OIMCustomerSettingKey Fields |
The OIMCustomerSettingKey type exposes the following members.
Fields| Name | Description | |
|---|---|---|
  | AllowNoRolesReqFP |
If this setting set to true, it will be allowed to make a request without specifying roles in RoleRequestFormPart
Default is false
|
| AllowRoleSelfApproval |
If this setting set to true, users which can approve roles can also approve roles assignments for themselves.
|
| AttributesToResolveDispValuesFor |
Commadelim attribute (property) system names for which "technical" values will be presented to ResolvingAttributeDisplayValues event handlers.
|
| CopsApiUrl |
Is the environment using new ingestion.
|
| CreateIdentityUserAsInactive |
When creating users for an identity, set the user as inactive.
|
| CreateRaCmSkipEvents |
Defines if events skipped when creating a new role assignment using CreateRoleAssignments method
|
| DefaultRoleFolderOwner |
Defines the Default Role Folder Owner.
The Role Folder Owner is mandatory.
In the Self Management concept this ensures that a RoleFolder Owner is assigned, when the last Owner is removed.
If not defined it defaults to Administrator.
|
| DefaultSystemOwner |
Defines the Default System Owner.
The System Owner is mandatory.
In the Self Management concept this ensures that a System Owner is assigned, when the last Owner is removed.
If not defined it defaults to Administrator.
|
| DelegationAdmins |
User groups UIDs which has access to setting up delegation on behalf of all others without being their manager
|
| DelegationEnableOnBehalfOf |
Enable delegation on behalf of another identity in the DELEGAT_DELEGATOR field
|
| DelegationEnableOnBehalfOfAnyLevel |
Managers on any level can create a delegation for their subordinates
|
| DelegationExclusive |
Enable exclusive delegation, which removes the master data references for the DELEGATOR
|
| DesiredStateAccountRule |
Prioritize desired state values when applying classification and matching of the account owner
|
| EnableAccessRequestEd2AttributesByDefault | |
| EnvironmentId |
Environment Id for validating requests in multi tenant installations
|
| GetManagerIdsMode |
The setting affects the behaviour of the API to retrieve the manager of an Identity.
If the value is set to 0 the method looks for users in Identity.Manager and returns these if available. If Identity.Manager is empty it will look for the manager in field Identity.OrgUnit.Manager.
If the value is set to 1, the method looks up both Identity.Manager and Identity.OrgUnit.Manager
|
| IsIngestion |
Is the environment using new ingestion.
|
| KPIWidgetStyle |
Used for setting the theme for Key Performance Indicators
|
| NarrowRoleAssignmentValidFrom |
Configuration of RoleAssignmentController API.
The set to True, the ValidFrom of new RoleAssignment objects will be narrowed to the ValidFrom of the Identity.
If set to False, the ValidFrom will set to the values set by the calling method.
|
| NarrowRoleAssignmentValidTo |
Configuration of RoleAssignmentController API.
The set to True, the ValidTo of new RoleAssignment objects will be narrowed to the ValidTo of the Identity.
If set to False, the ValidTo will set to the values set by the calling method.
|
| PasswordResetAzureSystemId |
The AzureAD which can validate the end user's current/old password
|
| PasswordResetEnforcePasswordValidation |
If true, the old password will be required in order to change the password.
NOTE: There is a security risk involved if this setting is set to false!
|
| PasswordResetEnforceSSL |
Enforce SSL in the password reset function
|
| PasswordResetEnrollNotification |
If true a notification is sent on successful password reset enroll
|
| PasswordResetFailedNotification |
If true a notification is sent on failed password reset
|
| PasswordResetHardLockoutCount |
If the password reset fails for this number of times for an Identity, the function
will be locked down until unlocked by the helpdesk
|
| PasswordResetLdapSystemId |
The Ldap which can validate the end user's current/old password
|
| PasswordResetLookupProperty |
Password reset lookup property
|
| PasswordResetNumberOfCorrectAnswers |
Number of correct answers in the reset process
|
| PasswordResetNumberOfEnrollQuestions |
Number of displayed questions in the in enrollment
|
| PasswordResetNumberOfResetQuestions |
Number of questions in the reset process
|
| PasswordResetSoftLockoutCount |
If the password reset fails for this number of times for an Identity, the function
will be locked down for a number of minutes
|
| PasswordResetSoftLockoutMinutes |
Number of minutes to do a soft lock down
|
| PasswordResetSuccessNotification |
If true a notification is sent on successful password reset
|
| PasswordResetSuccessOwnerNotification |
Password reset send owner success notification
|
| PasswordResetThrottlingFactor |
Password reset throttling error factor
|
| PasswordResetThrottlingThreshold |
Password reset throttling error threshold
|
| PreviewUseHorizons |
Use the horizons worker service for previewing data.
|
| QuoteAttrValsReqFP |
If true allows usage attribute values with commas etc. inside values (for DNs in ROLEIDs)
|
| RoPEAccessGroups |
Comma delimited list of user group uids that have access to the calculation results of the RoPE engine.
The system user always has access - regardless of what is stated here.
|
| ShowLongAttrChangeMsg |
When long attribute messages are disabled only the new attribute value is shown in manual provisioning tasks.
|
| SkipEventForAutoApproval |
The setting affects the behaviour of the API to create role assignments. If a role has a defined
approval method and if the requestor is also in the approval group, then the role assignment
is immediately activated. The flag controls if events are fired during this particular
update of a role assignment.
|
| SoDReEvaluationClearCompControl |
SoD re-evaluation processes clear the compensating control. This can be prevented with this setting
|
| SoDReEvaluationClearReason |
SoD re-evaluation processes clear the reason text. This can be prevented with this setting
|
| SoDReEvaluationMitigation |
If set to true the SoD evaluation will create the violation evaluation object with an accepted state
and not the entire process. Can be used during initial load of a constraint model.
|
| SoDReEvaluationMitigationDays |
SoD evaluation processes can be kicked in before the expiration.
This setting configures the number of days before the expiration.
|
| SoDReEvaluationOffsetDays |
SoD re-evaluation processes can be kicked in before the expiration.
This setting configures the number of days before the expiration.
|
| SurveyApprovalProcessTemplateId |
Used for defining the process template UID of the survey template used for access request approval
|
| UpdateRoleApprovalTargetSkipEvents |
When set to false the RoleApprovalController.updateApprovalTarget call will not skip events
|
| UseAccessRequestApprovalEd2 |
Use the survey based "Access Request Approval ed2" feature?
|
See Also