• ESA is in use and configured
  
   
• Needs work from Cloud OPS. Cloud OPS need to know the correct tenant name before they can do their part (is something like whistleblower.customer.com)
  • CloudOps engineer runs automatic scripts to enable ESA authentication components to the customer environment.
  • CloudOps configures the ESA to one (1) ESS-site.  
  • The Cloud Operations team sends a notification to the consultant, that the cloud setup is done and ready to be used
    
     
• Consult needs access to customer's server
  
   
• Before work can begin, customers must update their DNS based on Efecte Clouds given information

1. Go to ESA Administration console eg. https://customer.efectecloud.com/auth/admin
   
    
2. Access Whistleblower Realm from top left corner 
   
   
   
    
3. Newly created 'whistleblower' configuration will have Shibboleth client configured. Make sure, that mapper "com:efecte:ess:user" is defined there with type SAML Efecte ESS user mapper - Whistleblower realm:
   
   
   
    
4. Disable ESM Access from WB users. You will have to set this as DISABLE from ESA shibboleth mappers to disable access to ESM.

1. ESA Checkpoint: Copy URL from Client without /shibboleth and try to access to the ESS portal. Login screen should be now working, but portal is still empty. 
   
   
   

Check whistleblower javascript user mapper

1. Go to ESS Admin site eg. https://customer.efectecloud.com/scc/admin
   
    
2. Select Sites tab and create new site. Add Organization Units value DC=whistleblower . It's special value which will be user for distinguishing users logging-in with ESA. 
   
   

Import Whistleblower solution offer Report Misconduct to ESS report_misconduct_ess_services.yaml

Services from file selection

 

Publish Report misconduct offering to the single Whistleblower site


 

Copy Whistleblower connector to customer environment integration hub container connector-efecteWBR.xml

Create support channel from Support channels tab and update the status mappings



 

Assign the support channel to the Whistleblower service offering Report misconduct

If Services are not visible for a Whistleblower user, make sure that those are not protected with any Roles


 

ESS Checkpoint: Log into ESS using the anonymous login. User can see only Report misconduct service, nothing else. 

1. Go to ESM as an root-level user eg. https://customer.efectecloud.com/itsm
   
    
2. Open the Efecte Administration area (a cogwheel symbol)
   
    
3. Select Templates tab and Organization
   
    
4. Choose Import option from the Template dropdown 
   
   
    
5. Import Whistleblower templates (Whistleblower and Whistleblower
   bundle):  whistleblower_templateset.xml
   • Check template references
   • Check language support (if other than english)
     
      
6. Create a folder called “Whistleblower reports” (code: whistleblower_reports) under the Organization-module
   • Check that allowed templates are Whistleblower report and Whistleblower report bundle.
   • Check that only Whistleblower reviewers have access to this folder
     
     
      
7. Create subfolder under Personnel -folder in Organization -module called Anonymous persons (code: anonymous_persons)
   • Check that the Person -template is selected as allowed templates to the folder.
   • Check that only Whistleblower reviewers have access to this folder
     
     
      
8. Create role Whistleblower Reviewer
   • Assign 3 Users
   • Assign 3 licenses
     
     
      
9. Import workflow Whistleblower_report_workflow.xml
   • Set alert recipients to workflow based on customer feedback
   • Configure 6 Set value nodes, that are setting "Assigned to” persons based on the Type of misconduct set in ESS.
   • Save and Publish workflow
     
     
      
10. Import listeners wb_person_listener  and wbr_bundle_listener.xml
    
    
     
11. In the platform settings add property: anonymise.whistleblower_report. To values, add at least following codes: RequestedFor, misconduct_date, misconduct_description, misconduct_location, AdditionalInformation, misconduct_contact support_person, RequestAttachments, external_comments, internal_comments, resolution, misconduct_review_comments, OrderedBy.
    
    
     
12. Remove selection from the checkbox “Record changes of data cards” of the Whistleblower report template. And Select the option “Log data card views” for the Whistleblower report template.
    
    
    
     
13. Create three reports for the Whistleblower Reviewer -role.
    
    
    1. First created report is to follow created issues:
       - Name: New Whistleblower reports
       - Settings: Visible “Whistleblower report” data cards
       - Conditions: Status is “01 - New”
       
        
    2. Second report shall have following settings
       - Name: Whistleblower reports by Status
       - Settings: Visible "Whistleblower report" data cards
       - Graphical Bar chart, group by “Status”
       
       
        
    3. Third report shall have following settings
       - Name: Whistleblower reports by Type
       - Settings: All "Whistleblower report" data cards
       - Graphical Pie chart, group by “Type of misconduct”
       
       
        
14. Create a dashboard where three above listed reports are placed.
    
    
    
     
15. ESM Checkpoint: Log in as Misconduct issue handlers and check that the user will see only misconduct issues. Also other ESM users have no access to see misconduct issues. Root user sees all data cards that are recorded to a single ESM

Implementation test run shall cover following steps

• Logging in works using the anonymous login
• Create Whistleblower report
• Check that alert functionalities in the ESM workflow works
• Send comment to misconduct issue reporter
• Response to comment in the ESS as anonymous user
• Close the issue in ESM and set resolution
• Log in to ESS and checks that resolution is visible for misconduct issue reporter
• Try to log in ESM using the anonymous login, cannot access
• Check that nothing else is not shown in the ESS as anonymous user than Whistleblower report

Whistleblower functionality has a built-in capabilities of removing inactive users. It calculates the number of days from each User's last login time, and if it exceeds threshold value - the User is removed.

By default, that process runs a check every 8 hours, and checks for a period of maximum inactive days = 90.

If there is a need to override these settings, it's possible to do so, in ESA's /opt/keycloak/conf/keycloak.conf configuration file.
 

What needs to be added, is under <subsystem xmlns="urn:jboss:domain:keycloak-server:1.1"> following section:

Don't forget to restart the ESA container afterwards!

When 'whistleblower' page is first shown - it prompts user for his/her agreement on Efecte Cookie policy. User can agree or decline.

It is possible to edit the message which is presented to the User, from ESA admin view, like on the following screenshots (make sure, proper realm is first selected from ESA selector):