Configure Tab

Use the Configure tab to customize your Lifecycle Manager configuration. The Configure tab includes the following.

Enable requesters to set request priorities

Use this option to enable requesters to set the priority level of their request. If this option is not selected, all requests default to Normal priority level.

Enable Account Group Management

Use this option to enable provisioning of account groups through Lifecycle Manager requests.

Enable Full Text Search

Use this option to enable full text searching on the Lifecycle Manager request pages. Enabling full text searching might have some affect on the performance of those pages. For detailed information, see Configuring Full Text Searching.

You must run the Full Text Index Refresh task before full-text search is available. Refer to the system administration documentation for more information.

Base directory path used to store full text index files

The directory on the server in which full text index searches are stored.

Enable automatic index refresh

Enables the automatic refreshing of the full text index at the interval specified.

Allow Searching by Population when requesting access

Enable the use of populations as a search filter.

Allow Searching by Identity when requesting access

Enable the use of identities as a search filter.

Allow opt-in to viewing request access search result details

Use this option to limit the amount of information displayed for each item on the Access Request, Review and Submit panel and add a View Details button on each item to show the complete information. This feature enables more items to display on each table.

Show external service request details

Use this option to display the information such as request numbers and ID from external ticketing systems throughout IdentityIQ.

Maximum number of results returned in a Request Access search

Limit the number of items returned by an access request. Large lists are hard to scan and the search should be narrowed or refined.

Maximum number of selectable users in Request Access

Limit the number of selectable users returned by an access request. Large lists are hard to scan and the search should be narrowed or refined.

Applications that support additional account requests

Use the dropdown list to specify the applications on which multiple accounts can exist or be created.

Select All Applications to include all applications in your environment.

Request Role Options

Select the role types that are available for role requests. Any options not selected are unavailable to any user attempting to make that type of request.

When searching for roles based on population, only return roles contained by at least the following percentage of the population

Specify the minimum percentage of a population whose roles must match any given search criteria.

When searching for entitlements based on population, only return entitlements contained by at least the following percentage of the population

Specify the minimum percentage of a population whose entitlements must match any given search criteria.

Entitlement Search Results must return less than this number of identities when searching by identity

Indicate the maximum amount of identities an entitlement search result can yield.

Require password on all identity creation requests.

Require a password on all identity creation requests.

Enable self-service registration

Enables new user self-registration and creates a link for registration on the IdentityIQ login page.

The securityOfficerName variable must be configured within the LCM Registration process variable before the self-service registration functionality is fully enabled. This is done using the Compliance Manager. The default securityOfficername is the IdentityIQ system administrator.

Follow these steps to setup self-service registration:

  1. From the navigation menu bar, go to Setup > Business Processes.

  2. In the Edit An Existing Process panel, select LCM Registration.

  3. Select the Process Variables tab. You can use the Advanced View option to view or configure all available variables.

  4. The default setting for the Approvers field is Security Officer. To delete the Security Officer setting, click the X icon next to it.

  5. To add another setting, select the down arrow next to the Approvers field and select another entry.

  6. The default entry for the Fallback Approver is the IdentityIQ system administrator. If desired, you can change the Fallback Approver.

  7. When you are satisfied with all of the entries, select Save at the bottom of the screen.

URL of action button after successful registration

Enter a URL to redirect the browser to the specified page after successful user registration. If this field is blank, the user is redirected to the login page.

Prevent pruning of new identities for this many days

Select the number of days that must pass after the creation of an identity before it can be pruned. Default is 30 days.

Show Enable / Unlock decision buttons regardless of whether the account is disabled or unlocked.

Display the decision buttons on account management page for disabled or unlocked accounts.

Manage Account Actions

Choose which actions are enabled for Manage Accounts requests for yourself and subordinates. Options include the following:
Delete
Disable
Enable
Unlock
Deselected options are unavailable to a user attempting to make that type of request.
Select one or more applications from the Applications that support account only requests to specify which applications allow Account Only requests. Select All Applications to enable this feature for all applications.

Disable auto refresh account status

The status is automatically refreshed only for the accounts from applications that are not listed in the Disable auto refresh account status list AND accounts that support the Enable or Unlock feature AND accounts without the NO_RANDOM_ACESS feature.

Deactivate auto refresh for account status. By default, accounts from all applications support this feature.

Applications that do not support auto refresh account status

Select one or more applications to deactivate auto refresh.

Applications that support account only requests

Select applications from the dropdown list that support request for accounts that are not associated with a role or entitlement.

Select All Applications if unassociated accounts can be request for all applications.

Choose Enable password auto-generation when requesting for others to enable passwords to be auto-generated when requests are made on behalf of another user by an authorized user.

Select a rule from the dropdown list to used when validating password creations.

The AI Services section appears only if the AI Services feature has been integrated and configured in IdentityIQ. See Integrating SailPoint AI Services for more information.

Enable AI Services recommendations on approvals

Show AI Services recommendations for approval decisions in access reviews.

Enable AI Services recommendations on access requests

Show AI Services recommendations in access requests, to see access items that are recommended for you. This option is available only when the user is requesting access for themself, and does not appear when the user is requesting access for others.

Require an approval before granting batch requests.

This option determines whether classification data is shown with access items, roles or entitlements, in access requests. This option is provided so that you can choose whether or not to alert requesters to the fact that certain roles or entitlements may allow access to sensitive or protected data. Classification data always appears in access approvals, regardless of this setting.

This option determines whether elevated access is shown on roles and entitlements in access requests.