Miscellaneous
Use this tab to set a variety of IdentityIQ configuration options.
Days before snapshot deletion
Specify the number of days to keep an identity snapshot in the system before it is deleted. Identity snapshots are used to build history.
Days before task result deletion
Specify the number of days to keep task results on the Task Results page before removing them from the system.
Days before certifications are archived
Specify the number of days after which to archive certifications.
Leave the settings at zero (0) to never archive certifications.
Caution: Certification archives are not recommended. Certification reports should be used to preserve certification information.
Days before certification archive deletion
Specify the number of days to maintain the certification archive before deleting certifications records.
Leave the settings at zero (0) to never delete certifications archives.
Caution: Certification archives are not recommended. Certification reports should be used to preserve certification information.
Minutes before object locks are released
Specify the number of minutes to elapse before releasing an object lock.
Leave the settings at zero (0) to have no time delay when objects are released.
Days before provisioning request logs expire
Specify the number of days to maintain provisioning request logs before deleting them.
Leave the settings at zero (0) to never delete provisioning request logs.
Disable Role Modeler Tree View
Disable the tree view on the Role Manager page. Disabling the tree view might enhance performance on that page.
Maximum Roles Page Size
The maximum number of roles to display per page on the Role Management page.
Show unsupported browser message
Display a message when an unsupported browser is used.
Accessibility: Color Contrast
Enable color contrast throughout the entire IdentityIQ instance.
Enable syslog
Enable the syslog.
Level at which syslog events will be stored
Select the lowest level of event which is stored in the syslog. Choose from FATAL, ERROR, and WARN.
Days before syslog event deletion
Input the number of days an event in the syslog must remain before becoming eligible for purging.
Enable Provisioning Transaction Log
Enable the Provisioning Transaction table and begin logging some or all of the provisioning actions within IdentityIQ.
Maximum Log Level
The level at which transactions are logged based on their completion status.
Success – all transaction are logged
Retry – transactions that did not succeed and are in either the retry or failed state
Failure – only log transaction that have failed and are setup for retry
Days before provisioning transaction event deletion
The number of days before a provisioning transaction is removed from the table.
Temporary Directory
Input the path to a default temporary director for use by IdentityIQ. This is the directory where IdentityIQ stores temporary files, such as log files, during processing.
Maximum Upload Size (MB)
Limit the size of the files uploaded using import objects, batch requests, and entitlement imports.
Help Contact Email Address
Input an email address of a user responsible for supporting IdentityIQ in your enterprise. The email account is accessible from an Email Help button displayed at the bottom of some pages.
Enable applications to be configured with multi-language descriptions
Enable applications to be configured with multi-language descriptions. See Multi-language Description Files.
Enable roles to be configured with multi-language descriptions
Enable roles to be configured with multi-language descriptions. See Multi-language Description Files
Enable policies to be configured with multi-language descriptions
Enable policies to be configured with multi-language descriptions. See Multi-language Description Files
Enable entitlements to be configured with multi-language descriptions
Enable entitlements to be configured with multi-language descriptions. See Multi-language Description Files.
Note: You must add all supported languages to the <locale-configure>
section of the faces-config.xml
file before the application can properly recognize the languages.
Default Language
Select the language to use as a default from the list of supported languages.
Supported Languages
Enter the languages that your instance of IdentityIQ supports.
Entitlement Update
Select the business process to execute when a managed entitlement or group is created or edited.
Password Intercept
Select the business process to execute when a password change interception event is received.
Enable asynchronous policy and role cache refresh
Disable the immediate cache refresh with each Lifecycle Manger request.
When you enable this option, IdentityIQ does not check for changes to policy and role objects. When a Lifecycle Manager request is submitted, the cache is refreshed immediately. Using this option can speed the request process. However, the effects of a recent policy or role change might not display for a few minutes.
CSV Delimiter
The character used as the CSV delimiter when exporting report results. Comma is used by default.
Filter searches by
Determines how users can search for report names in the Reports UI. Choose startsWith
to let users find the input string only at the beginning of the report name, or contains
to find the search string anywhere in the report name.
Prohibit scripts from accessing plugin-loaded classes
Note: All BeanShell executions are referred to as scripts.
Restrict the access to classes loaded by plugins. Without this restriction, all class are available in IdentityIQ.
Relax strict declaration enforcement
Enable IdentityIQ to work fully with plugins that were created without explicitly declaring classes for export.
By default, for a fresh installation of IdentityIQ this option is not selected. For an upgraded installation of IdentityIQ, this option is selected if plugins exist.
For detailed information about configuring and using file attachments in access requests, see Configuring File Attachments for Access Requests.
Caution: IdentityIQ does not perform file content validation or verification on attachments. It is your responsibility to ensure that only files that do not violate security policies within your environment are included as attachments.
Note: Attachments are only allowed on single-user requests.
Note: Attachments are only available for manual access requests.
Enable Attachments
Enable the attachments feature. Allow users to add attachments to access requests.
Attachments Per Item
The maximum number of attachments allowed for a request.
Maximum file size (MB)
Maximum file size for any single attachment. The default maximum value you can enter here is 20 MB, but the maximum attachment size limit can be adjusted by a system administrator using the attachmentsMaxFileSizeLimit
key in the system configuration object.
Supported file types
Comma separated list of file types. The dot prefix is not required.
Supported characters
Special characters, in addition to Unicode alphanumeric characters, that are allowed in the filename.
Configuration Rules
Note: Only the rules selected in this list are run during an access request.
This list contains all of the attachment configuration rules available in your installation of IdentityIQ. Use the Ctrl or Shift keys to select multiple rules.
Enable edit for forwarding preferences
Enable users to change their forwarding preferences from the Edit Preferences page.
Enable change password
Enable users to change their IdentityIQ password from the Edit Preferences page.
Require comments for all access items
Require comments on all Access Requests. The comment requirement applies to both the addition and removal of roles and entitlements in the Access Requests UI.
Complete the following to require user comments on access requests:
-
Navigate to the gear icon > Global Settings > IdentityIQ Configuration.
-
Select the Miscellaneous tab.
-
Select Require comments for all access items in the Manage User Access Require Comments section.
-
Select Save.
Configuration Rules
You can use rule logic to define specific requirements and behavior for requiring comments.
Select the rule(s) to run during access requests from this list. You can use the Ctrl or Shift keys to select multiple rules. Note that if the option to require comments for all access items is checked in the field above, the rules do not run.
A sample Example Comment Config Rule rule is included in the examplerules.xml
file.