using the access assurance suite account termination jump ... · features to deliver functionality...

Using the Access Assurance Suite™

Account Termination Jump Start Option

Account Termination

Access Assurance Suite 8.3

Courion Corporation

1900 West Park DriveWestborough, MA 01581-3919

Phone: (508) 879-8400Domestic Toll Free: 1-866-Courion

Fax: (508) 366-2844

Copyright © Courion Corporation. All rights reserved.

Copyright © Courion Corporation 1996 – 2014 All rights reserved. This document may be printed or copied for use by administrators of software that this guide accompanies. Printing or copying this document for any other purpose in whole or in part is prohibited without the prior written consent of Courion Corporation.

Courion, the Courion logo, Access Insight, AccountCourier, CertificateCourier, PasswordCourier, ProfileCourier, RoleCourier are registered trademarks of Courion Corporation. The Courion logo See Risk in a Whole New Way, Access Assurance Suite, ComplianceCourier, and Enterprise Provisioning Suite are trademarks of Courion Corporation. All rights reserved. The names of actual companies and products mentioned herein may be the trademarks of their respective owners. Any rights not expressly granted herein are reserved.

Use, duplication, or disclosure by the Government is subject to restrictions as set forth in subparagraph (c) (1) (ii) of the Rights in technical Data and Computer Software clause in DFAR 52.227-7013 or the equivalent clause in FAR 52.227-19, whichever is applicable.

Courion Corporation reserves the right to make changes to this document and to the products described herein without notice. Courion Corporation has made all reasonable efforts to insure that the information contained within this document is accurate and complete. However, Courion Corporation shall not be held liable for technical or editorial errors or omissions, or for incidental, special, or consequential damages resulting from the use of this document or the information contained within it.

The names of additional products may be trademarks or registered trademarks of their respective owners. The following list is not intended to be comprehensive.

Adobe®, the Adobe® logo, Acrobat®, and Acrobat® Reader® are either registered trademarks or trademarks of Adobe Systems Incorporated in the United States and/or other countries.

CA-TopSecret® and CA-ACF® are registered trademarks of Computer Associates International, Inc.

Citrix® is a registered trademark of Citrix Systems, Inc. in the United States and other countries.

HP-UX is an X/Open® Company UNIX® branded product.

Java™ and all Java™-based trademarks and logos are trademarks or registered trademarks of Sun Microsystems, Inc. in the U.S. and other countries.

Microsoft Corporation®, Microsoft Windows 2000®, Microsoft Windows NT®, Microsoft® Excel, Microsoft® Access, Microsoft® Internet Explorer, and SQL Server® are either registered trademarks or trademarks of Microsoft Corporation® in the United States and/or other countries. Microsoft is a U.S. registered trademark of Microsoft Corp.

Netscape® is a registered trademark of Netscape Communications Corporation® in the U.S. and other countries. Netscape Communicator®, Netscape Navigator®, and Netscape Directory Server® are also trademarks of Netscape Communications Corporation and may be registered outside of the U.S.

Novell® and the Novell products, including NetWare®, NDS®, GroupWise®, and intraNetWare® are all registered trademarks of Novell.

IBM®, Lotus®, Lotus Notes®, Domino®, i5/OS®, z/OS®, and RACF are registered trademarks of International Business Machines Corporation in the United States, other countries, or both.

Oracle® and PeopleSoft® are registered trademarks of the Oracle Corporation. Oracle8i™ and Oracle9i™ are trademarks of the Oracle Corporation.Remedy®, Action Request System®, and AR System® are registered trademarks of BMC Software, Inc.

SAP, the SAP logo, mySAP.com, and R/3 are trademarks or registered trademarks of SAP AG in Germany and in several other countries all over the world.

SecurID® and BSAFE® are registered trademarks of RSA Security Inc. All rights reserved.

Sun, Sun Microsystems, the Sun Logo, iPlanet are trademarks or registered trademarks of Sun Microsystems, Inc. in the United States and other countries.

All SPARC trademarks are used under license and are trademarks or registered trademarks of SPARC International, Inc. in the United States and other countries. Products bearing SPARC trademarks are based upon an architecture developed by Sun Microsystems, Inc.

UNIX is a registered trademark in the United States and other countries, licensed exclusively through X/Open Company Limited.

Copyright to STLport is owned by the following entities: Boris Fomitchev© (1999/2000), Hewlett-Packard Company© (1994), Silicon Graphics Computer Systems, Inc.© (1996/1997), and the Moscow Center for SPARC Technology© (1997).

All other products and companies mentioned in this document may be the trademarks of their associated organizations.

January 2014

Trademarks

1

Courion Corporation

Table of Contents

Chapter 1 - Introduction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3

Solving the Business Challenge . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3Getting Started . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3

Chapter 2 - Installing the Access Assurance Suite . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5

Requirements for the Access Assurance Suite . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5Servers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5Browsers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7Report Creation and Integration Software . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7Web Servers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7Microsoft SQL Server . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7

Before Installing the Suite . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9Starting the Installation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10Configuring the Courion Server . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 12

Access Keys . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 12Pass Phrase Entry . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13Configuration Options . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13Express Configure Web Access and Express Connector Configuration . . . . . . . . . . . . . . . . . . . . . . . . . 14Courion Server TCP/IP Port . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 15Administrator Authentication . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 16Transaction Repository Database Configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 16Summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 17Password Management Modules (PMMs) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 17

Express Connector Installation of Jump Start and Sample Workflows . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 18Express Configuration of Active Directory . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 18Express Configuration of Transaction Repository . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 20Express Configuration of SMTP . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 21Summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 21

Chapter 3 - Accessing Jump Start Workflows from the Administration Console Page . . . . . . 23

Accessing Jump Start Workflow Pages . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 24Accessing Jump Start Workflow Administration Manager Forms . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 28

Using the Administration Manager in Tree View or Flowchart View . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 29Access Assurance Suite Product Documentation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 31Buttons and Icons . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 32

Chapter 4 - Using the Claiming and Profile Management Workflows . . . . . . . . . . . . . . . . . . . . . 33

SampleProfile and UserBasedTargets Tables . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 33Using the Admin Claiming Workflow . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 34Using the End User Claiming Workflow . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 35Using the Profile Management Workflow . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 36

Chapter 5 - Account Termination . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 37

Using the Account Termination Workflow . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 38Using Custom Macros in Jump Start Workflows . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 38Administrator Identification . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 38Administrator Authentication . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 40Provisionee Search . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 41Select Users . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 43Summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 44Notifications . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 45

Appendix A - Access Key Requirements for Jump Start Workflows . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 49

2

Courion Corporation

Appendix B - Copying Jump Start Workflows . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 51

Creating a Workflow by Copying an Existing Workflow . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 51

3

Courion Corporation

Chapter 1: Introduction

Jump Start options are sets of pre-configured workflows designed to solve specific business challenges. These workflows use a subset of AccountCourier, PasswordCourier, and ProfileCourier features to deliver functionality that you can use as soon as you install the Access Assurance Suite. You access Jump Start options from the Access Assurance Suite administration console page.

Solving the Business Challenge

The Account Termination Jump Start option consists of workflows that allow administrative personnel to disable accounts associated with terminated users.

The workflows associated with the account termination process are:

• Account Termination — This workflow allows administrative personnel to disable all accounts associated with terminated users.

• Admin Claiming — This workflow allows you, as an administrator, to claim accounts on behalf of other users.

• End User Claiming — This workflow allows end users to claim accounts for themselves.

Getting Started

To get started using the Account Termination workflow, follow these steps:

• Install the Access Assurance Suite, as described in “Installing the Access Assurance Suite” on page 5.

• Access the Jump Start workflows as described in “Accessing Jump Start Workflows from the Administration Console Page” on page 23.

• Run the Admin Claiming or End User Claiming workflow before you run the Termination workflow, as described in “Using the Claiming and Profile Management Workflows” on page 33.

4 Introduction

Courion Corporation

Requirements for the Access Assurance Suite 5

Courion Corporation

Chapter 2: Installing the Access Assurance Suite

This chapter describes how to install the Access Assurance Suite along with the Jump Start workflows and other sample workflows.

After running the installation, go to “Accessing Jump Start Workflows from the Administration Console Page” on page 23.

Requirements for the Access Assurance Suite

Servers

Table 1 describes the Access Assurance Suite server requirements. These requirements apply to each server in a distributed installation with the exception of memory, as noted in the table. (See the manual Installing the Access Assurance Suite for information about distributed installations.)

Table 1: Access Assurance Suite Server Requirements

Microsoft Windows Server® 2003 (Service Pack 1 or higher) (The 32-bit or the 64-bit version)

or

Microsoft Windows Server® 2008 (The 32-bit or the 64-bit version)

Note: If you are using Microsoft Windows Sever 2008, the 64-bit version, refer to the document Access Assurance Suite Product Requirements for information about Roles and Features Required for Windows Server 2008 Servers - The 32-bit or the 64-bit Version.

Microsoft .NET 3.5 Framework *

Microsoft XML 6.0 * and Microsoft XML 3.9*

Microsoft Visual C++ (x86) Redistributable*

Microsoft Message Queuing

Note: If you use the distributed installation feature to install components of the Access Assurance Suite on different servers in the network, and you replicate Access Assurance Suite servers in your environment using cloning or virtualization, you must install Microsoft Message Queuing after you have replicated the servers. See the manual Installing the Access Assurance Suite for information about distributed installations.

If you have already installed Microsoft Message Queuing and subsequently replicated the servers, contact Courion customer support for more information.

3 GB of memory for a single server installation

2 GB of memory for each server in a distributed installation

minimum of 2.0 GHz processing speed (multiple CPUs or multicore CPUs recommended)

6 Installing the Access Assurance Suite

Courion Corporation

* Included with the Access Assurance Suite installation executable. If not already installed, they are installed at the

beginning of the installation process.

Notes on Hardware and Software Requirements

• With the release of SP1, Windows Server 2003 restricts the default DCOM permissions such that you cannot launch or access CourATLService and CourAtlAdmin using the default permissions. To broaden the permissions for these components, use “Component Services” from “Administrative Tools” and set custom permissions for these components that include the NETWORK user to “Remote Launch” and “Remote Access” rights. Additionally, ensure that under the “Component Services > Computers > My Computers” property sheet, you have checked “Enable Distributed COM on this Computer” under the “Default Properties” tab.

• Support for Microsoft Windows Server 2008 includes support for the Microsoft Active Directory Transparent Synchronization Listener on Windows Server 2008.

• To use the Access Assurance Suite on Microsoft Windows Server 2008:

Insure that ASP.NET is enabled for IIS support.

Refer to the following URL for information on how to install Windows Communication Foundation (WCF), which is not enabled by default:

http://iweb.adefwebserver.com/Project/Blog/tabid/57/EntryID/34/Default.aspx

• The requirements in this section assume that the Access Assurance Suite is the only application installed on the server. Please adjust the memory, CPU, and disk space requirements if other applications are installed on the server.

• The requirements are the same for installing onto a virtual machine. Each virtual machine you install on needs to meet the requirements above. This is in addition to the memory, CPU and disk space requirements of the server running the virtual machine(s).

• You must install the Access Assurance Suite on a separate server from the Microsoft SharePoint server, if a SharePoint server exists in your environment.

NTFS formatted disk drive, 80 GB (minimum) recommended

400 MB on the system drive for decompression of the install image and an additional 600 MB on the drive specified during the installation

Minimum 200 MB of disk space for log files (more recommended)

After installation and initial configuration, the expected footprint of the Access Assurance Suite is approximately 500 MB

Table 1: Access Assurance Suite Server Requirements

Requirements for the Access Assurance Suite 7

Courion Corporation

Browsers

Additional requirements for web browsers:

• To access both the Administration Manager and the end-user workflow pages, the browser must be set to a security level of Medium or lower. For Internet Explorer, from the Internet Options window, Security tab, select the zone used for accessing the Courion server, then set the level to the desired setting.

• Browser cache should be set to update automatically for best performance when running the Administration Manager. For Internet Explorer, from the Internet Options window, General tab, click the Settings button in the Browsing History section and select the “Automatically” radio button.

• For Internet Explorer 7.0 or higher and Safari, tabbed browsing is not supported, since only a single workflow may be open at a time (multiple users sessions aren’t supported).

Report Creation and Integration Software

Web Servers

• IIS 6.0 on Microsoft Windows Server 2003

Microsoft SQL Server

Courion strongly recommends that Microsoft SQL Server be installed on a separate machine from the one used for the Access Assurance Suite server.

Table 2: Supported Browsers for the Access Assurance Suite Administration Manager and End User Web Access

Microsoft Internet Explorer 6.0 with Service Pack 2 or higher

Safari 3.0 or higher on Apple Macintosh (End User Web Access only)

Table 3: Report Creation and Integration Software

To run the reports included with the Access Assurance Suite, you need:

• SQL Server Reporting Services (SSRS) component included with Microsoft SQL Server 2005 or SQL Server 2008

• Microsoft Internet Explorer® version 6.0 with SP1 or higher.

To create your own reports, you need:

• SSRS Report Builder or SQL Server Business Intelligence Development Studio


Courion Corporation

The requirements in Table 4assume that the Microsoft SQL Server is dedicated for use by the Access Assurance Suite. If the SQL Server is shared with other applications, please adjust the memory, CPU, and disk space requirements specified in Table 4accordingly.

Table 4: Microsoft SQL Server Requirements

Note: If you install SQL Server on the same machine as the Access Assurance Suite, please adjust the memory, CPU, and disk space requirements accordingly.

2 GB of memory (4+ GB recommended)

2.0 GHz processing speed (multiple CPUs or multicore CPUs recommended)

200 GB drive (minimum)

Before Installing the Suite 9

Courion Corporation

Before Installing the Suite

Review the “Requirements for the Access Assurance Suite” on page 5 before installing the product to ensure that all necessary conditions have been met.

Courion recommends exiting all running applications before installing the Courion Access Assurance Suite.

Installation requires one or more access keys, obtained from Courion Corporation.

Installing Required Windows Components

The Access Assurance Suite requires installation of the following Windows system components:

• Microsoft Message Queuing

Note: If you use the distributed installation feature to install components of the Access Assurance Suite on different servers in the network, and you replicate Access Assurance Suite servers in your environment using cloning or virtualization, you must install Microsoft Message Queuing after you have replicated the servers. See the manual Installing the Access Assurance Suite for information about distributed installations.

If you have already installed Microsoft Message Queuing and subsequently replicated the servers, contact Courion customer support.

• Microsoft Internet Information Service

If these system components are not already installed when you start the Access Assurance Suite installation, a warning dialog appears, and the installation stops.

To install these components:

1. Open the Windows Control Panel and double-click ADD OR REMOVE PROGRAMS.

2. Click ADD/REMOVE WINDOWS COMPONENTS.

3. Highlight the APPLICATION SERVER option and click DETAILS.

4. Select Internet Information Service and Message Queuing and click OK.

5. Click NEXT. After Windows completes configuring the system components, click FINISH.


Courion Corporation

Starting the Installation

1. Log on the Windows system as a user with administrator privileges.

2. Download the file CourionInstall.exe from the network and then execute it by double-clicking the icon.

The InstallShield wizard screen appears.

Note: The Access Assurance Suite requires the following on the Courion Server: Microsoft .Net Framework 3.0, Microsoft XML 6.0, and Microsoft Visual C++ (x86) Redistributable. These applications are included in the installation file. If they are not already installed on the server, a dialog appears asking if you want to install them. Click YES. The applications are installed and then the InstallShield wizard screen appears.

3. Follow the onscreen instructions of the installation wizard to proceed with the installation.

4. When you see the Access Keys dialog box, as shown in Figure 1, add the access keys you received from Courion.

Figure 1: Access Keys

To add an Access Key, click ADD, browse to find and select the Access Key file, and then click OPEN. The Access Key pathname appears in the list box. You can use the ADD and REMOVE buttons to edit the list.

Click NEXT when you have added the Access Keys.

5. In the SETUP TYPE dialog box, select COMPLETE (the default) as the setup type.

Note: For information about the Custom setup type for distributed server installations, see the manual Installing the Access Assurance Suite.

Click NEXT.

Starting the Installation 11

Courion Corporation

6. Click YES to stop World Wide Web Publishing Services when prompted to do so.

7. The START COPYING FILES dialog box appears with summary information about the installation options you have selected. You can edit this information by clicking the BACK button. To accept the information and finish the installation, click NEXT. The SETUP STATUS display indicates that the installation is proceeding.

8. The final dialog box of the installation wizard presents you with options to "Configure the Courion Server" and "View the Readme" or to reboot if necessary. The Courion Server Configuration Manager begins automatically once you click the Finish button (unless a reboot is required).

You can also launch the Courion Server Configuration Manager manually from the Start menu:

Start>Programs>Courion Access Assurance Suite>Configuration Manager

If you left the VIEW THE README box checked, the software displays the Readme file. You can examine the Readme as you wish. Then close or minimize the Readme display. If you want to read the ReadMe file later, it is located in the default install folder as ReadMe.rtf


Courion Corporation

Configuring the Courion Server

The Courion Server configuration manager is a wizard that walks you through server configuration. You need the following information:

• The number of the TCP/IP port on which the Courion Server listens.

• For workflow configuration, server and domain information about the Active Directory and transaction repository.

• The SMTP server hostname or IP address and domain name that the Courion Server uses to communicate with connected systems.

Access Keys

The first dialog box of the wizard is Access Keys Selection. It displays the keys you selected during the installation.

Figure 2: Access Key Selection

The keys you entered during the installation (see page 10) appear in the left window of this dialog box. If you highlight a key, a description of the key appears in the right window. To add more keys, click ADD KEY FILE...

You can also add keys from the Start menu after the installation is complete. Enter:

Start>All Programs>Courion Access Assurance Suite>Add Access Keys

Click the Next button to continue with the installation.

Configuring the Courion Server 13

Courion Corporation

Pass Phrase Entry

Information in the Pass Phrase Entry dialog box helps keep your configuration data secure. If you enter a non-evaluation access key, the Pass Phrase Entry dialog box appears, as Figure 3.

The pass phrase you enter generates an encryption key. This key is used to encrypt data (for example, a Help Desk password) in the Courion Server configuration to prevent access by unauthorized end users. The key itself is encrypted using Microsoft CryptoAPI using a machine specific key that can only be decrypted by this machine.

Later on, if you want to change the pass phrase, run the configuration manager as follows:

Programs > Courion Access Assurance Suite>Configuration Manager

Figure 3: Pass Phrase Entry

Enter a new pass phrase, verify it by typing it again, and click NEXT. The system creates a new encryption key, and automatically uses that key to re-encrypt all encrypted Courion Server configuration information.

Configuration Options

The Configuration Options dialog box lets you select one or both Access Assurance Suite platforms, as shown in Figure 4.

The Provisioning Platform is selected by default. Click NEXT to accept the default.


Courion Corporation

Figure 4: Platform Selection

Express Configure Web Access and Express Connector Configuration

The Express Configuration Selection dialog box, shown in Figure 5, allows you to select EXPRESS CONFIGURE WEB ACCESS and EXPRESS CONNECTOR CONFIGURATION. These processes streamline installation and configure the sample workflows.

To run Express configuration, you may need:

• Microsoft Exchange System Management Tools. This is usually available from your Exchange administrator.

• Access keys for Active Directory, SMTP Email Notification, and Exchange 2000. These keys should have been previously added at the beginning of configuration. If necessary, you may run the configuration manager again to add additional keys.

EXPRESS CONFIGURE WEB ACCESS streamlines the installation process but does not configure the sample workflows. This resets your HTTPS key length to 0 (a possible security risk) and set the session timeout period to 300 seconds. Later, you can change these if you wish, as explained in the chapter on “Web Access (ASP) Configuration” in the Access Assurance Suite Implementation Guide.

EXPRESS CONNECTOR CONFIGURATION prompts for information needed to install and configure Jump Start and other sample workflows.


Courion Corporation

Figure 5: Express Configuration Selection

9. Both EXPRESS CONFIGURE WEB ACCESS and EXPRESS CONNECTOR CONFIGURATION are selected by default. If either Express box is greyed out, you see a message explaining which required components are missing. Click NEXT.

Courion Server TCP/IP Port

The Courion Server dialog box prompts you for TCP/IP information.

Figure 6: Courion Server TCP/IP

10. Specify the TCP/IP port to be used by the Courion Server. The default value is 8189. Click NEXT.


Courion Corporation

Administrator Authentication

The Administrator Authentication dialog box appears, as shown in Figure 7.

Figure 7: Administrator Authentication Configuration

Use this dialog box to specify who can access the Access Assurance Suite Administration Manager interface.

Administrators can access the Administration Manager by authenticating to a domain or to the local workstation. The default values displayed are those of the domain that the server is registered in.

Domain access to the Administration Manager is controlled by domain and group membership. Anyone with a user account on the specified domain who is a member of the specified group can log in to the Administration Manager user interface.

11. The ACTIVE DIRECTORY DOMAIN checkbox is enabled by default. If the domain is not an Active Directory domain, you should disable the checkbox.

12. Enter the DOMAIN name.

13. Select a GROUP from the domain by clicking the browse button next to the GROUP field. The value of the ACTIVE DIRECTORY DOMAIN checkbox determines the list of displayed groups. To restrict access, you can create a special group for provisioning platform administrators. Click NEXT.

Transaction Repository Database Configuration

The Transaction Repository Database Configuration dialog box appears, as in Figure 8.

The transaction repository database stores all request records, delegation records, and verification information. It is used for the Requester/Approver or Delegation features, the ComplianceCourier Verify feature, the Password History feature, and for Identity Map information used by the Jump Start options.


Courion Corporation

Figure 8: Transaction Repository Database Configuration

14. The PERFORM PURGING option prevents the transaction repository from growing without limits. If your organization has data backup and data retention policies, Courion recommends that you use those polices rather than the purging option. Purging is not the default (the PERFORM PURGING option is not checked). Click NEXT.

Summary

The system displays a summary screen that lists all data you entered.

15. Click the FINISH button to accept the current configuration of the Courion Server.

Password Management Modules (PMMs)

If you have an access key for PasswordCourier, the configuration manager prompts you to configure Password Management Modules (PMMs). Each PMM is an interface that PasswordCourier requires to work with a specific platform (such as Windows 2000). PMMs are described in the manual Configuring Password Management Modules (PMMs), Connectors, and Agents. The express connector configuration automatically configures the Active Directory PMM. If you are using only the Jump Start options, no other PMMs need to be configured.

16. You are asked whether you want to configure each individual PMM separately, based on whether you have an access key and the appropriate PMM software installed. Click NO for each PMM (you can configure individual PMMs later, by accessing them by selecting Start > Courion Access Assurance Suite > Password Management Modules).


Courion Corporation

Express Connector Installation of Jump Start and Sample Workflows

The Express Connector Configuration Manager dialog box allows you to install Jump Start and sample workflows, as shown in Figure 9:

Figure 9: Express Sample Workflow Selection

By default, all available workflows not currently installed are selected for installation. A status of Unavailable means you lack an access key for that workflow. For a list of keys required for each Jump Start workflow, please see “Access Key Requirements for Jump Start Workflows” on page 49

For a first-time configuration, we suggest you install all workflows that are available. If you have previously configured a workflow and you select it here, the system warns you about overwriting the existing one.

For a brief description of each workflow, click the workflow name.

Make sure each of the workflows you want to install are selected (the boxes checked) and click NEXT.

After you click NEXT, the Express configuration wizard steps you through a series of dialog boxes. Some workflows do not require all of these dialog boxes. Therefore, the dialog boxes that appear depend on which workflows you chose to install.

Express Configuration of Active Directory

The Express configuration displays a dialog box about Active Directory and Exchange configuration, as in Figure 10:

Express Connector Installation of Jump Start and Sample Workflows 19

Courion Corporation

Figure 10: Active Directory Configuration

Certain Jump Start and sample workflows require Microsoft Active Directory directory service and Exchange to function. This wizard page collects information needed to create targets for a Microsoft Active Directory directory service and Microsoft Exchange server.

Specify the required items for Active Directory:

1. DOMAIN CONTROLLER — Specify the actual machine name the Courion Server connects to when it creates and disables accounts and resets passwords. This must be the machine name, not IP address or Fully Qualified Name. The machine you specify must be of a functioning Domain Controller on the named domain.

2. DOMAIN NAME — Specify the name of the Active Directory Domain that includes the Exchange server.

3. PRIVILEGED USER — Enter the username for an account with administrator access to both the Active Directory Domain and the Exchange 2000 server. The username specified should be the principal name of the administrator account ([email protected]).

The privileged user for Exchange 2000 should have privileges on both the Active Directory Domain and on the Permissions object of the Exchange server. The privileges on the Active Directory Domain need to be set to allow the creation of accounts. The privileges on the Exchange server should be set to Service Account Admin.

4. PRIVILEGED USER PASSWORD — Enter the password for the privileged user. Click NEXT.


Courion Corporation

Express Configuration of Transaction Repository

Figure 11: Express Configuration of the Transaction Repository

Provide the following transaction repository information:

1. SQL SERVER NAME — Specify the name of the SQL server where the transaction repository is created.

2. REFERENCE DATABASE (JUST USED FOR INITIAL LOG IN, A NEW DATABASE WILL BE CREATED) — Specify the name of an existing SQL database. This is used for login only and not modified.

3. NEW DATABASE — Specify a database name. This can be a new name or the name of an existing database you are willing to overwrite.

4. SQL PRIVILEGED USER (DATABASE LOGIN ONLY) — Enter the username of a privileged user. This username is used for login only.

5. SQL PRIVILEGED USER PASSWORD — Enter the password of the privileged user.

6. Click NEXT.

The system verifies that the server and database exist, and that the username/password are valid for access to that database. If any condition is not satisfied, you see an explanatory error message.

Express Connector Installation of Jump Start and Sample Workflows 21

Courion Corporation

Express Configuration of SMTP

Figure 12: Express Configuration of SMTP

Provide the following SMTP information:

1. PORT — Accept the default or specify a valid other port.

2. SMTP SERVER — Specify the name of an SMTP server.

3. EMAIL DOMAIN OR SUBDOMAIN — Enter the name of the domain or subdomain used for email notifications.

4. MASTER EMAIL ADDRESS FOR NOTIFICATION — Enter your email address or if the administrator is someone else, the address of that person. Notifications are sent to this address.

Note: The Master E-Mail address is used by several of the sample workflows. If you previously used Express Configuration to set the Master E-Mail address and want to change it by running Express Configuration again, you must also reinstall the sample workflows for which the Master E-Mail is changed. Any sample workflows that are not reinstalled use the previous Master E-Mail address.

Summary

The system displays a summary screen that lists the workflows that will be installed along with all configuration data you entered. Click NEXT to complete the installation. To change any item you selected, click BACK, change it, and continue to this point. After you click NEXT, installation and configuration proceeds. It takes several minutes.

When installation is complete, click the Finish button. The software displays

Courion Server configuration is complete

Click OK.


Courion Corporation

If you need to make any changes to the Express Connector Configuration, you can launch it again from the Start menu:

Start>Programs>Courion Access Assurance Suite>Express Connector Configuration Manager.

23

Courion Corporation

Chapter 3: Accessing Jump Start Workflows from the Administration Console Page

This chapter describes how to access the Jump Start workflows from the Access Assurance Suite administration console page. You can then choose to use a Jump Start workflow or log in to the Administration Manager in Jump Start View to view or modify the Administration Manager forms that control the appearance of the screens displayed to the end user.

This chapter includes the following sections:

• “Accessing Jump Start Workflow Pages” on page 24

• “Accessing Jump Start Workflow Administration Manager Forms” on page 28

• “Access Assurance Suite Product Documentation” on page 31

• “Buttons and Icons” on page 32

24 Accessing Jump Start Workflows from the Administration Console Page

Courion Corporation

Accessing Jump Start Workflow Pages

To access the Jump Start workflow pages, start from the Access Assurance Suite administration console page. From the Start menu, select:

Start>All Programs>Courion Access Assurance Suite>Administration Console

The administration console page appears as in Figure 13.

Figure 13: Access Assurance Suite Portal Page

Select JUMP START OPTIONS in the upper left corner or click MORE INFO > under the Jump Start Options description in the main body of the console page.

When you select Jump Start Options or More Info, the Jump Start page appears as in Figure 14.

Accessing Jump Start Workflow Pages 25

Courion Corporation

Figure 14: Jump Start Page with User Provisioning Workflows Expanded

From the Jump Start Options page, you can access two types of workflows under the text link describing each type: USER PROVISIONING JUMP START workflows and PASSWORD MANAGEMENT JUMP START workflows. To expand the list of workflows in each category, click the orange text link. To contract the list workflows in each category, click blue text link. Figure 14 shows the Jump Start Options page with the User Provisioning Jump Start list expanded. Figure 15 shows the Jump Start Options page with the Password Management Jump Start list expanded.


Courion Corporation

Figure 15: Jump Start Page with Password Management Workflows Expanded

To select a set of workflows from the Jump Start Options page, click the workflow name in the list. For example, Figure 16 shows the page for the Basic Access Jump Start workflows.

Figure 16: Basic Access Workflow Page

Accessing Jump Start Workflow Pages 27

Courion Corporation

From this page you can:

• Use a Jump Start workflow

To use a workflow, click the button with the workflow name. Before you use the workflow for the first time, you need to run either the End User Claiming or Admin Claiming and the Profile Management workflow if you have not already done so. See “Using the Claiming and Profile Management Workflows” on page 33 for more information about how to do this.

• Access the Administration Manager forms that you use to configure the end-user screens that make up the workflow. See “Accessing Jump Start Workflow Administration Manager Forms” on page 28 for information about how to do this.


Courion Corporation

Accessing Jump Start Workflow Administration Manager Forms

To log in to the Administration Manager in Jump Start View, click the CONFIGURE link next to the workflow button. For example, to log in to the Administration Manager for Basic Access Request, click CONFIGURE BASIC ACCESS REQUEST, as in Figure 17.

Figure 17: Accessing the Administration Manager

The Administration Manager login page appears as in Figure 18.

Figure 18: Administration Manager Login Screen

Enter you Windows NT, Windows 2000, or Active Directory Domain username and password and click SUBMIT. The flow chart for the Jump Start workflow appears as in Figure 19 for the Basic Access request workflow.

Accessing Jump Start Workflow Administration Manager Forms 29

Courion Corporation

Figure 19: Administration Manager Jump Start Flowchart for Basic Access Request

Click on any of the steps in the flow chart to view the form that corresponds to that workflow step. Jump Start view workflow forms show a subset of options that appear on the corresponding Administration Manager forms in Tree View and Flowchart View. Figure 19 shows the Administration Manager form for Authenticate Provisioner in the Basic Access Request workflow.

Figure 20: Administration Manager form in Jump Start View

The workflow step that corresponds to the form you are viewing appears highlighted with a border.

Using the Administration Manager in Tree View or Flowchart View

You can access the Administration Manager forms that you use to create workflows using three types of views: Jump Start view, Tree View or Flowchart View. From the Administration Manager Jump Start View, you can access Tree View or Flowchart View. Click on the appropriate view from the upper-right


Courion Corporation

corner of the page (see Figure 21).

Figure 21: Administration Manager Views

Administration Manager forms in Tree View and Flowchart View offer many more configuration options than the forms in Jump Start View. See the manual Using the Access Assurance Suite Administration Manager for information about how to use the forms in Tree View and Flowchart View.

Note: Although you can edit Administration Manager forms for Jump Start workflows in Tree View or Flowchart View, Courion recommends that you do not do this. You can create a new workflow using a Jump Start workflow as a model and edit the new workflow. For information about how to do this, see Appendix B, “Copying Jump Start Workflows” on page 51.

Access Assurance Suite Product Documentation 31

Courion Corporation

Access Assurance Suite Product Documentation

A link to the list of documentation available with the Access Assurance Suite is available from the administration console pages. From this list, you can open the PDF files for each document, including the Jump Start documentation. To access the list of documentation from the console pages, click the DOCUMENTATION link on the left side of the page.


Courion Corporation

Buttons and Icons

Administration Manager windows and forms use the following buttons:

• CONFIGURE... — Displays the second form in the configuration step, typically the fields or attributes for a selected table or object class.

• SUBMIT — Saves selections in the current window or form.

If this is the second form for an option, returns to the first form.

If this is the first form for an option, displays the Administration Manager main window.

• RESET — Returns field values on a form to their last known applied state.

• LOGOUT — Returns to the Administration Manager login window.

• ? HELP — Displays the manual Using the Access Assurance Suite Administration Manager with the Adobe® Acrobat® Reader™.

Note: If available, do not use the browser BACK and FORWARD buttons to navigate through Administration Manager windows and forms.

Windows and forms, in both the Administration Manager and the Web Access Client, can display the following icons:

• — Display online help when the mouse pointer moves over icon. For the Administration Manager, the help text is supplied by Courion. For the Web Access Client, you supply the help text is supplied during configuration of the forms in a workflow.

• — Indicates a required field. Provisioning or password reset applications will not exit a form until all required fields have values.

• — Indicates a field requires a numeric value.

• — Indicates that you can insert a macro in a field. Single click on this icon to launch the Macro Selection Dialog Window.

• — Indicates that you can read the field but not edit it.

Windows in Administration Manager Flowchart View can display the following icons:

• — Indicates that you can add an item.

• — Indicates that you can edit an item

• — Indicates that you can delete an item.

33

Courion Corporation

Chapter 4: Using the Claiming and Profile Management Workflows

Before you can provision accounts or reset passwords with the Jump Start workflows, you need to claim accounts to populate the IdentityMap and create profiles associated with the accounts. You can then reset the passwords of the claimed accounts or use them as models for the accounts you provision. Two types of claiming workflows can be associated with a provisioning or password reset Jump Start workflow:

• Admin Claiming — Admin Claiming allows you to claim accounts on behalf of other users. See “Using the Admin Claiming Workflow” on page 34 for more information.

• End User Claiming — End User Claiming allows end users to claim their own accounts. See “Using the End User Claiming Workflow” on page 35 for more information.

Some workflows also require that a profile management workflow be run after accounts have been claimed:

• Profile Management — Profile Management allows the individual who owns the account to create and update the profiles for their claimed accounts. Administrators can also run this workflow for accounts in which they know the password (for example, an account newly created by the administrator). See “Using the Profile Management Workflow” on page 36 for more information.

On the administration console page of each account provisioning or password reset Jump Start option, the claiming workflows and the profile management workflow associated with it appear on the lower part of the page.

SampleProfile and UserBasedTargets Tables

The Jump Start workflows are configured to use the SampleProfile and UserBasedTargets tables in the Transaction Repository target. This target is created by the Express Connector Configuration to store Profile and IdentityMap entries.

34 Using the Claiming and Profile Management Workflows

Courion Corporation

Using the Admin Claiming Workflow

Follow these steps to use the Admin Claiming Workflow:

1. From the appropriate administration console page for a Jump Start option, click the ADMIN CLAIMING button.

2. On the ADMINISTRATIVE CLAIMING VALIDATION screen, enter your Active Directory account name and click NEXT.

3. On the ADMINISTRATIVE CLAIMING AUTHENTICATION screen, enter your password for the account and click NEXT.

4. On the USER ACCOUNT SEARCH screen, enter the characteristics for the users whose accounts you want to claim. For example, users in a particular department, such as engineering, who report to a particular manager. You can use the star character (*) to perform wild card searches. For example, enter E* in the User’s Department field to find all accounts in the engineering department. The search is not case sensitive. Click NEXT.

5. On the SELECT USERS screen, select the users whose accounts you want to claim and click NEXT.

Note: You need to know and use the Active Directory account name and password for these users when you run the Profile Management workflow.

6. On the SELECT ACCOUNTS TO CLAIM screen check the accounts associated with the users that you want to claim and click NEXT.

7. The CLAIMING SUMMARY screen appears. This is a list of the accounts on the targets that you have attempted to claim. Click NEXT to claim the accounts. If you want to modify your selection, click PREVIOUS.

8. A CLAIMING COMPLETED screen appears indicating that you have successfully claimed the accounts.

Using the End User Claiming Workflow 35

Courion Corporation

Using the End User Claiming Workflow

Follow these steps to use the End User Claiming Workflow:

1. From the appropriate administration console page for a Jump Start option, click the click the END USER CLAIMING button.

2. On the END USER CLAIMING AUTHENTICATION screen, enter your ACTIVE DIRECTORY ACCOUNT NAME and PASSWORD and click NEXT.

3. The SELECT ACCOUNTS TO CLAIM screen lists account names that are similar to your Active Directory account name. Two tables display accounts available to be claimed and accounts which have already been claimed and are known to belong to you. Select the accounts that you want to claim. You are required to enter the password for each account that you attempt to claim. Click NEXT.

4. The ACCOUNT CLAIMING AUTHENTICATION screen displays each Active Directory account you are attempting to claim. Enter the password for each account and click NEXT.

5. The CLAIMING SUMMARY screen lists the status of your attempt to claim accounts. Click NEXT.

6. The ACCOUNT ATTRIBUTES SUMMARY screen appears displaying details about each of the accounts you have claimed. Click NEXT.

7. A summary screen appears indicating that you have successfully claimed the accounts.

36 Using the Claiming and Profile Management Workflows

Courion Corporation

Using the Profile Management Workflow

Once an account has been claimed, a profile can be created for that account. Since this workflow requires a user’s account name and password, this workflow would normally be run by an end user. An administrator might also run this workflow for accounts in which they know the password (for example, an account newly created by the administrator). Existing profiles may also be updated from this workflow.

Follow these steps to use the Profile Management workflow:

1. From the appropriate administration console page for a Jump Start option, click the PROFILE MANAGEMENT button.

2. On the WELCOME screen, enter an Active Directory account name and password and click NEXT.

The account name and password that you enter must be the Active Directory account name and password of a user whose Active Directory account has been claimed.

3. On the PROFILE MANAGEMENT ACTIONS screen, click the CREATE NEW PROFILE button (if you have not previously created a profile), or UPDATE PROFILE (to modify an existing profile).

4. On the ENTER NEW PROFILE DATA screen (for new profiles), enter information for the profile and click NEXT.

On the UPDATE PROFILE DETAILS screen (for existing profiles) update information for the profile, and click NEXT.

Fields marked with the check icon are required fields.

5. The SUMMARY PROFILE REGISTRATION or SUMMARY PROFILE UPDATE screen appears.

6. Click NEXT ACTION to create another profile or to update an existing profile.

37

Courion Corporation

Chapter 5: Account Termination

From the Account Termination workflow page (see Figure 22), you can use the workflows or access the Administration Manager forms where you configure the look and feel of the end user screens. Before you use the Account Termination workflow, however, complete the following steps:

• Use the Administrative Claiming workflow to claim accounts on behalf of other users or the End User Claiming workflow to claim your own accounts.

See “Using the Claiming and Profile Management Workflows” on page 33 for information about how to use these workflows.

Note: If you have already claimed accounts you do not have to run these workflows again before using the Account Termination workflow.

Figure 22 shows the Account Termination workflow page.

Figure 22: Account Termination Workflow Page

38 Account Termination

Courion Corporation

Using the Account Termination Workflow

To start the Account Termination workflow, click the TERMINATION button on the Account Termination workflow page. The following sections describe the end-user screens that appear in this workflow and the corresponding Administration Manager forms (if they are available to modify).

Using Custom Macros in Jump Start Workflows

The fields in some Administration Manager forms in Jump Start View include custom macros which substitute information gathered dynamically by the Courion Server into forms and messages displayed to the end user. Courion recommends that you do not edit these macros or change these fields in any way for best results when using Jump Start workflows.

If you do want to edit a custom macro in an Administration Manager form of a Jump Start workflow, Courion recommends that you create a new workflow by copying the Jump Start workflow. Then you can edit the custom macro in the new workflow and maintain a working copy of the original workflow. See “Copying Jump Start Workflows” on page 51 for information about how to do this.

Administrator Identification

The first screen that appears when you click the TERMINATION button is Administrative Termination Validation, as shown in Figure 23.

Figure 23: Administrative Termination Validation Screen

Enter your Active Directory Account name and password, click NEXT. The Administrative Termination Authentication screen appears (Figure 26).

Two Administration Manager forms are used to configure the Administrative Termination Validation form:

• Specify Valid Administrator Groups — Access this form from the SET WORKFLOW ACCESS box in the Administration Manager flowchart. Figure 24 shows this form.

Using the Account Termination Workflow 39

Courion Corporation

• Specify Account Name — Access this form from the IDENTIFY PROVISIONER box in the Administration Manager flow chart. Figure 25 shows this form.

Figure 24: Specify Valid Administrator Groups Administration Manager Form

To add an Active Directory group, enter the name of the group that you want to add in the ENTER VALUE FOR LIST field and click INSERT to add the group to the list on the right side of the table. Default groups included in the list are Administrators, Domain Admins, and Enterprise Admins. To remove a group, select the group name in the ENTRIES list and click REMOVE.

Click SUBMIT when you complete the form.

Figure 25: Specify Account Name Administration Manager Form

In the FORM TITLE, FROM NAME, and FORM INSTRUCTIONS text boxes, you can edit the text that appears on the end user screen.


Courion Corporation

In the MAXIMUM AUTHENTICATION ATTEMPTS text box, you can change the maximum number of failed authentication attempts to allow on this form before disabling the user. The default is 3 attempts.


Administrator Authentication

Figure 26 shows the Administrative Termination Authentication screen.

Figure 26: Administration Termination Authentication Screen

Enter your Active Directory Password. The Provisionee Search screen appears as in Figure 28.

Figure 27 shows the Administration Manager form used to configure the Administrative Termination Authentication screen. To access this form, click on the AUTHENTICATE PROVISIONER box in the Administration Manager flowchart.


Courion Corporation

Figure 27: Specify Provisioner Password Administration Manager Form

In the FORM TITLE, FORM NAME and FORM INSTRUCTIONS text boxes, you can modify the text messages that appear to the end user on the Administrative Termination Authentication screen.

In the MAXIMUM AUTHENTICATION ATTEMPTS text box, you can change the maximum number of failed authentication attempts to allow on this form before disabling the user. The default is 3 attempts.


Provisionee Search

Figure 28 shows the Provisionee Search screen.


Courion Corporation

Figure 28: Provisionee Search Screen

On the Provisionee Search screen, enter the characteristics for the users whose accounts you want to disable. For example, you can select users in a particular department who report to a particular manager. You can use the star character (*) to perform wild card searches. For example, enter M* in the User’s Department field to find all accounts in the marketing department. The search is not case sensitive. Click NEXT. The Select Users screen appears as in (Figure 30).

Figure 29 shows the Administration Manager form used to configure the Provisionee Search screen. To access this form, click the PROVISIONEE SEARCH box in the Administration Manager flowchart.

Figure 29: Provisionee Refine Search Administration Manager Form


Courion Corporation

In the FORM TITLE, FORM NAME, and FORM INSTRUCTIONS text boxes, you can modify the text messages that appear to the end user on the Select a User screen.


Select Users

Figure 30 shows the Select Users screen. Select the users you want to disable and click NEXT. The Account Termination Confirmation screen appears as in Figure 31.

Note: No fields are available to modify on these two screens, so no corresponding Administration Manager forms exist in the Account Termination Jump Start flowchart.

Figure 30: Select Users Screen

Figure 31: Account Termination Confirmation Screen


Courion Corporation

Click NEXT. The Disable Accounts Summary Screen appears (Figure 33).

Summary

The Summary screen displays the current status of the account termination attempt. Depending on the configuration of the Summary Form in the Administration Manager, either an initial Summary Status screen (Figure 32) or the Disable Account(s) Summary screen (Figure 33) is displayed. If the initial Summary Status screen appears, you must click the UPDATE STATUS button for the final Disable Account(s) Summary screen to display. If the account termination is still processing, the screen remains the same and you must click Update Status again.

If you click the STOP PROCESSING button, processing is stopped for the account termination. However the workflow does not roll back any part of the action that was already completed. For example, if you were terminating ten accounts and six were already completed before you selected Stop Processing, only the remaining four accounts would not be terminated.

You can click NEXT ACTION if you want to run the Account Termination workflow again.

Figure 32: Initial Summary Status Screen

Figure 33: Account Summary Screen

Figure 34 shows the Administration Manager form used to configure the Disable Account(s) Summary screen. To access this form, click the SUMMARY box in the Administration Manager flowchart.


Courion Corporation

Figure 34: Summary Administration Manager Form

In the FORM TITLE, FORM NAME, and SUMMARY DETAILS text boxes, you can modify the text messages that appear to the end user on the Summary screen.

If the DO NOT SHOW SUMMARY UNTIL ACTION COMPLETES checkbox is NOT checked, the initial Summary Status screen (as shown in Figure 32) is displayed. This is the default.

If DO NOT SHOW SUMMARY UNTIL ACTION COMPLETES IS checked, then the initial Summary Status screen is skipped. Instead, if the processing of the action takes longer than three seconds, a processing page is displayed. Once processing is complete (or if the processing time is less than three seconds), the final summary screen is displayed, as shown in Figure 33.

If the HIDE UPDATE STATUS BUTTON checkbox is checked, the Update Status button is not included on the transaction repository status screen. The default is unchecked. This field only applies if the Do Not Show Summary Until Action Completes option is not selected.

If the HIDE STOP PROCESSING BUTTON checkbox is checked, the Stop Processing button is not included on the transaction repository status screen. The default is unchecked. This field only applies if the Do Not Show Summary Until Action Completes option is not selected.


Notifications

The final two forms in the workflow provide for email notification in the case of account disable success and account disabling non-success.

Figure 35 shows the Administration Manager form used to configure the notification for successful disabling of accounts. To access this form, click the SUCCESS NOTIFICATION box in the Administration Manager flowchart.


Courion Corporation

Figure 35: Modify Notification (for Account Disable Success) Administration Manager Form

Click the check box in the ACTIVE column next to an attribute name to include it in the e-mail notification. The “From” and ”To” fields have a grayed-out check mark in the ACTIVE column because they are required.

In the VALUE column for each selected attribute, enter the appropriate text in the DEFAULT VALUE field. Most fields are pre-configured. The “From” field is configured to send notification from the provisioner that disabled the accounts. The “To” field is configured to send notification to the master email address that was defined in the Express Connector configuration. The Subject and Message fields have default text informing the administrator of the account disabling. The CONTROL TYPE drop-down box can be set to a value of “Text” or ”Text Area”. A value of “text” provides a single line of input for the DEFAULT VALUE field, while a value of ”Text Area” provides multiple lines of input.

Note: If you want to edit the pre-configured fields that use macros, Courion recommends that you create a new workflow by copying the Jump Start workflow. Then you can edit the custom macro in the new workflow and maintain a working copy of the original workflow. See “Copying Jump Start Workflows” on page 51 for information about how to do this.


Courion Corporation


To configure the notification for non-successful disabling of accounts, click NON-SUCCESS NOTIFICATION. This form is identical to the Success Notification form, but the Subject and Message fields have default text informing the user that the account disabling has failed.


Courion Corporation

49

Courion Corporation

Appendix A: Access Key Requirements for Jump Start Workflows

Opening the Express Connector Configuration Manager. Select:

Start>programs Courion Access Assurance Suite>Express Connector Configuration Manage

This displays a list of Jump Start workflows and other sample workflows. Select the workflows that you want to install, as in Figure 1.

Figure 1: Express Sample Workflow Selection Screen

By default, all available workflows not currently installed are selected for installation, provided you have the proper access keys required for those workflows. A status of Unavailable means you lack an access key for that workflow. If you have previously configured a workflow and you select it here, the system warns you about overwriting the existing one.

Each workflow requires specific access keys, as follows in Table 1.

Table 1: Access Keys Required to Install Sample Workflows

Workflow Access Keys Required

Admin Claiming Scenario Active Directory connector and Exchange 2000 connector keys

50

Courion Corporation

Admin New Hire Scenario (Either AccountCourier Or Administrator New Hire Jump Start) AND (Active Directory connector and Exchange 2000 connector) keys

Basic Access Approval Scenario (Either AccountCourier Or Basic Access Jump Start) AND (Active Directory connector and Exchange 2000 connector) keys

Basic Access Request Scenario (Either AccountCourier Or Basic Access Jump Start) AND (Active Directory connector and Exchange 2000 connector) keys

CourionCompliance ComplianceCourier, Active Directory connector, and Exchange 2000 connector keys

CourionSelf-Service AccountCourier, Active Directory connector, and Exchange 2000 connector keys

CourionSelf-Service Password Reset PasswordCourier, Active Directory PMM, and Active Directory connector keys

CourionSelf-Service Profile Management

AccountCourier, and Active Directory connector, and Exchange 2000 connector keys

CourionSuper-User AccountCourier, ComplianceCourier, Active Directory connector, and Exchange 2000 connector keys

CourionTransparentSync Reset (actually a template, which requires additional information to run)

PasswordCourier, Transparent Synchronization, and the Active Directory PMM keys

Disable Orphan Accounts Scenario (Either AccountCourier Or Orphan Account Finder Jump Start) AND (Active Directory connector and Exchange 2000 connector) keys

End User Claiming Scenario Active Directory connector and Exchange 2000 connector keys

Find Orphan Accounts Scenario (Either AccountCourier Or Orphan Account Finder Jump Start) AND (Active Directory connector and Exchange 2000 connector) keys

Termination Scenario (Either AccountCourier Or Account Termination Jump Start) AND (Active Directory connector, and Exchange 2000 connector) keys

Table 1: Access Keys Required to Install Sample Workflows

Workflow Access Keys Required

Creating a Workflow by Copying an Existing Workflow 51

Courion Corporation

Appendix B: Copying Jump Start Workflows

Courion strongly recommends that if you want to edit the Administration Manager forms for a Jump Start workflow in Tree View or Flowchart View, that you create a new workflow by copying the one you want to edit. You can then edit the new workflow while maintaining the original workflow for reference. Doing this ensures that you have working versions of the Jump Start workflows for the following reasons:

• Because Jump Start workflow Administration Manager forms use a subset of the options available on the corresponding forms in Tree View or Flowchart View, editing the Jump Start forms in either of these other views may prevent them from operating correctly.

• If you reinstall the Access Assurance Suite for some reason (such as upgrading to a higher version), you can overwrite the preconfigured workflows, including the Jump Start workflows. In this situation, you would lose any edits you made to the Jump Start workflow.

For information about how to use the Administration Manager in Tree View or Flowchart View, see the manual Using the Access Assurance Suite Administration Manager.

Creating a Workflow by Copying an Existing Workflow

Follow these steps to create a workflow by copying an existing workflow in Tree View or Flowchart View:

1. From the Administration Manager for a Jump Start workflow, select Tree View or Flow Chart view by clicking on the appropriate button in the upper right corner of the Administration Manager window, as shown in Figure 2.

Figure 2: Buttons for Tree View and Flowchart View

When you select a view, the Administration Manager page for that view appears and you can create the new workflow.

2. Select the Create Workflow option in Tree View or Flowchart View.

To create a workflow in Tree View:

Click the Create Workflow button under the workflow name. Figure 3 shows the Basic Access Request Scenario workflow in Tree View.

52

Courion Corporation

Figure 3: Jump Start Workflow in Tree View

To create a workflow in Flowchart View:

Click the plus sign (+) next to the workflow name. Figure 4 shows the Basic Access Request Scenario workflow in Flowchart View.

Figure 4: Jump Start Workflow in Flowchart View‘

Creating a Workflow by Copying an Existing Workflow 53

Courion Corporation

Figure 5: Enter New Workflow Name

3. Enter the name of the new workflow a shown in Figure 5.

For example, if you wanted to create a workflow similar to Basic Access Request Scenario, you could name it New Employee Request.

Note: Do not use the following characters when naming a workflow: # (pound sign), % (percent), & (ampersand), ‘ (single quote), < (left angle bracket). The # (pound sign), % (percent), and & (ampersand) characters do not resolve properly when entered as part of a URL in your browser’s Address bar. The ‘ (single quote) and < (left angle bracket) generates unusable workflows.

4. Select another workflow from the COPY FROM AN PREVIOUSLY CONFIGURED WORKFLOW drop-down list. In this example, you would select Basic Access Request Scenario.

5. Click the CREATE button.

6. The new workflow now appears on the list of existing workflows and you can edit it in Tree View or Flowchart View.

54

Courion Corporation

Index 55

Courion Corporation

INDEX

Aaccess key requirements 49access keys

required by preconfigured workflows 49access keys screen 12Active Directory (AD)

express configuration 18admin claiming

using 34Administration Manager

introduced 16Administration Manager forms, accessing 28administrator

authentication 40identification 38

administrator authentication 16authentication

administrator 16

Cclaiming

using the admin claiming workflow 34using the end user claiming workflow 35

configurationCourion Server 12

console page, accessing Jump Start workflows from 23

Courion Serverconfiguring 12

Eend user claiming

using 35

IIdentityMap entries

where they are stored 33installation 9installing

required system components 9

Jjump start option

introduction to 3jump start workflows

copying 51

Kkeys, access

screen 12keys, access, for jump start options 49

Nnotification 45

Ppass phrase entry screen 13Password Management Module (PMM) message

box 17platform selection 14preconfigured workflows

access keys required 49preconfigured workflows, installation 18profile entries

where they are stored. 33profile management workflow 36

using 36provisionee search 41provisioning platform

configuring 14

RReadme file 11

Ssearch 41select provisionee 43SMTP

express configuration 21SQL transaction repository

express configuration 20

Ttermination

using the workflow 38transaction repository

database configuration (ADO with provisioning platform or ComplianceCourier) 16

express configuration 20

Wweb browsers supported 7workflow

preconfigured, installation 18

56

Courion Corporation

using the access assurance suite account termination jump ... · features to deliver functionality...

Documents