A little over a year ago we released the first version of our Application E-mail approval utility. Ever since our first release we have received lots of positive feedback and ideas to new features. Most of the ideas are implemented in this new release. Thanks for all the feedback and please keep it coming.
This blog post will explain how you can install CTAA (Coretech Application Approval tool) – Download Additional blog posts will follow and explain how you can customize the tool.
Why the need for this utility
The idea with this utility is to integrate a “real approval flow” with the standard ConfigMgr 2012 application request feature. Out of the box, ConfigMgr requires that you approve all application requests in the ConfigMgr console. What many of our customers want is a flow where application requests are mailed to the business manager and/or a fallback mail address like servicedesk. Both of those features can be implemented if you have System Center Service Manager and System Center Orchestrator in place. If those products are not installed yet, the Coretech Application Approval tool can be used instead. The process flow is described below.
As you can see in the illustration a mail can be send to either the designated manager in Active Directory or to a fallback mail address like servicedesk. Users can also be added to a predefined security in Active Directory where approval requests are automatically approved.
The solution is a website running on any of the servers in the same domain. In this example the website will be installed on the primary site server.
- IIS Application Pool
- ASP.Net 4.0
- Windows Authentication
3 Active Directory Security groups
- AppReqWebsiteApprovers (users who can approve/deny all application requests. By default the manager can only approve/deny requests for users they manage). The managers and other users that can approve application requests must be a member of this group.
- AppReqManagerExclude (users where approval requests will always be forwarded to the fallback mail address and not to the manager)
- AppReqAutoApprove (users who will have applications requests automatically approved).
- 1 mail address used as the sender for all mails.
- 1 mail address used as the fallback solution
- 1 licensing mail address (optional), used to send a mail informing that a license is about to be used.
- Information about the SMTP server and port.
The installation process
The installation process consist of a website and a web service. During the installation you’ll be prompted for information about mail addresses, security groups and SMTP server. In the example below you start by creating a new application pool in IIS, install the CTAA website, install the CTAA service and finally import a customer user role in ConfigMgr. The user role is mapped to the AppReqWebsiteApprovers Active Directory group.
Select Administrative Users, Add User or Group.Add the group, AppReqWebsiteApprovers, assign the group the Application Approver security role and click OK.
Testing the Application Approval tool
- Create a new user target deployment, the deployment must be Available and you need to ensure you ask for Approval.
- Ensure that your test user either has a manager in Active Directory otherwise the request will be mailed to the fallback e-mail address.
- Log on to the Application Catalog and request an application
- In this example Mike is the manager and will receive a mail informing that Bob “the user” has requested an application.
- Mike will be taken to the Appliation Request website from where he can approve or deny the application requst.
- Bob will receive a mail with the approval information and can start installating the application.
Kudos for this project goes to Claus Codam, who has been the main developer.