Advanced settings

When you have finished modifying the tokens values, you must press Update button to save the changes in the database.

Menu Setup → Setup → General setup.

• Language: Global language for the system (default English), each user can have a language defined and it overrides the value defined here.
• Sitename: Site name (by default Pandora ITSM), visible in the title of all windows and in the subject field of all messages.
• Enable error log: File with the error log, located by default at /pandora_itsm.log.
• Timezone for Pandora ITSM: Defines the time zone of the Web Console. Default value Europe/Madrid.
• List of IP addresses with access to API: Comma-separated list of IP addresses with API access. An asterisk (*) means any (not recommended), default value 127.0.0.1.
• API password: Password required to make requests via API.
• First day of the week: First day of the week for calendars and other uses of the application, Monday by default.
• URL update manager: Address of the update server for Pandora ITSM.
• Login hash password: It is used to generate a unique URL to be used for pre-authentication.
• Enable HTTPS access: Configure Pandora ITSM to use HTTPS to encrypt communications.

openssl.cafile=/etc/ssl/certs/nombre_certificado.ca-bundle

• Access port: Configure the server access port number, default value 80.
• Public access to server: Public access URL to the server, it can be an IP address or a URL address.
• CSV encoding type: Default file encoding type .csv (véase Separator data in CSV).
• Enable Update Manager checks: Enables notifications of available updates for Pandora ITSM.
• Maximum direct download size (MB): Defines the maximum size of a file to download in the application.
• Max. upload file size: Defines the maximum size of a file to upload to the application. If you have a lower system size (php.ini) this limit may not be respected.
• Max. Upload file size in CRM (MB) and Max. Upload file size in incidents (MB): Defines the maximum size of a file to upload to the application in the ticket and CRM sections.
• Separator data in CSV: Data separator in CSV files, default value comma ,' .
• Temporary directory of pdfs: Directory for storing temporary files in PDF reports.
• Hide version: Hides the version in both the footer and the login screen.
• Show modal last time logged: Shows each user the date and time of their last login (modal form).
• Welcome view: Defines the time (by default the last 21 days) to be displayed in the welcome screen if the user has this option enabled in his profile.
• Chromium path: Location of the dependency for report generation, by default /usr/bin/chromium-browser.
• Active automatic timetrack stop: Used to record the maximum time worked. It is active by default and stops automatically when the value specified in Stop timetrack after (eight and a half hours by default) is added and reached.

From version OUM 103 onwards, the Theme token is available, both for general configuration and at user level. The light theme, Default (Light), is set by default as the global theme and for users that global theme is set by default. Unless otherwise specified, all other configuration values refer to that particular light theme. For the dark theme (dark theme) specific tokens have been set.

• Favicon: It allows you to set an icon (generally 16 by 16 pixels) as a favorite.
• Block size for pagination: Number of elements per page in listings. It is recommended to use low values to avoid performance impact .
• Global dashboard (welcome message): It allows to place a dashboard as initial screen (optional).
• Font for ITSM: Font type, both for the interface and for PDF files.
• Global search limit: Number of items that will appear in listings when any search is used.

• Min. size password: Minimum length that the password must have, by default five characters.
• Password must have numbers: The password must contain numbers.
• Password must have symbols: The password must contain symbols.
• Password expiration (days): Time, in days, of password expiration, by default zero (never expires).
• Force password change on first login: Force password change on first login.
• User blocked if login fails (minutes): User lockout time, in minutes (default five), after failed login (after the retries configured in the next field).
• Number of failed login attempts: Number of failed identification attempts.

• Show ticket owner and Show ticket creator: Show ticket creator and show ticket owner in ticket listing and search views.
• Max. tickets per search: Maximum number of tickets per search, this limits the results in ticket search to avoid performance hits. Between 200 and 500 is recommended.
• Enable quick edit mode: Allows you to quickly edit some elements of the ticket (owner user, criticality, status) without going into full edit mode.
• Show user name instead of ID in the ticket search: Show the real user name instead of the identifier in the ticket search.
• Format date: Two date format options, long yyyy/mm/dd h:m:s (default option) and approximate (for example: 1 day, 2 hours).
• Completion date WU: Checking this option will show the Completion Date field in the Workunits (WU) of the tickets. This date can be different from the Workunit creation date.
• Sort work units by completion date: Sort WU by completion date (in the WU list of a ticket).
• Most recent comments at the bottom: When enabled, the most recent comments and the input field to add new ones will be displayed at the bottom of the incident view.

• Disable ticket score: Disable incident evaluation.
• Allow IW to change creator and Allow IW to change owner: Users with this access bit will be able to change the creator and/or owner of the ticket.
• Editor adds a WU on ticket creation: A Workunit (WU) is automatically added when creating a ticket.
• Allow to change the ticket type: If deactivated, it will not be possible to change the type of ticket once it has been created.
• Allow to configure the date/time when creating it: Allow defining the time and date of the ticket at the time of its creation.
• Ignore user defined by the group for the owner: Allows to ignore the user predefined by the group for the owner.
• Ticket type required: Forces you to choose a ticket type.
• Ignore creator user by default: If enabled, the default creator user is ignored and must be specified manually.
• Allow to change creator and owner: Allow modification of the creator user and the owner user.
• Allow external users to modify their tickets: Allow external (non-grouped) users to modify their tickets.
• Ignore group template for the issue creator: Ignore group template to the originator of the incident.
• Creator can see every user: The creating user will be able to see all users, even from other groups.
• Automatically assign ticket: Based on the group assignment rules, it allows ticket auto-assignment.
• Issue editor is the first editing user: If checked, the user who edited the ticket will always be set as the user who edited the ticket in the first place.
• Change to assigned status if owner adds a note in the ticket: Change the assigned status if the owner adds a note on the ticket.

• Automatically close ticket: Number of days (by default 45) after which a ticket will be closed automatically.
• Ticket WU default time: Default value used when entering a work unit, in units of hours. Example: 0.25 will be 15 minutes.
• Sending email when managing WU: Sending email when managing WU. As of version 103 OUM can also send an e-mail to a user if he/she is mentioned in the WU.
• Default internal work units: Default internal work units.
• New WU are always public: Activation of comments as always public.

• Check closed tickets when running workflow rules: This option is used for Workflow rules to process closed tickets.
• Days to check closed tickets: If the previous field is marked, the tickets closed in the last 15 days (value by default) will be taken into account.

With the exception of tokens 1 and 2, all others are active by default.

1. Masking email addresses: With this option enabled, e-mail addresses that are in the ticket content will not be displayed.
2. Send all attachments for each issue update by email: Sending of all attachments associated with the ticket with each update via email.
3. Send email for each created ticket: Send notification of each ticket that is created.
4. Send email for each closed ticket: Send email for each incident closure.
5. Send email for each update of the issue status: Send notification for each ticket status change. In case of changing its status to closed the notification sending will depend on the previous token configuration.
6. Send email for each update of the issue owner: If the owner of the issue is changed, an email will be sent.
7. Send email for each update of the issue priority: It will send notification for each change in the work priority of the incident.
8. Send email for each update of the issue group: Send email for each update of the ticket group. This configuration can be general or group-specific. To make it group specific it is necessary to configure it in the group edition.
9. Send email for each update of the issue in other fields: It will send notification for each modification of any of the other fields of the issue.
10. Send email for each created work unit: Send email for each Workunit created. From version 103 OUM onwards you can also send an email to a user if he/she is mentioned in the WU.
11. Send email for each added attachment: Send notification for each attachment added.
12. Group work units for each ticket and email: In order to reduce the number of messages to be sent, this token (active by default) groups several notifications (attached files and/or WU added in a period of 5 minutes) into a single notification.
13. Send email for each validated work order: Send email for each work order validation.
14. Send additional emails when the comment is internal: Different email addresses can be added to a ticket, including PITSM participants and users. To prevent these mailboxes from being notified when adding a WU in an internal comment, this option should be disabled.

Status an Resolution

Status labels and ticket resolutions can be modified. It is important to note that even if you change the label, the logic associated with the statuses remains the same, so the SLA, Workflow rules, or ticket colors according to their status (new/closed) will remain the same.

Weekends are working days and Special day

Non-working days are used to define local/national holidays and so on. They are not taken into account in SLAs, and are displayed differently in calendars. With these two token weekends (Saturdays and Sundays) can be defined as working days and holidays can be added with the concept of special days, both for SLA calculation purposes.

Sending mail (email) is used, for example, when there is a change in a ticket or an SLA is breached.

Receiving emails is only necessary if you use the creation and management of tickets by email.

• Notification period: Notification period, minimum time in hours (24 by default) that must pass between two SLA notifications.
• System email from address: Email address from the system, it will be the sender that will be used when sending emails from Pandora ITSM.

The common fields, independent of the encryption type (except when OAuth 2.0 is used in the Encryption field), are:

• SMTP Host: Location of the post office. If left blank, it will try to use a local mail system postfix/sendmail (if enabled).
• SMTP Port: Port number to send mail.
• SMTP user: Username.
• SMTP password: User password.

The fields for configuration in Pandora ITSM list are:

• SMTP queue retries: Retries to send the mail queue. If this number is exceeded, the mail in the queue will be marked as incorrect.
• Max. pending emails: Maximum number of pending emails. If this number is exceeded, it will display a warning in the system notice area to indicate that there may be a problem in sending emails.
• Max. emails sent per execution: Maximum number of emails sent per execution, thus limiting the maximum number of emails in each periodic execution of the maintenance script.

• Encrypted with STARTTLS:

• Encryption method: STARTTLS.
• SMTP Host: smtp.gmail.com
• Port: 587 (25 could also be used).

To get an application password from Google (https://myaccount.google.com/apppasswords) you will need to create an application entry, automatically generate a password, manually copy without spaces to the corresponding field.

• SSL/TLS Encryption
• Encryption method: SSL/TLS
• SMPT Host: smtp.gmail.com
• Port: 465

• Encryption method: STARTTLS.
• SMTP Host: smtp-mail.outlook.com .
• Port: 587 (25 could also be used).
• Compatibility: Outlook.

• Encryption method: OAuth 2.0.
• User ID: User identifier.
• Client ID: Application identifier registered with Microsoft.
• Tenant ID: Allowed values are tenant ID for tenant ID or domain name, common for both Microsoft accounts and work/school accounts, organizations for accounts only professional or educational and consumers only for Microsoft accounts.
• Secret: User's private token.

• Encryption: None for sending without encryption or encrypted with SSL/TLS, SSLv2, SSLv3, or STARTTLS.
• Name: DNS name or IP address of the mail server.
• Port: Port on which the mail server is listening.
• User: User configured in the mail server.
• Password: Password configured for the user indicated above.

IMAP:

• POP/IMAP Host: imap.gmail.com
• POP/IMAP Port: 993
• POP/IMAP user: Email mailbox of the user.
• Select IMAP or POP: IMAP.
• Compatibility: Compatibility with Gmail.

POP:

• POP/IMAP Host: pop.gmail.com .
• POP/IMAP Port: 995 (POP)
• POP/IMAP user: Email mailbox of the user.
• Select IMAP or POP: POP
• Compatibility: Compatibility with Gmail.

To configure the “Management of email queues by groups” you must add a domain filter in the Email origin field that matches what is established here.

IMAP:

• POP/IMAP Host: imap-mail.outlook.com
• POP/IMAP Port: 993
• Select IMAP or POP: IMAP
• Compatibility: Compatibility with Outlook.

POP:

• POP/IMAP Host: pop-mail.outlook.com .
• POP/IMAP Port: 993 (IMAP)/995(POP) .
• Select IMAP or POP: POP/IMAP .
• Compatibility: Compatibility with Outlook.

To configure the “Management of email queues by groups” you must add a domain filter in the Email origin field.

IMAP:

• Name: outlook.office365.com valid for both POP/IMAP.
• Port: 993 (IMAP)/995 (POP).
• Protocol selection: POP /IMAP.
• Compatibility: Office 365.

POP:

• Name: outlook.office365.com valid for both POP/IMAP.
• Port: 993 (IMAP)/995 (POP).
• Protocol selection: POP /IMAP.
• Compatibility: Office 365.

To configure the “Management of email queues by groups” you must add a domain filter in the Email origin field that matches what is established here.

• Encryption: You can configure the POP/IMAP server without encryption or encrypted with SSL/TLS, SSLv2, SSLv3 or STARTTLS.
• Name: IP or DNS address of the POP/IMAP server.
• Port: Port number on which the POP/IMAP server is listening.
• User: User configured in the mail server.
• Password: Password configured for the user indicated above.
• Protocol: POP or IMAP.
• Compatibility: Others.
• Accept all certificates: Checked if you want to accept any certificate, even self-signed ones.

The emails sent by Pandora ITSM are queued until the maintenance script sends them, by default every 5 minutes. To adjust this behavior there are a series of special parameters, as well as a queue manager for pending shipments.

• Email header: It will be used in any automatic email from Pandora ITSM.
• Footer of the email: It will be used in any automatic email from Pandora ITSM.

Macros are not allowed in either of the above two elements.

This system allows you to view the mails pending sending and their status. It also allows you to delete from the current queue and/or resend those messages marked as invalid. You can select mails individually by checking the box associated with each one and then pressing Reactivate pending emails or Delete pending emails.

Allows you to edit the mail templates that Pandora ITSM will use to compose emails as well as the templates of the subject or subject of the message. The mail templates are generic and are used for all groups.

To edit a template, click on its name or press the corresponding edit button in the actions column.

Macros are variables that will be replaced at the time of composing the message by a specific actual value:

• _author_: Creator of ticket.
• _creation_timestamp_: Date and time of ticket creation.
• _fullname_: Full name of the user receiving the mail.
• _group_: Group assigned to that ticket.
• _havecost_: For project work unit reports only.
• _incident_id: ticket identifier.
• _incident_main_text_: Main descriptive text of the ticket.
• _incident_title_: Title of ticket.
• _owner_: User who controls the ticket.
• _priority_: Priority of ticket.
• _projectname_: For project reports only.
• _resolution_: Resolution of ticket.
• _sitename_: Site name, as defined in the General Settings.
• _status_: Status of ticket.
• _taskname_: For project reports only.
• _time_used_: Total time spent on this ticket.
• _update_timestamp_: The last time the ticket was updated.
• _url_: URL of ticket.
• _username_: Name of the user receiving the mail (login name).
• _wu_text_: Text of the work unit.
• _wu_user_: User reporting a work unit.
• Custom field templates: This allows that when creating an object type, the name of the fields to be added can be included as a macro, which will display the value of that field: “_custom field name_”.

This option is used to “hide” certain parts of Pandora ITSM from user groups. The following visibility levels can be configured for each section and user group:

• Hidden: It will not be displayed for those users who belong to the indicated group.
• Full: Users belonging to the indicated group will have full access to the section.

Each section is associated to a profile, which is checked together with the user's group to know if it has visibility or not:

• Projects ⇒ PR.
• Tickets ⇒ IR.
• Inventories ⇒ VR.
• BC ⇒ KR.
• File releases ⇒ KR.
• Agenda ⇒ AR.
• Persons ⇒ Any profile.
• Work Orders ⇒ WOR.
• Configuration ⇒ Any profile.

If the user is an administrator he/she will always have full access regardless of the menu visibility settings.

If a user has profiles in several groups that have different levels of visibility in a section, the visibility for that user in that section will be the least restrictive.

If a visibility level is created for a section by selecting all groups (group All), any other configuration previously registered for that section will be deleted, and only the one entered will remain.

This section controls both inventory options and remote inventory management (processing of data sent by Pandora FMS agents to Pandora ITSM, without the need to install Pandora FMS).

• Duplicate inventory name: Enables the option to have inventory object names with the same name. Option disabled by default.
• CSV compatibility import: If the option is disabled it allows CSVs to be displayed as a report showing the inventory objects previously selected by the user as they appear in the list. By default it will be enabled to allow importing.

Inventory data processing from Pandora FMS agents (Remote inventory):

• Default owner: Default owner for these objects.
• Associated company and Associated user: Companies and users with access to these objects.

Users of type Super administrator (superadmin) are the only ones who always authenticate locally, unlike the rest of the users who, if configured, can authenticate remotely with LDAP or Active Directory.

If LDAP or Active Directory is configured, Pandora ITSM will first query these platforms if the user exists and if the password is correct.

With the token Session timeout (secs) the maximum session timeout (default nine thousand seconds) is set.

You can configure whether, in case of remote authentication failure, you can authenticate locally by activating the token Fallback to local authentication.

By enabling the option to automatically create users (Automatically create remote users) you can configure the option to assign user level, profile and group and even specify a restricted user list (Automatically create blacklist). In the advanced configuration of Active Directory (Advanced Configuration AD) new permissions can be added.

Selecting LDAP as remote authentication allows you to choose between LDAPv1, LDAPv2 and LDAPv3 and optionally encrypt communications by enabling the Start TLS token.

This authentication method lacks the option to authenticate locally in case of failure (for users other than superadmin).

Two-factor authentication (or two-step authentication) has been positioned for years as one of the best options to increase the security of a user account. Pandora ITSM incorporates this functionality by integrating with the Google® solution, called Google Authenticator®.

Requirements

To use this functionality the administrator will need to enable two-factor authentication in the authentication section of the global settings of the PITSM Web Console. It will also be necessary to have the code generator application on a mobile device that you own. To find out where and how to download:

You must have superadmin rights to access the configuration options. From the main menu go to Setup → Setup → Authentication configuration. Click on Activate double factor authentication.

Pandora ITSM will generate an authentication key and display it, in addition, by means of a QR code.

Using the application you downloaded and installed, give PITSM the resulting code. Click on the Validate code button. When you log out you will have to re-enter your credentials and when they are validated you will have to enter the generated code, for that specific time, and thus finalize the double authentication.

In case a restart of the double authentication key is needed, the Restart double auth code button is used. This can also be done from the People → Edit my user menu and also in User management for all other users.

An email with a link will be sent to you and you will have 15 minutes to click on the link.

Menu Setup → Setup → CRM setup

In this section you can configure invoice parameters such as header image, payment methods, or tax abbreviations. You can also hide the tax identifier (disabled by default) and automate invoice numbering.

You can enable (or disable) the automatic generation of invoice IDs, and modify their structure:

In the field Invoice ID pattern a text string is stored that will be used as a pattern to generate the identifiers, by default 21/[1000]. This pattern will contain a fixed part and a variable part. The variable part must be numeric and will serve as the first element from which to calculate a sequence. The variable part will be enclosed in square brackets. The rest will be constant in all invoices.

In the CRM configuration section you can also rename the leads statuses to customize your pipeline.

Allows you to specify to the system how to manage historical information. If the value indicated is zero 0 in a token, the related data will always be kept.

The Reset to Default button will change each and every tokens and save automatically. These defaults and the relevant details are indicated:

• Days to delete events: 30.
• Days to delete tickets: 0. The related data will also be deleted.
• Days to delete work units: 0. As long as they belong to disabled projects, working hours older than the indicated days will also be deleted.
• Days to delete work orders: 0.
• Days to delete audit data: 15.
• Days to delete sessions: 7.
• Days to delete workflow events: 900.
• Days to delete attached files to tickets: 0.
• Days to delete old file tracking data: 30.
• Days to delete backups: 30.
• Days to delete invalid emails: 30. Messages that could not be sent.
• Days to delete reports: 365. Reports that have been self-generated on a periodic basis.
• Days to delete rooms chat-bot archived: 365.

• Auto WU Completion (days): The number of days (default zero) in a work cycle is specified. Generally time periods such as weekly, bi-weekly or monthly are used by entering the actual number of days to work. This feature will autocomplete the TUs backwards from the current time. These hours entered to users are not assigned to any task in any project, but to “Unjustified” hours.
• No WU completion users: This is a specific list of users (separated by a space) without UT auto-completion.
• Work hours per day: This number represents the number of hours (eight by default) of a normal working day, in order to calculate the UT autocompletion.

• Project WU Default time: four hours, default value.
• Currency: euro by default (eu).
• Disable tickets and WUs addition for Pending and Verified tasks: In order to be able to finish a verified project, this token is activated to stop adding work that causes delay.
• Total vacation days: Number of vacation days (twenty-two by default) that will be used for the corresponding calculations in the vacation report section.

In this section the Pandora ITSM license must be entered. Once entered, click on the Update license button so that Pandora ITSM verifies if it is valid. By clicking on the padlock icon you will be able to see the details of the applied license.

To activate the Pandora RC remote management system] (formerly known as eHorus).

To activate ChatBot and configure the server and channels.

For the integration with GitLab® an access token belonging to a GitLab user with permissions to view the tickets of a given project is required. Once it has been configured, it will be possible to consult through the Pandora ITSM Web Console, only in read mode, the incidents registered in a project.

See more details in "GitLab".

CoSee “Integria IMS Update”.

The file manager is used to upload and delete files to the internal system of Integria IMS. This is useful for conveniently uploading new logos or user avatars. It is also the easiest way to upload new files to the file distribution system integrated in Integria IMS. These files are located in the /attachment/downloads directory.

To upload avatar images, you can do so in the /images/avatars directory.

You can change the default icons in the /images directory.

Allows you to add small system news, which will be visible to all users when they enter. Useful, for example, to notify of changes in the platform or notices about interventions, disconnection of the service or others.

It is a direct interface against the system database, in SQL.

It will be possible to add and remove links that will be displayed in the Links section of the main menu.

History of events that have occurred in the system, such as the sending of scheduled reports, execution of cron tasks, system failures, etc.

This log will reflect all the actions of each user in each section. If someone modifies a customer's data, it will be known when and what was changed. If someone deletes an invoice, it will be known when and what invoice, and so on. Allows you to search for a specific substring.

Displays the error log (if it is enabled), useful for identifying possible system code errors. In the event of a query or ticket, you must provide the latest entries (by date) of this registry.

Allows you to change any text that appears in the Integria IMS interface for a personalized one.

In the interface there is a combo in which you can select the language you want to modify and a free field to search for the text. The search is carried out on the original language, which is English, all the translations are based on this language.

Define a home screen with links to specific sections of Integria IMS or external pages:

It can be visible either as a new section of the upper horizontal menu or as the Integria IMS home screen.

It is global to the system, appearing as the main one when logging in or clicking on the upper left logo of the tool. The editor allows us a high level of customization of the screen and the widgets to be displayed.

The backup section allows Integria IMS users to make backup copies of their attached files and their database manually or on a scheduled basis.

The first consists of a list of existing backups in your backup folder within the Integria IMS directory. From here you can delete a backup, download it to your machine or restore your Integria IMS system from a backup on the list (special care must be taken when performing this action as the backup will replace the database information with the one you had at that time). backup, making the information added between the backup and the system in its current state disappear).The second section allows programming so that, after a specific time, a backup of your Integria IMS system is made. For the creation of a backup schedule, you must include a name for the schedule, a backup mode (there are three modes, database only, attachments only, or both), a backup frequency (weekly by default), and a backup address. email to which notifications will arrive if something goes wrong with this backup. Also in the same section tendWe will make the schedule list available for editing or deletion, as appropriate.

The third and last section is in charge of performing manual backups at the moment, giving the possibility of creating a backup with the desired name and mode (and optionally an email address for error notifications) instantly without having to wait for a schedule. This backup will be created in your backup folder within the Integria IMS directory and will be available in the list of backups.

It also has the possibility of uploading our own previously downloaded backups, these must have the same structure that the tool generates to maintain consistency and not be previously in the database.

This is a highly sensitive functionality, we recommend always having the backups physically (in addition to their corresponding folder within the Integria IMS directory) to have a backup copy if something goes wrong in the system restore process to a previous version.

Back to Pandora FMS documentation index