Chat now with support
Chat with Support

Identity Manager 9.2 - Web Designer Web Application Configuration Guide

About this guide Configuring the Web Portal Configuring self-registration of new users Configuring the Password Reset Portal WebAuthn security keys Configuring the Application Governance Module Recommendations for secure operation of web applications

Require a reason

Table 7: Configuration parameter for reason

Configuration parameter

Description

VI_ITShop_ApproverReasonMandatoryOnDeny

Requires a reason from the approver for denying a request.

To ask a question

  1. Open the Web Designer.
  2. Open a module and search for "VI_ITShop_ApproverReasonMandatoryOnDeny".
  3. Select the configuration parameter "VI_ITShop_ApproverReasonMandatoryOnDeny".
  4. Set the value to true in the Node editor view.

Approval decisions about URL links

Table 8: Configuration parameter for approval decisions about URL links

Configuration parameter

Description

Meaning

VI_ITShop_Approvals
_InteractiveApproval

Requires consultation with the user before approval. This key is a SQL filter condition on the "AccProduct" table.

Product fulfills filter condition

Approval is not done directly. Displays form for confirming the approval decision.

Product does not fulfill filter condition

Approval decision is made when the page is called. Approvers receive a message that the approval decision has been entered into the system.

An approval decision about a request can be made by opening a URL that is sent in an email, for example.

Cases that use this type of messaging for request approvals are special service items, which are required for informing the user about the approval decision. Approvals through these service items are not permitted without prior consultation.

To prevent a approval by URL link

  1. Open the Web Designer.
  2. Open a module and search for "VI_ITShop_Approvals_InteractiveApproval".
  3. Select the configuration parameter "VI_ITShop_Approvals_InteractiveApproval".
  4. In the Node editor, set the value to true.

Displaying user-specific processes in the Web Portal

A user-specific process is a process that is specifically configured for tracing by the user. It enables status tracking and confirmation of a processing result to the Web Portal.

A user who is logged on to the Web Portal can see all processes that they have initiated. The value in the XUserInserted column corresponds to the user who is currently logged on. A process can only be generated from within a session of the current logged on user if it is to be identified as a user-specific process.

The user-specific processes are displayed in the Web Portal in the My Processes view. For more information, see the One Identity Manager Web Designer Web Portal User Guide.

This section only covers the configuration for displaying the process information in the Web Portal. For more information about process monitoring, recording process information, and the configuration of processes and process steps, see the One Identity Manager Configuration Guide.

Configuration recommendations for the recording of user-specific processes
  • In the Designer, check the Common | ProcessState configuration parameter. The configuration parameter must be set.
  • In the Designer, check the Common | ProcessState | JobHistory configuration parameter. The configuration parameter must be set. As a value for the configuration parameter, select ERRORorSELECTED or SELECTED.

    NOTE: The value ALL also takes into account the notifications from the process history. However, this setting can lead to an extremely large data volume.

  • In the Designer, check the Common | ProcessState | ProgressView configuration parameter. The configuration parameter must be set and should have the value 2.
  • In the Designer, check the Common | ProcessState | ProgressView | LifeTime and Common | ProcessState | JobHistory | LifeTime configuration parameters. These configuration parameters define the retention time of the process information and notifications in the process history. The configuration parameters must be set. Adjust the retention times if necessary. By default, the information is stored for 30 days before it is removed from the One Identity Manager database.
  • In the Designer, configure the processes and process steps for recording process information.
    • In the Process information property for a process, select the value Web Portal tracking.
    • In the Process information property for the process steps, select the value Web Portal tracking. Enable the Process history option.
    • Use user-friendly informative display values for the processes and process steps. To do this, enter the formatting rules for the process information of processes and process steps.

Configuring the four eyes principle for issuing a passcode.

You can control whether passcodes generated by the help desk are divided into two parts. One half of the passcode is issued to the help desk staff and the other half is sent to the identity's manager. The identity must ask the manager for the second half of the passcode. This procedure increases the security for issuing passcodes.

To configure the four eye principle for issuing passcodes

  1. Start the Designer program.

  2. Connect to the relevant database.

  3. Set the QER | Person | PasswordResetAuthenticator | PasscodeSplit configuration parameter.

    TIP: To find out how to edit configuration parameters in Designer, see the One Identity Manager Configuration Guide.

  4. Set the QER | WebPortal | MailTemplateIdents | InformManagerAboutSecondHalfOfPasscode configuration parameter.

    By default, the second half of the passcode is sent with the Identity - part of passcode for password reset (manager) mail template.

    To use another template for this notification, change the value in the configuration parameter.

    TIP: In the Designer, you can configure the current mail template in the Mail templates > Person category. For more information about mail templates, see the One Identity Manager Operational Guide.

Related Documents

The document was helpful.

Select Rating

I easily found the information I needed.

Select Rating