Chat now with support
Chat mit Support

Active Roles 7.5.4 - Administration Guide

Introduction About Active Roles Getting Started Rule-based Administrative Views Role-based Administration
Access Templates as administrative roles Access Template management tasks Examples of use Deployment considerations Windows claims-based Access Rules
Rule-based AutoProvisioning and Deprovisioning
About Policy Objects Policy Object management tasks Policy configuration tasks
Property Generation and Validation User Logon Name Generation Group Membership AutoProvisioning E-mail Alias Generation Exchange Mailbox AutoProvisioning AutoProvisioning for SaaS products OneDrive Provisioning Home Folder AutoProvisioning Script Execution Office 365 and Azure Tenant Selection User Account Deprovisioning Office 365 Licenses Retention Group Membership Removal Exchange Mailbox Deprovisioning Home Folder Deprovisioning User Account Relocation User Account Permanent Deletion Group Object Deprovisioning Group Object Relocation Group Object Permanent Deletion Notification Distribution Report Distribution
Deployment considerations Checking for policy compliance Deprovisioning users or groups Restoring deprovisioned users or groups Container Deletion Prevention policy Picture management rules Policy extensions
Workflows
Understanding workflow Workflow activities overview Configuring a workflow
Creating a workflow definition Configuring workflow start conditions Configuring workflow parameters Adding activities to a workflow Configuring an Approval activity Configuring a Notification activity Configuring a Script activity Configuring an If-Else activity Configuring a Stop/Break activity Configuring an Add Report Section activity Configuring a Search activity Configuring CRUD activities Configuring a Save Object Properties activity Configuring a Modify Requested Changes activity Enabling or disabling an activity Enabling or disabling a workflow Using the initialization script
Example: Approval workflow E-mail based approval Automation workflow Activity extensions
Temporal Group Memberships Group Family Dynamic Groups Active Roles Reporting Management History
Understanding Management History Management History configuration Viewing change history
Workflow activity report sections Policy report items Active Roles internal policy report items
Examining user activity
Entitlement Profile Recycle Bin AD LDS Data Management One Identity Starling Management One Identity Starling Two-factor Authentication for Active Roles Managing One Identity Starling Connect Azure AD, Office 365, and Exchange Online management
Configuring Active Roles to manage hybrid AD objects Managing Hybrid AD Users Unified provisioning policy for Azure O365 Tenant Selection, Office 365 License Selection, and Office 365 Roles Selection, and OneDrive provisioning Office 365 roles management for hybrid environment users Managing Office 365 Contacts Managing Hybrid AD Groups Managing Office 365 Groups Managing Azure Security Groups Managing cloud-only Azure users Managing cloud-only Azure guest users Managing cloud-only Azure contacts Changes to Active Roles policies for cloud-only Azure objects Managing room mailboxes
Managing Configuration of Active Roles
Connecting to the Administration Service Adding and removing managed domains Using unmanaged domains Evaluating product usage Creating and using virtual attributes Examining client sessions Monitoring performance Customizing the console Using Configuration Center Changing the Active Roles Admin account Enabling or disabling diagnostic logs Active Roles Log Viewer
SQL Server Replication Appendix A: Using regular expressions Appendix B: Administrative Template Appendix C: Communication ports Appendix D: Active Roles and supported Azure environments Appendix E: Enabling Federated Authentication Appendix F: Active Roles integration with other One Identity and Quest products Appendix G: Active Roles integration with Duo Appendix H: Active Roles integration with Okta

Steps for processing gathered events

To process the gathered events, start the Collector wizard (see Starting the Active Roles Collector wizard), and complete the wizard pages as follows.

  1. On the Select Task page, select the Process gathered events option.
  2. On the Data Processing Task page, specify what you want to do with the events that were gathered from the Administration Service computers and stored in the database. Select one of the following options:
    • Export using date range  Specify the date range for the events you want to export. The time you specify is considered Greenwich Mean Time (GMT).
    • Export events older than  Specify the age limit for the events you want to export.
    • Delete events older than  Specify the age limit for the events you want to delete.
  3. On to the Source database page, click Specify, and supply the name and SQL Server of the database from which you want to export or delete the events. You can also choose the authentication option for connection to SQL Server.
  1. On to the Target Database page, click Specify box, and supply the name and SQL Server of the database to which you want to export the events. You can also choose the authentication option for connection to SQL Server.

Importing events from an earlier database version

The new version of the Active Roles reports is incompatible with the database of an earlier Collector version. To create reports based on the events held in that database, you need to import the events to the database of the new Collector version, and then specify the database of the new Collector version as the data source for the reports of the new Report Pack version. For instructions on how to configure the data source, see Configuring the data source later in this document.

To import events from the database of an earlier Collector version, start the Collector wizard (see Starting the Active Roles Collector wizard), and complete the wizard pages as follows.

  1. On the Select Task page, select the option Import events from an earlier database version.
  2. On the Source database page, click Specify, and supply the name, database type, and SQL database server used by your Collector of an earlier version. You can also choose the authentication option for connection to SQL Server.
  3. On the Target Database page, click Specify, and supply the name, database type, and database server of the database used by your Collector of the current version. You can also choose the authentication option for connection to SQL Server.

Deploying reports to the Report Server

Active Roles reports require Microsoft SQL Server Reporting Services (SSRS). Make sure that you have SSRS in your environment. To use Active Roles reports, you first need to deploy them to your SSRS Report Server by using the Collector wizard.

To deploy the Active Roles reports to the Report Server, start the Collector wizard (see Starting the Active Roles Collector wizard), and complete the wizard pages as follows.

  1. On the Select Task page, select the Deploy reports to Report Server option.
  2. On the Report Server page, type the URL of your SSRS Report Server in the Report Server Web Service URL box.

    By default, the URL is http://<serverName>/ReportServer. You can use the Reporting Services Configuration Manager tool to confirm the server name and URL. For more information about URLs used in Reporting Services, see the topic “Configure Report Server URLs (SSRS Configuration Manager)” at http://msdn.microsoft.com/library/ms159261.aspx.

  1. Optionally, on the Data Source page, configure the data source for the Active Roles reports:
    1. Click the Configure Data Source button.
    2. Use the Configure Data Source dialog box to specify the Database Server instance that hosts the database you have prepared by using Collector, the name of the database type, and the authentication method to use for connection to the database.

Configuring the data source is an optional step. If you do not have a database prepared by Collector, you can configure the data source later, after you have deployed the reports. For instructions, see Configuring the data source later in this document.

Once you have deployed the reports to your SSRS Report Server and configured the data source, you can create and view Active Roles reports using Report Manager, a Web-based tool included with SSRS. For instructions, see Generating and viewing a report later in this document.

Working with reports

You use the Active Roles Collector to prepare data for reporting. The data is stored in the database you specify when configuring the data collection job (see Collector to prepare data for reports earlier in this chapter). In order to make the data available to the report server, the data source on the report server must be configured to connect to the database that holds the report data. Then, you can generate and view Active Roles reports.

Verwandte Dokumente

The document was helpful.

Bewertung auswählen

I easily found the information I needed.

Bewertung auswählen