A.3 Configuring the Approvals App

This following sections provide information about how to configure the Approvals app on various devices:

A.3.1 Configuring the Approvals App for iOS

You can configure the NetIQ Identity Manager Approvals app for Apple iOS in several ways, depending on the needs of your environment and the way in which your administrator has configured Identity Manager:

  • Make a request in the User Application interface for access to the Approvals app, and then launch the app on your device from the email link provided by your Identity Manager administrator. The link includes all the required configuration information.

  • Click a configuration link or scan a configuration QR code using your device, where link or QR code provides either all required configuration information or generalized configuration information for your company.

  • Manually enter the configuration information for your environment in the app itself.

    IMPORTANT:In order for users to be able to automatically configure the Approvals app using either a link or QR code, the administrator for the Identity Manager environment must first enable the link or QR code.

Requesting Mobile Access Through the User Application

If configured by your administrator, you can request access to the Approvals app using the User Application. Identity Manager then sends an email that contains a customized link you can open on your device to automatically configure the app with your information.

To request mobile access through the User Application:

  1. In a Web browser, log in to the Identity Manager User Application using the HTTPS (https://) protocol.

    NOTE:To request access to the Approvals app, you must log in to the User Application using the HTTPS protocol.

  2. Click Make a Process Request.

  3. Click the Process Request Category drop-down menu and select Accounts.

  4. Click Continue.

  5. Click Request Mobile Approval App.

    NOTE:The process request category and name may vary, depending on how your administrator has configured the Approvals app request process.

  6. Provide the required information in process request form and click Submit.

  7. When you receive an email from your Identity Manager administrator, open the email on your device and click the link provided to connect your device to the Roles Based Provisioning Module server.

    NOTE:If you have previously installed the app, the app may display a warning message that existing settings will be overwritten. Ensure that the host name displayed in the warning message is the same host you accessed when you requested access to the app. If in doubt, do not click the link and contact your administrator.

    If the host name is correct, click Accept to overwrite your existing settings.

  8. When the app starts up, enter your password and click the Test Connection icon to verify your settings.

Using a Configuration Link or QR Code

Your Identity Manager administrator may provide a configuration link to configure your Approvals app. Open the link in a browser on your device to automatically configure the app.

However, this link can only provide some of the required settings. Typically, a link or code can only provide the Roles Based Provisioning Module server details necessary for the Approvals app to function. After you click the link, you must manually configure your Username and Password settings, as well as any other settings not automatically configured.

In some environments, you may not be able to access your email from your device. If you cannot receive email on your device, you can instead use your device to scan a personalized QR code provided by the Identity Manager administrator.

Display the provided QR code on your computer or on a printed page, if necessary, and scan the code using a QR code reader on your device. After the QR code automatically configures the Approvals app for your environment, manually configure your Username and Password settings.

Manually Configuring the Approvals App

If the administrator of your Identity Manager environment does not provide a link or QR code to use when configuring the Approvals app, you can also configure the required configuration settings manually.

WARNING:Because manually configuring the app on your device requires in-depth knowledge of Identity Manager components, we recommend only advanced users knowledgeable about the Roles Based Provisioning Module and User Application environment in your enterprise manually configure app settings. Other users should contact their Identity Manager administrator for information about configuring the app.

In the app, click the Settings icon , specify the required settings, and then click the Test Connection icon to verify your settings.

The Approvals app requires the following settings:

Login Setting Name

Login Setting Description

Username

Specifies the user name you use to access the Roles Based Provisioning Module server.

Password

Specifies the password you use to access the Roles Based Provisioning Module server.

Data Sync

Specifies if you want the app to actively sync data to the Roles Based Provisioning Module server.

Advanced > Server Details > Server

Specifies the fully qualified domain name or IP address of the Roles Based Provisioning Module server.

Advanced > Server Details > Secure Port

Specifies the HTTPS port the app uses to connect to the server.

Advanced > Server Details > Context

Specifies the context used when installing the User Application WAR file. The default value is IDMProv.

Advanced > Server Details > User Container

Specifies the full DN of the Identity Vault container that stores user information.

Advanced > Server Details > Timeout

Specifies the number of seconds the app waits when attempting to connect to the server before cancelling the connection. The default value is 5 seconds.

Advanced > Data Definition Settings > User Entity

Specifies the LDAP entity that represents a user in the Identity Vault. The default value is user.

Advanced > Data Definition Settings > Name Format

Specifies the DAL attribute representation the app uses to format a user’s full name. The default value is FirstName LastName.

Advanced > Data Definition Settings > First Name Attr

Specifies the name of the DAL attribute that represents a user’s first name. The default value is FirstName.

Advanced > Data Definition Settings > Last Name Attr

Specifies the name of the DAL attribute that represents a user’s last name. The default value is LastName.

Advanced > Data Definition Settings > User Photo Attr

Specifies the name of the DAL attribute that contains a user’s photo. The default value is UserPhoto.

NOTE:If you do not have a picture configured in the Identity Manager or have configured your Identity Manager settings to not display a picture, the app displays a generic image instead.

Advanced > Data Definition Settings > Work Phone Attr

Specifies the name of the DAL attribute that represents a user’s work phone number. The default value is TelephoneNumber.

Advanced > Data Definition Settings > Mobile Phone Attr

Specifies the name of the DAL attribute that represents a user’s mobile phone number. The default value is mobile.

Advanced > Data Definition Settings > Email Attr

Specifies the name of the DAL attribute that represents a user’s email address. The default value is Email.

Advanced > Data Definition Settings > Photo LDAP Attr

Specifies the name of the LDAP attribute that contains the photo of the user. The default value is photo.

Advanced > Data Definition Settings > Naming Attribute

Specifies the naming DAL attribute used in the Identity Vault to describe a name. The default value is cn.

Advanced > Data Definition Settings > Provisioning Admin

Specifies whether you are a Provisioning Administrator on the Roles Based Provisioning Module server.

Advanced > Accepted Certificates

Specifies any invalid or self-signed certificates from the Roles Based Provisioning Module server that you allow the Approvals app to accept.

When the Approvals app detects a self-signed or invalid certificate, the app asks you to accept or reject the certificate. If you accept the certificate, the app adds a certificate to the Accepted Certificates list. You can remove a certificate from the Accepted Certificates list by clicking the name of the certificate and restarting the app.

NOTE:If the Roles Based Provisioning Module server certificate is valid, the app does not add the certificate to the Accepted Certificates list. The app accepts valid certificates by default.

Advanced > Rejected Certificates

Specifies any invalid or self-signed certificates from the Roles Based Provisioning Module server that you do not want the Approvals app to accept.

When the Approvals app detects a self-signed or invalid certificate, the app asks you to accept or reject the certificate. If you reject the certificate, the app adds a certificate to the Rejected Certificates list. If the server then presents a rejected certificate, the app cannot create a connection to the server.

You can remove a certificate from the Rejected Certificates list by clicking the name of the certificate.

A.3.2 Configuring the Approvals App for Android

To configure the NetIQ Identity Manager Approvals app for Android, manually enter the configuration parameters and preferences for your specific environment. You can work or use the Approvals app in online and offline mode. The updates completed in offline mode synchronize with the Roles Based Provisioning Module server when the server reestablishes the connectivity with the Roles Based Provisioning server.

The Approvals app requires the following configuration settings:

Preferences

Description

Username

Specifies the user name you use to access the Roles Based Provisioning Module server.

Password

Specifies the password you use to access the Roles Based Provisioning Module server.

Enable Sync

Specifies if you want the app to actively sync data with the Roles Based Provisioning Module server.

Sync Frequency

Specifies the synchronization frequency between the Approvals app and the Roles Based Provisioning Module server. The default value is 15 minutes.

The available options are:

  • One minute

  • 15 minutes

  • 30 minutes

  • One hour

  • Three hours

  • 6 hours

Connection Status

Specifies the connectivity status with the server.

Version Information > Approvals App

Specifies the release version of the Android Approvals app.

Version Information > Server API

Specifies the Roles Based Provisioning Module server Application Programming Interface value.

Advanced Settings > Server Details > Server

Specifies the fully qualified domain name or IP address of the Roles Based Provisioning Module server.

Advanced Settings > Server Details > Port

Specifies the HTTPS port the app uses to connect to the server.

Advanced Settings > Server Details > Context

Specifies the context used when installing the User Application WAR file. The default value is IDMProv.

Advanced Settings > Server Details > User Container

Specifies the full DN of the Identity Vault container that stores user information.

Advanced Settings > Server Details > Timeout

Specifies the number of seconds the app waits when attempting to connect to the server before cancelling the connection. The default value is 5 seconds.

Advanced Settings > Schema Mappings > User Object

Specifies the LDAP entity that represents a user in the Identity Vault. The default value is user.

Advanced Settings > Schema Mappings > Name Format

Specifies the DAL attribute representation the app uses to format a user’s full name. The default value is FirstName LastName.

Advanced Settings > Schema Mappings > First Name Attr

Specifies the name of the DAL attribute that represents a user’s first name. The default value is FirstName.

Advanced Settings > Schema Mappings > Last Name Attr

Specifies the name of the DAL attribute that represents a user’s last name. The default value is LastName.

Advanced Settings > Schema Mappings > User Photo Attr

Specifies the name of the DAL attribute that contains a user’s photo. The default value is UserPhoto.

NOTE:If you do not have a picture configured in the Identity Manager or have configured your Identity Manager settings to not display a picture, the app displays a generic image instead.

Advanced Settings > Schema Mappings > Work Phone Attr

Specifies the name of the DAL attribute that represents a user’s work phone number. The default value is TelephoneNumber.

Advanced Settings > Schema Mappings > Mobile Phone Attr

Specifies the name of the DAL attribute that represents a user’s mobile phone number. The default value is mobile.

Advanced Settings > Schema Mappings > Email Attr

Specifies the name of the DAL attribute that represents a user’s email address. The default value is Email.

Advanced Settings > Schema Mappings > Photo LDAP Attr

Specifies the name of the LDAP attribute that contains the photo of the user. The default value is photo.

Advanced Settings > Schema Mappings > Naming Attribute

Specifies the naming DAL attribute used in the Identity Vault to describe a name. The default value is cn.

A.3.3 Server Configuration Settings for Approvals App

The Roles Based Provisioning Module server requires some specific configuration settings for the Approvals app to work.

You can set these parameter values in the Roles Based Provisioning Module server file. The file location for Identity Manager 4.5 is /opt/netiq/idm/apps/tomcat/conf/ism-configuration.properties.

On Identity Manager 4.0.2, the file location is opt/novell/idm/rbpm/jboss/server/IDMProv/conf/aquamarine.conf.

Set the following configuration file properties to the specified values:

Property

Value

workflowService/SOAP-End-Points-Accessible-By-ProvisioningAdminOnly

false

WorkflowService/soap/getComments

false

WorkflowService/soap/addComment

false

VirtualDataService/soap

false

NOTE:The Roles Based Provisioning Module server accepts only Hyper Text Transfer Protocol Secure (HTTPS) connections to synchronization with the Approvals app.