|
|
By enabling the Self-Service Approval Workflow feature you can route self-service requests from end-users through your IT help desk for approval. Only after approval from the IT help desk, the self-service requests will be updated in Active Directory. This feature will help you take hold of users’ self-service operations and maintain control over what details get updated in Active Directory. Refer the image below for better understanding:
Steps to integrate ADSelfService Plus with a Workflow Provider
Before you can enable this feature, you need to integrate ADSelfService Plus with a workflow provider such as ADManager Plus (our Active Directory Management and Reporting solution). The requests created by users from ADSelfService Plus can be managed and executed by your IT help desk staff using ADManager Plus.
Below are the steps for integrating ADManager Plus and ADSelfService Plus:
Download, install and launch ADManager Plus.
Now launch ADSelfService Plus and log in as an administrator.
Go to Admin --> Product Settings --> Connection.
Under Configure Other ManageEngine Products section, select ManageEngine ADManager Plus as the Application Name.
Enter the Server Name / IP Address and Port number of ADSelfService Plus.
Select the protocol (http or https) that is being used in ADManager Plus from the drop-down menu.
Enter the username and password of ADManager Plus administrator account.
Click Test Connection and Save.
Once integrated, you can enable Approval Workflow in ADSelfService Plus.
Steps to configure Self-Service Approval Workflow
Launch ADSelfService Plus and log in as an administrator.
Navigate to Configuration --> Administrative Tools --> Approval Workflow.
Select Enable Approval Workflow.
Now select which self-service actions should come under the approval workflow process from the available actions.
Now, select the policies for which you want to enable approval workflow.
Click Save.
Steps to configure Approval Workflow for Reset Password and Unlock Account Actions
If you have enabled approval workflow for reset password and account unlock actions, then you have to configure security questions. This will be used by the help desk technicians to verify end-users' identities before approving their actions. Follow the steps given below:
Launch ADSelfService Plus and log in as an admin.
Navigate to Configuration --> Administrative Tools --> Approval Workflow.
Select Enable Approval Workflow.
Enable Reset Password/Unlock Account option.
Click Configure.
In the dialog box that opens, you will see a list of security questions already configured by default.
You can add, delete, edit, enable and disable the security questions as you wish.
To add a new security question, click Add Question link at the bottom of the dialog box.
Enter the security question and select the corresponding LDAP attribute. The value of the selected attribute will serve as the answer to the security question.
Once you have configured the security questions, close the dialog box and click Save.
|
|
Since the answers (attribute values) to the security questions reside in Active Directory, you must run the "All Users Report" in ADManager Plus at least once after enabling approval workflow. This will pool all the existing values of the users' attributes and allow help desk technicians to review the users' answers to the security questions and approve them. |
|
|
