Approving requests via Email
This feature allows a user (an approver) to receive an email notification about a pending request and approve the request via email, without being logged into OpenIAM.
OpenIAM, using its SMTP account, reads the reply in its inbox and proceeds with approving, declining, or taking other actions on the request based on specific keywords.
The following keywords must be typed in the email body:
- "I accept this request" to approve the pending request.
- "I reject this request" to reject the pending request.
- "delegate
toWhomEmailAddress@openiam.com
" to delegate the pending request.
Request ID in subject
One critical requirement is that the request ID must be present in the email’s subject line.
If this line is missing, it might not be selected in your email template. To add it:
- Go to webconsole > Administration > Mail Template Editor
- Locate the relevant email template.
- Add
${req.getNotificationParam('REQUEST_ID').valueObj}
to the Mail Subject Line field. - Click Save.
Approver email address
The email address of the approver (who will accept, decline, or delegate the request) must match exactly one user email in OpenIAM.
This is typically satisfied by default, though test scenarios might require additional attention.
Enabling inbox reading
For OpenIAM to monitor replies, the Read Inbox feature must be enabled.
Follow these steps:
- Go to webconsole > Administration > Mailbox Configuration
- In the Actions column, click the Edit icon
- Check the Read Inbox? checkbox
By default, OpenIAM checks the inbox every 15 minutes. You can adjust this frequency using the following Java option:
-Dorg.openiam.email.inbox.sweep=900000
Here, 900000 represents 15 minutes in milliseconds. Modify the value to suit your preferences.
Audit log
After a user responds to a request via email keyword, the event is recorded in the audit log. To view it, go to webconsole > Administration > Log Viewer.
The event name is MAKE_DECISION_FROM_EMAIL
.