12.4 Enabling Email Notifications after the Installation

Identity Governance, Identity Reporting, and Workflow Services can notify users of tasks to perform via email. You can use an SMTP mail server to deliver the emails but it does not guarantee that the users will receive the email. To guarantee delivery of email notifications, you must install an ActiveMQ messaging server. If you do not use ActiveMQ, Identity Governance sends the notification once, regardless of success or failure of delivery.

You can also configure Identity Governance to send reminders of tasks, based on the escalation timeout setting. For more information, see Creating and Modifying Review Definitions in the Identity Governance User and Administration Guide.

When Identity Governance sends an email, the application queries the preferred language of the target user. If Identity Governance supports that language, the email is delivered in the preferred language. Otherwise, the email uses the default language for the system. You can customize the content in the emails. For more information, see Customizing Email Notification Templates in the Identity Governance User and Administration Guide.

12.4.1 Prerequisites for Email Notifications

Ensure that you have an SMTP mail server running and configured for SSL/TLS communications before enabling email notifications. This ensures that the email communication between Identity Governance and the users is secure.

NOTE:If you are using the Gmail SMTP server, Gmail ignores the SMTP server value and uses the actual Gmail address as the origination for email notifications.

12.4.2 Enabling Email Notifications for Identity Governance

Ensure that you have an SMTP server configured and that you have the connection information for the SMTP server to enter in to the Identity Governance Configuration utility. Also, ensure that you have ActiveMQ installed using the same Apache Tomcat instance that Identity Governance uses.

To enable the mail server for notifications:

  1. Launch the Identity Governance Configuration utility. For more information, see Section 15.1.4, Using the Identity Governance Configuration Utility.

  2. Select Workflow Settings.

  3. Under Notification System, specify the settings for the mail server.

  4. Select Save.

  5. (Conditional) To ensure guaranteed delivery of the notifications by using ActiveMQ, complete the following steps:

    1. Select Enable persistent notification message queue.

    2. Enter the settings for the JMS broker.

    3. (Optional) To use TLS/SSL protocol for messaging, select SSL and then specify the keystore settings.

    4. Select Save.

    5. Navigate to the installation directory for ActiveMQ. For example,

      • Linux: /opt/netiq/idm/apps/apache-activemq-x.x.x

      • Windows: c:\netiq\idm\apps\apache-activemq-x.x.x

    6. Copy the activemq-all-x.x.x.jar file.

    7. Navigate to the installation directory for the Apache Tomcat server supporting Identity Governance. For example,

      • Linux: /opt/netiq/idm/apps/tomcat

      • Windows: C:\netiq\idm\apps\tomcat

    8. In the lib directory of the Apache Tomcat installation, paste the activemq-all-x.x.x.jar file.

    9. Restart Apache Tomcat after copying the activemq-all-x.x.x.jar file. For more information, see Section 3.4.3, Starting and Stopping Apache Tomcat.

  6. (Optional) To change the text in the email notifications, see Customizing Email Notification Templates in the Identity Governance User and Administration Guide.

12.4.3 Enabling Email Notifications with a Load Balancer or a Reverse Proxy

Identity Governance supports load balancers and a reverse proxy. If you are using either option, you must perform some additional steps. The load balancer and reverse proxy contain multiple IP addresses or DNS names. You must configure additional fields either during the Identity Governance installation or after you have completed the installation.

  1. Obtain the protocol, DNS value, and port of the load balancer or the reverse proxy.

  2. Launch the Identity Governance Configuration utility. For more information, see Section 15.1.4, Using the Identity Governance Configuration Utility.

  3. Click the Authentication Server tab.

  4. Enter the protocol, DNS value, and port of the load balancer or the reverse proxy in the following fields:

    • IG Redirect URL

    • IG Request Redirect URL

    • OSP URL (This depends upon where you deployed OSP)

  5. Click the Network Topology tab, then click Protocol.

  6. In the Host and Port fields, specify the local host information for the load balancer or reverse proxy, then save the changes.

  7. Exit the Identity Governance Configuration utility.

  8. Restart Apache Tomcat. For more information, see Section 3.4.3, Starting and Stopping Apache Tomcat.