Global Configuration – Maker-Checker (tab)
The SERVERS > Global Configuration > Maker-Checker tab contains solution-wide configuration settings for maker–checker authorization that apply to all server instances in a replicated environment.
This tab is only available if you have the View Back-End Settings privilege set. To change settings, you require the Update Back-End Settings privilege.
| Field name | Description |
|---|---|
| Enable Maker-Checker |
This option enables maker–checker authorization. If maker–checker authorization is enabled, certain commands (as specified by Specify Maker–Checker Commands) initiated by an administrator can only be completed after approval and authorization by another administrator. Default value: No |
| Specify Maker–Checker Commands |
Select the commands you want to use with maker–checker authorization. By default, maker–checker authorization is selected for all supported commands. If you clear all option values, Enable Maker–Checker is automatically set to No. |
| Email Notification | |
| The options in this section specify templates used for maker–checker authorization notifications via email. | |
| Header Name |
Optional. The name of a custom message header field to set in the message header. Default value: <empty> |
| Header Value |
Optional. The value of the custom message header field specified by Header Name. Default value: <empty> |
| Notification Type | |
| Pending Operation Created | |
| Subject |
The text for the Subject field in messages that are sent to notify an administrator that a pending operation is awaiting approval. Default value: "A new approval request for a pending operation was issued to you" |
| Message Template |
Message template to use in email messages that are sent to notify an administrator that a pending operation is awaiting approval. Default value: "A new request for [[object]] [[command]] was created by [maker] and awaits your approval. |
| Pending Operation Approved | |
| Subject |
The text for the Subject field in messages that are sent to notify an administrator that a pending operation has been approved. Default value: "Your pending operation request was approved" |
| Message Template |
Message template to use in email messages that are sent to notify an administrator that a pending operation has been approved. Default value: "Your request for [[object]] [[command]] was approved by [admin]. Note: [note] |
| Pending Operation Rejected | |
| Subject |
The text for the Subject field in messages that are sent to notify an administrator that a pending operation has been rejected. Default value: "Your pending operation request was rejected" |
| Message Template |
Message template to use in email messages that are sent to notify an administrator that a pending operation has been rejected. Default value: "Your request for [[object]] [[command]] was rejected by [admin]. Note: [note] |
| Pending Operation Deleted | |
| Subject |
The text for the Subject field in messages that are sent to notify an administrator that a pending operation has been deleted. Default value: "A pending operation was deleted" |
| Message Template |
Message template to use in email messages that are sent to notify an administrator that a pending operation has been deleted. Default value: "A request for [[object]] [[command]] created by [maker] was deleted by [admin]. Note: [note] |
When you configure message templates, you can use different placeholder strings as variables. If applicable, the placeholder strings are replaced during runtime with the actual values. Otherwise the placeholder string will not be replaced.
| Placeholder string | Description |
|---|---|
| [admin] | The user name (if available) and the unique identifier of the administrative user who performs the action causing the respective message to be sent, e.g. initiating or approving a pending operation. In case of authorizing a pending operation, this is not necessarily the same administrator who was originally selected to authorize it, i.e. the [checker]. |
| [checker] | The user name (if available) and the unique identifier of the administrative user who was originally selected to authorize the pending operation. |
| [command] | The target command of the pending operation, e.g. Assign. |
| [maker] | The user name (if available) and the unique identifier of the administrative user who initiated the pending operation. |
| [note] | Additional annotations and remarks added by the checker administrator when verifying the pending operation. |
| [object] | The target object of the pending operation, e.g. Digipass. |
| [poid] | The pending operation identifier (POID) uniquely identifying the respective pending operation. |
| Placeholder string | Description |
|---|---|
| [domain] | The user domain. |
| [email] | The user's email address. |
| [mobile] | The user's mobile number. In Active Directory, this refers to the Mobile field in the user's list of available Telephones. |
| [phone] | The user's phone number. In Active Directory, this refers to the Telephone number field. |
| [serialnumber] | The serial number of the authenticator. |
| [userid] | The user identifier. |
| [username] | The user name. |