Notifications with Questions
Notifications with Questions
Table 59: Configuration Parameter for Notification of Approver Questions
QER\Attestation\MailTemplateIdents\ QueryFromApprover |
This mail template is used to send a notification with a question from an approver to an employee. |
QER\Attestation\MailTemplateIdents\ AnswerToApprover |
This mail template is used to send a notification with an answer to a question from an approver. |
Employees can be notified when a question about an attestation is asked. The attestor can also be notified the moment the question is answered.
To notify an employee when an attestor asks a question
To notify an attestor when an employee answers the question
|
TIP: Change the value of the configuration parameter in order to use custom mail templates for these mails. |
Notifications from Additional Attestors
Notifications from Additional Attestors
Table 60: Configuration Parameters for Notifying Attestors
QER\Attestation\MailTemplateIdents\InformAddingPerson |
This mail template is used to notify attestors if the additional attestor has met an approval decision. |
QER\Attestation\MailTemplateIdents\InformDelegatingPerson |
This mail template is used to notify attestors if an approval decision has been made about their delegated step. |
The original attestor can be notified when an additional attestor or employee who has been delegated an attestation, has granted or denied the attestation. This mail is send the moment the approval step has been decided.
To send notification when the additional attestor approves or denies the attestation
To send notification when the employee who was delegated an approval approves or denies the request
|
TIP: Change the value of the configuration parameter in order to use custom mail templates for these mails. |
Default Mail Templates
Default Mail Templates
One Identity Manager supplies mail templates by default. These mail templates are available in English and German. If you require the mail body in other languages, you can add mail definitions for these languages to the default mail template.
To edit a default mail template
- Select the category Attestation | Basic configuration data | Approval procedures | Predefined.
Related Topics
Attestation by Mail
Attestation by Mail
Table 61: Configuration Parameters for Approval by Mail
QER\Attestation\MailApproval\Inbox |
This Microsoft Exchange mailbox is used for "Approval by mail" processes. |
QER\Attestation\MailApproval\Account |
Name of user account for authentication of "Approval by mail" mailbox. |
QER\Attestation\MailApproval\Domain |
Domain of user account for authentication of "Approval by mail" mailbox. |
QER\Attestation\MailApproval\Password |
Password of user account for authentication of "Approval by mail" mailbox. |
QER\Attestation\MailTemplateIdents\ITShopApproval |
Mail template used for requests made through "Approval by mail". |
QER\Attestation\MailApproval\DeleteMode |
Specifies the way emails are deleted from the inbox. |
You can set up attestation by mail to provide an option for attestors, who are temporarily unable to access One Identity Manager tools, to make attestation case decisions. In this way, attestors are notified by email when an attestation case is pending approval. Attestors can use the links in the email to make approval decisions without having to connect to the Web Portal. This generates an email that contains the approval decision and in which attestors can state the reasons for their approval decision. This email is sent to a central Microsoft Exchange mailbox. The One Identity Manager checks this mailbox regularly, evaluates the incoming emails and updates the status of the attestation case correspondingly.
|
IMPORTANT: An attestation is not possible by email, if multi-factor authorization is configured for the attestation policy. Attestation emails for such requests produce an error message. |
Prerequisites
- The Microsoft Exchange system is configured with
- Microsoft Exchange Client Access Server version 2007, Service Pack 1 or later
- Microsoft Exchange Web Service .NET API Version 1.2.1, 32 Bit
- The user account used by One Identity Manager to register with Microsoft Exchange requires full access to the mailbox given in the configuration parameter "QER\Attestation\MailApprovalInbox".
- The configuration parameter "QER\Attestation\MailTemplateIdents\RequestApproverByCollection" is not set.
To set up attestation by email
- Set the configuration parameter "QER\Attestation\MailApprovalInbox" in the Designer and enter the mailbox to which to send the approval mails.
- Set up mailbox access.
- By default, One Identity Manager uses the One Identity Manager Service user account to register with Microsoft Exchange and to access the mailbox.
– OR –
- You enter a separate user account for registering on the Microsoft Exchange Server for mailbox access. Enabled the following configuration parameters to do this.
Table 62: Configuration Parameters for Logging onto a Microsoft Exchange Server
QER\Attestation\MailApproval\Account |
User account name. |
QER\Attestation\MailApproval\Domain |
User account's user account. |
QER\Attestation\MailApproval\Password |
User account password. |
- Set the configuration parameter "QER\Attestation\MailTemplateIdents\ITShopApproval" in the Designer.
The mail template used to send the attestation mail is stored with this configuration parameter. You can use the default mail template or add a custom mail template.

|
TIP: Change the value of the configuration parameter in order to use custom mail templates for attestation mails. Customize the script VI_MailApproval_ProcessMail in this case, as well. |
- Assign the following mail templates to the approval steps:
Table 63: Mail Template for Approval by Mail
Mail template for demand |
Attestation - approval required (by mail) |
Mail template reminder |
Attestation - remind approver (by mail) |
Mail template for delegation |
Attestation - delegated/additional approval (by mail) |
Mail template for rejection |
Attestation - reject approval (by mail) |
- Enable the schedule "Processes attestation mail approvals" in the Designer.
Based on this schedule, the One Identity Manager regularly checks the mailbox after each for new attestation mail. Based on this schedule, the regularly checks the mailbox every 15 minutes. You can change how frequently it checks, by altering the interval in the schedule as required.
To clean up a mail box
- Set the configuration parameter "QER\Attestation\MailApproval\DeleteMode in the Designer and select the following values.
Table 64: Cleaning up a Mailbox
HardDelete |
Processed emails are deleted immediately |
MoveToDeletedItems |
Processed emails are moved to the "Deleted objects" folder in the mailbox. |
SoftDelete |
Processed emails are moved to the Active Directory trash but can be restored if necessary. |

|
NOTE: If you apply the method MoveToDeletedItems or SoftDelete you should empty the folder "Deleted objects" or the Active Directory trash at regular intervals. |
Related Topics