Chat now with support
Chat with Support

Identity Manager 8.0 - Configuration Guide

One Identity Manager Software Architecture Working with the Designer Customizing the One Identity Manager Default Configuration Checking Data Consistency Compiling a One Identity Manager Database Working with Change Labels Basic System Configuration Data
One Identity Manager Authentication Module Database Connection Data Configuration Parameters for System Configuration Setting up the Mail Notification System Enabling More Languages for Displaying and Maintaining Data Displaying Country Information Setting Up and Configuring Schedules Password Policies in One Identity Manager Reloading Changes Dynamically TimeTrace Databases Machine Roles and Server Functions Files for Software Update Operating Systems in Use System Configuration Reports Using Predefined Database Queries Managing Custom Database Objects within a Database
The One Identity Manager Data Model Granting One Identity Manager Schema Permissions Working with the User Interface
Object definitions for the User Interface User Interface Navigation Forms for the User Interface Statistics in the One Identity Manager Extending the Launchpad Task Definitions for the User Interface Applications for Configuring the User Interface Icons and Images for Configuring the User Interface Language Dependent Data Representation
Process Orchestration in One Identity Manager
Declaring the Job Server One Identity Manager Service Configuration Handling Processes in the One Identity Manager
Tracking Changes with Process Monitoring Conditional Compilation using Preprocessor Conditions One Identity Manager Scripts Maintaining Mail Templates Reports in the One Identity Manager Custom schema extensions Transporting One Identity Manager Schema Customizations Importing Data Web Service Integration SOAP Web Service One Identity Manager as SPML Provisioning Service Provider Searching for Errors in the One Identity Manager Processing DBQueue Tasks One Identity Manager Configuration Files

Configuration Parameter Options

If a configuration parameter only permits certain values, these values are defined in the configuration parameter options.

Table 57: Option Properties
Property Description
Value Value permitted for the configuration parameter.
Description Description of the configuration parameter option.
Preprocessor expression Preprocessor relevant configuration parameters as assigned a valid preprocessor expression in the options. This can be used as a preprocessor condition for conditional compiling.
Related Topics

Setting up the Mail Notification System

The One Identity Manager sends email notifications about various actions taken within the system. Thus, various notifications are sent to requester and approver within the request process. In the same way, notifications about attestation cases are sent or reports delivered by email. Notifications are sent when an actions is successfully or unsuccessfully executed during process handling.

NOTE: In addition to the configuration parameters listed in the following, other configuration parameters may be necessary for different notification processes. Some configuration parameters are only available when the module is installed.

You can implement custom notifications in addition to predefined notification processes.

Prerequisites for using notification systems are:

  1. Declaring a Job server as SMTP host for sending mail.
  2. Enabling configuration parameters for mail notification

    NOTE: In addition to the configuration parameters listed in the following, other configuration parameters may be necessary for different notification processes.

Table 58: General Configuration Parameters for Mail Notification

Configuration Parameter

Meaning

Common\InternationalEMail

This parameter specifies whether international domain names and unicode characters are supported in email addresses.

IMPORTANT: The mail server must also support this function. If necessary, you must override the script VID_IsSMTPAddress

Common\MailNotification

Notification data.

Common\MailNotification\DefaultAddress

Default email address (recipient) for sending notifications.

Common\MailNotification\DefaultCulture

Default language that emails are sent in if no language can be determined for a recipient.

Common\MailNotification\DefaultLanguage

Default language for sending messages.

Common\MailNotification\DefaultSender

Default email address (sender) for sending notifications.

Common\MailNotification\Encrypt

Specifies whether emails are encrypted.

Common\MailNotification\Encrypt\ConnectDC

Domain controller to use.

Common\MailNotification\Encrypt\ConnectPassword

User password. This is optional.

Common\MailNotification\Encrypt\ConnectUser

User account for querying Active Directory. This is optional.

Common\MailNotification\Encrypt\DomainDN

Distinguished name of the domain to search through.

Common\MailNotification\Encrypt\EncryptionCertificateScript

Script, which supplies a list of encrypted certificates (default: QBM_GetCertificates).

Common\MailNotification\NotifyAboutWaitingJobs

Specifies whether a message should be sent if the process steps have a particular execution state in the job queue.

Common\MailNotification\SignCertificateThumbprint

SHA1 thumbprint of the certificate to use for the signature. This can be in the computer's or the user's My Store.

Common\MailNotification\SMTPAccount

User account name for authentication on an SMTP server.

Common\MailNotification\SMTPDomain

User account domain for authentication on the SMTP server.

Common\MailNotification\SMTPPassword

User account password for authentication on the SMTP server.

Common\MailNotification\SMTPPort

Port for SMTP services on the SMTP server (default: 25).

Common\MailNotification\SMTPRelay

SMTP server for sending notifications.

Common\MailNotification\SMTPUseDefaultCredentials

If this parameter is set, the One Identity Manager Service login credentials are used for authentication on the SMTP server. If the configuration parameter is not set, the login data stored in the parameters "Common\MailNotification\SMTPDomain", "Common\MailNotification\SMTPAccount" and "Common\MailNotification\SMTPPassword" is used.

Common\MailNotification\TransportSecurity

This configuration parameter defined the encryption method for sending notification by email. If none of the following options are given, the port is used to define the behavior (port: 25 = no encryption, port: 465 = with SSL/TLS encryption).

NOTE: The parameters for encryption method to be used are not set in the processes for sending notification by email. If you use the configuration parameter, change the processes accordingly.
Table 59: Permitted Values

Value

Meaning

Auto

Identifies the encryption method automatically.

SSL

Encrypts the entire session with SSL/TLS.

STARTTLS

Uses the STARTLS mail server extension.

Switches TLS encryption after the 'greeting' and loading the server capabilities. The connection fails if the server does not support the STARTTLS extension.

STARTTLSWhenAvailable

Uses the STARTTLS mail server extension if available.

Switches on TLS encryption after the 'greeting' and loading the server capabilities, however, only if it supports the STARTTLS extension.

Common\MailNotification\VendorNotification

Enables the email address of your company's contact person. The email address is used as the return address for notifying vendors.

If the configuration parameter is set, One Identity Manager generates a list of system settings once a month and sends the list to One Identity. This list does not contain any personal data. You may review the most recent list at any time from in the Help | Info... menu. The list will be reviewed by our customer support team who will look for material changes in a proactive effort to identify potential issues before they materialize on your system. The lists may be used by our R&D staff for analysis, diagnosis, and replication for testing purposes. We will keep and refer to this information for as long as your company remains on support for this product.

Related Topics

Enabling More Languages for Displaying and Maintaining Data

The default One Identity Manager installation is supplied in the languages "English - United States [en-US]" and "German - Germany [de-DE]". You can add other languages to the user interface and display text if required. In this case, you should translate the text before One Identity Manager goes live. There is a Language Editor in the Designer to help you do this. A special control element is provided in the One Identity Manager tools which aids multi-language input.

User Login Language

The display text appears in the language that the user logged on to the tool with. When you log in the first time, the system language is used for displaying the user interface. The user can change the login language in any administration tool. This sets the language globally for all the tools that the user uses. Therefore the user does not have to set the login language in every tool separately. Changes to the login language take effect after the tool has been restarted.

All languages set with the option Select in front-end are available as login language.

To make other login language available

  1. Select the category Base Data | Localization | Cultures in the Designer.
  2. Select the language.
  3. Set the option Select in front-end.
One Identity Manager Default Language

Maintenance of default data takes place in the default language. The default language for a One Identity Manager installation is "English - United States [en-US]". The default language is valid across the system. It is not recommended to change the default language during working hours

The ideal case is when the One Identity Manager language matches the user’s administration tool login language. If these two settings are different, then the default language is used if no captions are found in the requested login language for a set of language dependent data.

Related Topics

Displaying Country Information

The One Identity Manager requires country information at different stages, for example, employee country and state assignments are accessed when email notifications are created or IT Shop workflows are being determined.

Language, time zones, public holidays and working hours are mapped as well as countries and states. The basis data is loaded into the database during schema installation.

NOTE: Enable countries that are used cross-system during the database schema installation.

NOTE: All countries in which the Web interface is active must be enabled for working in different time zones.

To enable a country

  1. Select the category Base Data | Localization | Country in the Designer.
  2. Select a country
  3. Set the option Enabled.
  4. Save the changes.
Detailed information about this topic
Related Documents