Enabling Workflow Delegation in PIM Enterprise Management Server with AD as Userstore

Document ID : KB000029735
Last Modified Date : 14/02/2018
Show Technical Document Details

Summary:

This document explains how to enable WorkItem Delegation in the PIM Enterprise Management Server with AD as Userstore.

Instructions:

A. Enabling CA Identity Minder Management Console.

Enabling Workflow Delegation in the PIM Enterprise Management Server with AD as Userstore

To enable the workflow delegation, you should be able to access CA Identity Minder Management Console.

Access the URL http://entmhostname:18080/idmmanage ,if you are able to access , go to step B, else perform the following steps to enable CA Identity Minder Management Console.

  1. Stop JBoss if it is running. Do one of the following
    • From the JBoss job windows, interrupt (Ctrl+C) the process.
    • Stop the JBoss Application Server service from the Services Panel.
  2. Navigate to the following directory, where JBoss_HOME is the directory where you installed JBoss: 

JBoss_HOME/server/default/deploy/IdentityMinder.ear/management_console.war/WEB-INF

  1.  Open the web.xml file in an editable form.                                                                                                                                                                                 
  2. Search for the following section: 

AccessFilter

  1. In the <param-value> field, change the value to True.                                                                                                                                                           
  2. Save and close the file.             
  3. Start JBoss. The CA Identity Minder Management Console is enabled.

 B. Adding %DELEGATORS% Well-Known Attribute

To enable workflow delegation we need to add %DELEGATORS% value to work item delegation well-known attribute.

  1. Login to CA Identity Minder Management Console using the URL http://entmhostname:18080/idmmanage

    1.png
  2. Go to Directories --> ac-dir

        2.png

 
     3.  Click on Export Button and save ac-dir.xml file.

     4.  Take a backup of ac-dir.xml file and open it for editing

     5.  Replace <Container objectclass="top,organizationalUnit" attribute="ou" /> with <Container objectclass="top,organizationalUnit" attribute="ou" value=""/> 

     6.   After the line 

          <ImsManagedObjectAttr physicalname="memberOf" description="Member of groups" displayname="MemberOf" valuetype="String" multivalued="true" wellknown="%MEMBER_OF%" maxlength="0" hidden="true"/>

           Insert 

           <ImsManagedObjectAttr physicalname="homePostalAddress" description="Member of groups" displayname="delegator" valuetype="String" multivalued="true" wellknown="%DELEGATORS%" maxlength="0" hidden="true" system="true"/>

      7. Save the file.

      8. In CA Identity Minder Management Console , click on update , give the modified ac-dir.xml file in Browse, and click finish.

         3.png

      9. Click Continue.

           4.png

       

     10. In the Identity Minder Management Console, Go to Environments->ac-env->Advanced Settings->Work Item Delegation

       6.png   

C. Enabling WorkItem Delegation

  1. In the Identity Minder Management Console, go to  Home › Environments › ac-env › Advanced Settings › Work Item Delegation
  2. Click on the enabled CheckBox , click save and restart the environment.

WorkItem Delagation has been enabled. To delegate the workitems, on the Enterprise Management server,

go to Users and Groups > Delegation > Manage Work Items > Delegate Work Items, Select the users for whom and to whom you want to delegate the work Items .

5.png

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

Additional Information:

 

Disable the CA PIM Management Console(idmmanage) after completion of the above task.