The following table shows the available customer configuration options:

Option Group

Display name

Description

Example Value

Attestation

PersonToAttestNoDecide

This configuration parameter specifies whether the employees who will be attested, can also approve the attestation case. If the parameter is set, attestation cases may not be approved by the employees, which are found in the attestation object (AttestationCase.ObjectKeyBase) or in related objects 1-3 (AttestationCase.UID_ObjectKey1, ObjectKey2 or ObjectKey3). If the parameter is not set these employees may also approve the attestation case.

1

Attestation\Peer Group Analysis

ApprovalThreshold

The configuration parameter defines a threshold between 0 and 1 for peer group analysis. The default value is 0.9.

0.9

Attestation\Peer Group Analysis

IncludeManager

The configuration parameter determines whether persons with the same manager as the person associated with the attested object are included in the peer group.

1

Attestation\Peer Group Analysis

IncludePrimaryDepartment

The configuration parameter determines whether persons who are primary members of the primary department of the person associated with the attested object are included in the peer group.

1

Attestation\Peer Group Analysis

IncludeSecondaryDepartment

The configuration parameter determines whether persons who are a secondary member of the primary or secondary department of the person associated with the attested object are included in the peer group.

1

Audit Trail

LifeTime

This configuration parameter specifies the maximum retention period in the database for log entries from change tracking.

365

Audit Trail

LifeTime

Use this configuration parameter to specify the maximum retention period (in days) that a synchronization protocol can be stored in the database. Older entries are deleted from the database.

365

Life Cycle\Department

CleanupLifeTime

This parameter specifies the grace period for the final deletion of outstanding or deactivated departments.

90

Life Cycle\Department

ReceipientAddress

This parameter specifies the receipient address of the mail which will be send if a department can not be cleaned up.

john.doe@democorp.com

Life Cycle\Employee

ApproveNewExternalUsers

This configuration parameter determines whether new external users have to be approved before getting active.

1

Life Cycle\Employee

BlacklistBlockingDuration

This parameter specifies the blocking duration for an attribute attached by name change life cycle. The value is specified in days.

90

Life Cycle\Employee

CleanupLifeTime

This parameter specifies the grace period for the final deletion of outstanding or deactivated employees.

30

Life Cycle\Employee

GeneralBlockingDuration

This parameter specifies the blocking duration for an blacklistet entry in general. The value is specified in days.

730

Life Cycle\Employee

ReminderInterval

This configuration parameter specifies the days before reminder information in case of the exit of leaver are send.

14

Life Cycle\Employee\Naming Convention

Central user account

This configuration parameter defines the pattern for the generation of the central user account name.

Pattern01

Life Cycle\Employee\Naming Convention

E-Mail address

This configuration parameter defines the pattern for the generation of the e-mail adress.

Pattern01

Life Cycle\Employee\Naming Convention

Initials

This configuration parameter defines the pattern for the generation of the initials.

Pattern01

Life Cycle\Location

CleanupLifeTime

This parameter specifies the grace period for the final deletion of outstanding or deactivated locations.

90

Life Cycle\Location

ReceipientAddress

This parameter specifies the receipient address of the mail which will be send if a location can not be cleaned up.

john.doe@democorp.com

Request & Fullfillment

AutoQualified

Specifies whether request templates are always marked as "tested" or have to be authorized manually by a manager.

1

Request & Fullfillment

GapDefinition

The configuration parameter defines which IT shop requests are checked.

0

Request & Fullfillment

GapFitting

The configuration parameter defines whether the validity periods of two or more pending IT shop requests can overlap.

0

Request & Fullfillment

PersonInsertedNoDecide

This configuration parameter specifies whether the employee that initiated the request can also approve it. If the parameter is set, requests may not be approved by the employee that initiated the request. (UID_PersonInserted is filtered from the valid approvers). If the parameter is not set the employee may also approve the requests.

1

Request & Fullfillment

PersonInsertedNoDecideCompliance

This configuration parameter specifies whether the employee that initiated the request can also approve it in cases of compliance violation. If the parameter is set, requests may not be approved by the employee that initiated the request. (UID_PersonInserted is filtered from the valid approvers). If the parameter is not set the employee may also approve the requests.

1

Request & Fullfillment

PersonOrderedNoDecide

This configuration parameter specifies whether the employee for whom a request has been initiated, can also approve it. If the parameter is set, requests may not be approved by the employee for whom the request was initiated. (UID_PersonOrdered is filtered from the valid approvers). If the parameter is not set the employee may also approve the requests.

1

Request & Fullfillment

PersonOrderedNoDecideCompliance

This configuration parameter specifies whether the employee for whom a request has been initiated, can also approve it in cases of compliance violation. If the parameter is set, requests may not be approved by the employee for whom the request was initiated. (UID_PersonOrdered is filtered from the valid approvers). If the parameter is not set the employee may also approve the requests.

1

Request & Fullfillment

ReuseDecision

This configuration parameter specifies whether the approval of an approver should be accepted for all decision steps approved by him or her in the course of an authorization. If the parameter is set and a decision step is reached in the request approval process that an employee is authorized to approve, and if that employee has already approved a previous step, the current step is also given approval. If the parameter is not set, the approver has to approve each step separately if he is authorized to do so.

1

Request & Fullfillment

ShoppingCartPattern

General configuration parameter defining request template usage.

1

Request & Fullfillment

ValidityWarning

Warning period for expiring requests given in days.

14

Request & Fullfillment\Peer Group Analysis

ApprovalThreshold

The configuration parameter defines a threshold between 0 and 1 for peer group analysis. The default value is 0.9.

0.9

Request & Fullfillment\Peer Group Analysis

CheckCrossfunctionalAssignment

The configuration parameter determines whether functional areas are taken into accounts in the peer group analysis. If the parameter is activated, the purchase order is only approved if the recipient of the request and the requested product belong to the same functional area.

1

Request & Fullfillment\Peer Group Analysis

IncludeManager

The configuration parameter determines whether employees with the same manager as the request's recipient are included in the peer group.

1

Request & Fullfillment\Peer Group Analysis

IncludePrimaryDepartment

The configuration parameter determines whether employees who are primary members of the primary department of the request's recipient are included in the peer group.

1

Request & Fullfillment\Peer Group Analysis

IncludeSecondaryDepartment

The configuration parameter determines whether employees who are a secondary members of the primary or secondary department of the request's recipient are included in the peer group.

1

System Configuration

DefaultCulture

This configuration parameter contain the default language culture that emails are sent in if a language culture cannot be determined for a recipient. All language cultures in the table "QBMCulture" are valid.

en-US

System Configuration

DefaultMailDomain

Name of the default mail domain. The value is used to assign an employee default email address.

democorp.com

System Configuration

IgnoreHoliday

This configuration parameter specifies whether public holidays are ignored when calculating working hours.

1

System Configuration

IgnoreWeekend

This configuration parameter specifies whether weekends are ignored when calculating working hours.

1

System Configuration

QueryAnswerDefinitions

The user must define this count of password reset queries and answers.

1

System Configuration

QueryAnswerRequests

The user has to answer this count of queries.

1

System Configuration

Schedules

This configuration parameter specifies whether schedules will be processed. To stop temporarily the processing of time-controlled processes and tasks disable this parameter.

1

Target System

DefaultAddress

This configuration parameter contains the default email address for messages when actions in the target system fail.

john.doe@democorp.com

Target System

PersonExcludeList

List of all user accounts for which automatic employee assignment should not take place. Names given in a pipe (|) delimited list that is handled as a regular search pattern.

ADMINISTRATOR

Target System

PersonExcludeList

List of all user accounts for which automatic employee assignment should not take place. Names given in a pipe (|) delimited list that is handled as a regular search pattern.

ADMINISTRATOR|GUEST|KRBTGT|TSINTERNETUSER|IUSR_.*|IWAM_.*|SUPPORT_.*|.*\$

Target System

PersonExcludeList

List of all user accounts for which automatic employee assignment should not take place. Names given in a pipe (|) delimited list that is handled as a regular search pattern.

ADMINISTRATOR|GUEST|KRBTGT|TSINTERNETUSER|IUSR_.*|IWAM_.*|SUPPORT_.*|.*\$

The configuration options can be changed using the corresponding process as described in Edit system configuration in IAM.cloud