active Roles uses the name of the object.

By default, the approval task’s header provides summary information about the changes that are subject to approval, including the type of the changes and the reason for the changes. You can configure the header not to display that information by clearing the Display the operation summary in the task header area check box.

Changes to the configuration of the task’s header have an effect on the tasks created by the Approval activity after the changes were made, and don’t affect the tasks created earlier.

Customize approval action buttons

You can configure the Approval activity to specify the actions the approver can take on the approval task. On the pages for performing the approval task, in the Approval section of the Web Interface, the task header contains the action buttons that are intended to apply the appropriate resolution to the task, such as Approve or Reject. The action buttons are located at the bottom of the header area. Which buttons are displayed depends upon configuration of the Approval activity.

To rename or hide an action button

  1. Go to the Customization tab in the Properties dialog box for the Approval activity.
  2. Click Customize action buttons.
  3. Click the title of the button in the list, and then click Edit.
  4. In the Action Button Properties dialog box, perform the following tasks:
    • To rename the button, type the appropriate name in the Button title box.
    • The new name will appear on the action button in the Web Interface.
    • To hide the button, clear the Is visible on the pages for performing the approval task check box.
    • As a result, the Web Interface will not display the action button.

You can restore the action button in the Web Interface by selecting the Is visible on the pages for performing the approval task check box. Note that this option is unavailable for the Escalate or Delegate action type. The Web Interface displays the Escalate or Delegate button if the Approval activity allows the approver to escalate or reassign (delegate) the approval task, respectively.

Action buttons appear on the pages for performing the approval task. Each button applies a certain action to the task. You can add buttons to create custom actions. Clicking a custom action button allows (Complete action type) or denies (Reject action type) the operation that is subject to approval. If-Else activities can refer to a custom action button by title and elect the appropriate branch of the workflow when the approver clicks that button.

To add a custom action button

  1. Go to the Customization tab in the Properties dialog box for the Approval activity.
  2. Click Customize action buttons.
  3. Click Add.
  4. In the Action Button Properties dialog box, do the following:
    1. In the Button title box, type the appropriate name of the button.

    This name will appear on the action button in the Web Interface

    1. From the Action type list, select the appropriate type of the action button.

      When applied to an approval task, the Complete action type, causes the workflow to continue, allowing the operation that is subject to approval; the Reject action type button denies the operation.

    1. Select the Is visible on the pages for performing the approval task check box.

When you add a custom action button, you may want to include an instruction explaining the meaning and purpose of the custom action. You can type the text of the instruction in the Show this instruction for action buttons box in the Customize action buttons area on the Customization tab in the Properties dialog box for the Approval activity. The approver will see that text above the action buttons on the pages for performing the approval task in the Web Interface.

To complete an approval task, the approver normally has to fill in a confirmation dialog box. You can configure the Approval activity to prevent the confirmation dialog box from appearing: Select the Suppress the confirmation dialog upon completion of approval task check box in the Customize action buttons area on the Customization tab in the Properties dialog box for the Approval activity.

Configuring a Notification activity

When configuring a Notification activity, you can specify notification settings such as workflow events to notify of, notification recipients, and notification message template. The same settings apply to the Notification section of other activities such as an Approval activity, a Search activity, and CRUD activities.

To view or change notification settings

  1. In the Active Roles console tree, expand Configuration | Policies | Workflow, and select the workflow containing the activity you want to configure.

    This opens the Workflow Designer window in the details pane, representing the workflow definition as a process diagram.

  1. In the process diagram, right-click the name of the activity and click Properties.
  2. Click the Notification tab in the Properties dialog box.

The page for configuring notifications includes three areas:

  • Events, recipients and messages  In this area you can add, view, change, or remove notifications, each of which determines an event to notify of, the recipients of the notification message, the message delivery options, and the message template.
  • Active Roles Web Interface  This area is used to specify the address (URL) of the Active Roles Web Interface, for constructing hyperlinks in the notification messages.
  • E-mail server settings  In this area you can view or change the name and other settings of the e-mail server that is used for delivery of notification messages.
Related Documents

The document was helpful.

Select Rating

I easily found the information I needed.

Select Rating