Identity Governance and Identity Reporting can notify users of tasks to perform via email. You can use an SMTP mail server to deliver the emails but it does not guarantee that the users will receive the email. To guarantee delivery of email notifications, you must install an ActiveMQ messaging server. If you do not use ActiveMQ, Identity Governance sends the notification once, regardless of success or failure of delivery.
You can also configure Identity Governance to send reminders of tasks, based on the escalation timeout setting. For more information, see Creating and Modifying Review Definitions
in Identity Governance 3.6 User and Administration Guide.
When Identity Governance sends an email, the application queries the preferred language of the target user. If Identity Governance supports that language, the email is delivered in the preferred language. Otherwise, the email uses the default language for the system. You can customize the content in the emails. For more information, see Customizing the Email Notification Templates
in Identity Governance 3.6 User and Administration Guide.
Ensure that you completed the following prerequisites before enabling email notifications.
Ensure that you have an SMTP mail server running and configured for SSL/TLS communications before enabling email notifications. This ensures that the email communication between Identity Governance and the users is secure.
ActiveMQ requires Apache Tomcat to run. You must install ActiveMQ using the same Apache Tomcat that Identity Governance uses. For more information, see ActiveMQ Getting Started.
NOTE:If you are using the Gmail SMTP server, Gmail ignores the SMTP server value and uses the actual Gmail address as the origination for email notifications.
Ensure that you have an SMTP server configured and that you have the connection information for the SMTP server to enter in to the Identity Governance Configuration utility. Also, ensure that you have ActiveMQ installed using the same Apache Tomcat instance that Identity Governance uses.
To enable the mail server for notifications:
Launch the Identity Governance Configuration utility. For more information, see Section 14.1.3, Using the Identity Governance Configuration Utility.
Select Workflow Settings.
Under Notification System, specify the settings for the mail server.
Select Save.
(Conditional) To ensure guaranteed delivery of the notifications by using ActiveMQ, complete the following steps:
Select Enable persistent notification message queue.
Enter the settings for the JMS broker.
(Optional) To use TLS/SSL protocol for messaging, select SSL and then specify the keystore settings.
Select Save.
Navigate to the installation directory for ActiveMQ. For example,
Linux: /opt/netiq/idm/apps/apache-activemq-x.x.x
Windows: c:\netiq\idm\apps\apache-activemq-x.x.x
Copy the activemq-all-x.x.x.jar file.
Navigate to the installation directory for the Apache Tomcat server supporting Identity Governance. For example,
Linux: /opt/netiq/idm/apps/tomcat
Windows: C:\netiq\idm\apps\tomcat
In the lib directory of the Apache Tomcat installation, paste the activemq-all-x.x.x.jar file.
Restart Apache Tomcat after copying the activemq-all-x.x.x.jar file. For more information, see Section 3.4.3, Starting and Stopping Apache Tomcat.
(Optional) To change the text in the email notifications, see Customizing the Email Notification Templates
in Identity Governance 3.6 User and Administration Guide.
Identity Governance supports load balancers and a reverse proxy. If you are using either option, you must perform some additional steps. The load balancer and reverse proxy contain multiple IP addresses or DNS names. You must configure additional fields either during the Identity Governance installation or after you have completed the installation.
Obtain the protocol, DNS value, and port of the load balancer or the reverse proxy.
Launch the Identity Governance Configuration utility. For more information, see Section 14.1.3, Using the Identity Governance Configuration Utility.
Click the Authentication Server tab.
Enter the protocol, DNS value, and port of the load balancer or the reverse proxy in the following fields:
IG Redirect URL
IG Request Redirect URL
OSP URL (This depends upon where you deployed OSP)
Click the Network Topology tab, then click Protocol.
In the Host and Port fields, specify the local host information for the load balancer or reverse proxy, then save the changes.
Exit out of the Identity Governance Configuration utility.
Restart Apache Tomcat. For more information, see Section 3.4.3, Starting and Stopping Apache Tomcat.