As an administrator, you can configure the identity applications to send an email that notifies users that they have a pending task to approve or reject a permission request.
NOTE:Before enabling email-based approvals, ensure that you have configured the provisioning request definitions (PRDs) to support notifications and (optional) digital signatures. Also, configure the outgoing mail server. For more information, see the NetIQ Identity Manager - Design Guide to the Identity Applications.
Server Type
Specifies the type of server that you want to use for the incoming email notifications.
If you select IMAP, you must also specify a value for Folder.
Host
Specifies the name or IP address of the incoming mail server.
NOTE:Authentication does not apply to the outgoing mail server. Identity Manager does not support two-way authentication.
Specifies the email address that receives the reply messages from users responsible for reviewing permissions requests.
If the notification includes action links for approving or denying a request, Identity Manager automatically populates the To: field. Otherwise, users must specify valid email address in this field.
Authentication Required
Specifies whether the incoming mail server requires authentication.
If you enable this setting, you must also specify values for the following parameters:
Specifies the account required for server authentication.
The account for the incoming mail server should be unique and thus not duplicate an account that might receive the email notifications.
Specifies the password for the account.
Folder
Required for an IMAP server
Specifies the folder in the email system where you want to store the email notifications.
The default folder is INBOX. For POP3 servers, you cannot change the folder name.
Enable SSL
Specifies whether you want to use Secure Sockets Layer (SSL) protocol for authentication.
Use default port
Specifies whether the email process uses the default port for the mail server. Otherwise, specify the port number you want to use to connect to the incoming mail server.
Polling Interval
Specifies how often you want to poll the incoming mail server for task notifications.
Token Expiration
Specifies the amount of time that each email-based approval will remain in effect.
After the token expires, the email recipient cannot use that notification to approve or deny the task.
Cleanup Interval
Specifies the interval after which the server can clear expired tokens from the database.
Email Content Options
Specifies the type of information that you want to include in the notification:
The notification does not include the action links that users can select to approve or deny the request.
To act on the request, users can reply to the email, then add the appropriate keyword, such as Approve, to the Subject. Alternatively, they can log in to the identity applications to complete the task.
The notification includes the action links that users can select to approve or deny the request. The email does not require a digital ID for authenticating the message content.
The notification includes the action links that users can select to approve or deny the request. It also requires a digital ID for authenticating the message content.
Approve and Reject
Specifies the terminology for the links in the email that users select to approve or deny the request.
You can also modify these terms for all supported languages.
Success and Failure
Specifies the email templates that you want to use for indicating the results of users’ actions.
Success notifications occur after the user successfully approves or denies a task. The softwaresends a Failure notification when an error occurs in the approval process.
Enable Socks Proxy
Specifies whether you want to use a proxy server to process the approval emails. If not enabled, the server connects directly to the specified Inbox.
If you enable this setting, you must also specify values for the following parameters:
Specifies the name or IP address of the proxy mail server.
Specifies the port that you want to use for incoming mail to the proxy server.
Specifies whether the proxy server requires authentication for incoming mail.
If you enable this setting, you must also specify a valid userID and password for the proxy server.
To configure email approvals, select Administration > Email-based approval. For more information about this software product, see the NetIQ Identity Manager documentation.