Miscellaneous

Days before snapshot deletion

Specify the number of days to keep an identity snapshot in the system before it is deleted. Identity snapshots are used to build history.

Days before task result deletion

Specify the number of days to keep task results on the Task Results page before removing them from the system.

Days before certifications are archived

Specify the number of days after which to archive certifications.
Leave the settings at zero (0) to never archive certifications.

Caution: Certification archives are not recommended. Certification reports should be used to preserve certification information.

Days before certification archive deletion

Specify the number of days to maintain the certification archive before deleting certifications records.
Leave the settings at zero (0) to never delete certifications archives.

Caution: Certification archives are not recommended. Certification reports should be used to preserve certification information.

Minutes before object locks are released

Specify the number of minutes to elapse before releasing an object lock.
Leave the settings at zero (0) to have no time delay when objects are released.

Days before provisioning request logs expire

Specify the number of days to maintain provisioning request logs before deleting them.
Leave the settings at zero (0) to never delete provisioning request logs.

Disable Role Modeler Tree View

Disable the tree view on the Role Manager page. Disabling the tree view might enhance performance on that page.

Maximum Roles Page Size

The maximum number of roles to display per page on the Role Management page.

Show unsupported browser message

Display a message when an unsupported browser is used.

Accessibility: Color Contrast

Enable color contrast throughout the entire IdentityIQ instance.

Enable syslog

Enable the syslog.

Level at which syslog events will be stored

Select the lowest level of event which is stored in the syslog. Choose from FATAL, ERROR, and WARN.

Days before syslog event deletion

Input the number of days an event in the syslog must remain before becoming eligible for purging.

Enable Provisioning Transaction Log

Enable the Provisioning Transaction table and begin logging some or all of the provisioning actions within IdentityIQ.

Maximum Log Level

The level at which transactions are logged based on their completion status.
Success – all transaction are logged
Retry – transactions that did not succeed and are in either the retry or failed state
Failure – only log transaction that have failed and are setup for retry

Days before provisioning transaction event deletion

The number of days before a provisioning transaction is removed from the table.

Temporary Directory

Input the path to a default temporary director for use by IdentityIQ. This is the directory where IdentityIQ stores temporary files, such as log files, during processing.

Maximum Upload Size (MB)

Limit the size of the files uploaded using import objects, batch requests, and entitlement imports.

Help Contact Email Address

Input an email address of a user responsible for supporting IdentityIQ in your enterprise. The email account is accessible from an Email Help button displayed at the bottom of some pages.

Enable applications to be configured with multi-language descriptions

Enable applications to be configured with multi-language descriptions. See Multi-language Description Files.

Enable roles to be configured with multi-language descriptions

Enable roles to be configured with multi-language descriptions. See Multi-language Description Files

Enable policies to be configured with multi-language descriptions

Enable policies to be configured with multi-language descriptions. See Multi-language Description Files

Enable entitlements to be configured with multi-language descriptions

Enable entitlements to be configured with multi-language descriptions. See Multi-language Description Files.

Note: You must add all supported languages to the <locale-configure> section of the faces-config.xml file before the application can properly recognize the languages.

Default Language

Select the language to use as a default from the list of supported languages.

Supported Languages

Enter the languages that your instance of IdentityIQ supports.

Entitlement Update

Select the business process to execute when a managed entitlement or group is created or edited.

Password Intercept

Select the business process to execute when a password change interception event is received.

Enable asynchronous policy and role cache refresh

Disable the immediate cache refresh with each Lifecycle Manger request.

When you enable this option, IdentityIQ does not check for changes to policy and role objects. When a Lifecycle Manager request is submitted, the cache is refreshed immediately. Using this option can speed the request process. However, the effects of a recent policy or role change might not display for a few minutes.

CSV Delimiter

The character used as the CSV delimiter when exporting report results. Comma is used by default.

Filter searches by

Determines how users can search for report names in the Reports UI. Choose startsWith to let users find the input string only at the beginning of the report name, or contains to find the search string anywhere in the report name.

Prohibit scripts from accessing plugin-loaded classes

Note: All BeanShell executions are referred to as scripts.

Restrict the access to classes loaded by plugins. Without this restriction, all class are available in IdentityIQ.

Relax strict declaration enforcement

Enable IdentityIQ to work fully with plugins that were created without explicitly declaring classes for export.

By default, for a fresh installation of IdentityIQ this option is not selected. For an upgraded installation of IdentityIQ, this option is selected if plugins exist.

For detailed information about configuring and using file attachments in access requests, see Configuring File Attachments for Access Requests.

Caution: IdentityIQ does not perform file content validation or verification on attachments. It is your responsibility to ensure that only files that do not violate security policies within your environment are included as attachments.

Note: Attachments are only allowed on single-user requests.

Note: Attachments are only available for manual access requests.

Enable Attachments

Enable the attachments feature. Allow users to add attachments to access requests.

Attachments Per Item

The maximum number of attachments allowed for a request.

Maximum file size (MB)

Maximum file size for any single attachment. The default maximum value you can enter here is 20 MB, but the maximum attachment size limit can be adjusted by a system administrator using the attachmentsMaxFileSizeLimit key in the system configuration object.

Supported file types

Comma separated list of file types. The dot prefix is not required.

Supported characters

Special characters, in addition to Unicode alphanumeric characters, that are allowed in the filename.

Configuration Rules

Note: Only the rules selected in this list are run during an access request.

This list contains all of the attachment configuration rules available in your installation of IdentityIQ. Use the Ctrl or Shift keys to select multiple rules.

Enable edit for forwarding preferences

Enable users to change their forwarding preferences from the Edit Preferences page. See User Name – User Menu

Enable change password

Enable users to change their IdentityIQ password from the Edit Preferences page. See User Name – User Menu

Require comments for all access items

Require comments on all Access Requests. The comment requirement applies to both the addition and removal of roles and entitlements in the Access Requests UI.

Complete the following to require user comments on access requests:

1. Navigate to the gear icon > Global Settings > IdentityIQ Configuration.

2. Select the Miscellaneous tab.

3. Select Require comments for all access items in the Manage User Access Require Comments section.

4. Select Save.

Configuration Rules

You can use rule logic to define specific requirements and behavior for requiring comments.

Select the rule(s) to run during access requests from this list. You can use the Ctrl or Shift keys to select multiple rules. Note that if the option to require comments for all access items is checked in the field above, the rules do not run.

A sample Example Comment Config Rule rule is included in the examplerules.xml file.