After installing the Web Interface component, perform its initial configuration by specifying how it should select the Administration Service instance to use.
Prerequisites
The Active Roles Administration Service must be configured and running. If the Administration Service is not running, you will not be able to configure the Web Interface component.
TIP: You can view the state of the Administration Service on the Administration Service of the Configuration Center.
To perform the initial configuration of the Web Interface
-
Log in with a user account that has administrator rights on the computer.
-
Open Active Roles Configuration Center.
Configuration Center opens automatically if you select the I want to perform configuration check box on the Completion page in the Setup wizard. Alternatively, to open Configuration Center, select Active Roles 8.2.1 Configuration Center on the Apps page or Start menu, depending on the version of your Windows operating system.
-
In the Configuration Center main window, under Web Interface, click Configure.
This starts the wizard that will perform initial configuration of the Web Interface.
-
On the Administration Service page, specify how you want the Web Interface to select the Active Roles Administration Service. You can choose from the following options:
-
Administration Service on the computer running the Web Interface
-
Administration Service on this computer
Supply the fully qualified domain name of the computer running the desired Administration Service instance.
-
Any Administration Service of the same configuration as this one
Specify any Administration Service whose database holds the desired configuration, by supplying in the fully qualified domain name of the computer running that Administration Service. If Active Roles replication is used to synchronize configuration data, this must be any Administration Service whose database server acts as the Publisher for the configuration database.
-
Click the Configure button to start the configuration process.
-
Wait while the wizard completes the configuration.
Configuration Center creates three Web Interface sites based on the following configuration templates:
-
Default Site for Administrators: Supports a broad range of tasks, including the management of directory objects and computer resources.
-
Default Site for Help Desk: Handles typical tasks performed by Help Desk operators, such as enabling or disabling accounts, resetting passwords, and modifying select properties of users and groups.
-
Default Site for Self-Administration: Provides User Profile Editor, allowing end users to manage personal or emergency data through a simple-to-use Web Interface.
Each configuration template provides an individual set of commands installed by default. Once a Web Interface site has been created, you can customize its configuration by adding or removing commands, and by modifying Web pages (forms) associated with commands. The customization procedures are covered in the Active Roles Web Interface Administration Guide.
After initial configuration, you can modify Web Interface site parameters, such as the Web application alias, create new Web Interface sites, or delete existing Web Interface sites.
After deploying the Web Interface, you can use the Configuration Center to create new Web Interface sites, or modify the existing ones.
You can create any number of Active Roles Web Interface sites, either with each site having its own configuration, or sharing the configuration with other sites. For more information about Web Interface site configuration, see Create a Web Interface site in the Active Roles Feature Guide.
When creating Web Interface sites, you can apply the configuration of an existing Web Interface site to the newly created one. If you have the Web Interface site tailored to meet your requirements, and need to deploy its instance on another web server, this option ensures that the new Web Interface site has the same set of menus, commands and pages as the existing one.
To create or modify a Web Interface site
-
In the Active RolesConfiguration Center, on the Dashboard page, click Web Interface > Manage Sites.
Alternatively, on the side bar, click Web Interface.
-
On the Web Interface page, click the applicable button:
-
To create a new site, click Create.
-
To modify an existing site, select it from the list, then click Modify.
-
(Optional) In the Web Application step, configure the following settings:
-
IIS Web site: Specifies the IIS website containing the web application that implements the Web Interface site. The list is populated from the websites defined on the web server.
-
Alias: Specifies the alias of the web application that implements the Web Interface site. The alias defines the virtual path used in the address of the Web Interface site on the web server.
-
(Optional) In the Configuration step, specify how to set the configuration of the new website. The website configuration contains all customizable settings of the user interface elements, such as the website menus, commands, and web page forms that appear on the Web Interface.
-
Keep the current configuration: Uses the configuration currently assigned to the site. Select this option if you do not want to assign a different configuration to the site.
NOTE: This setting is only available when modifying an existing site.
-
Create from a template: Creates a new configuration for the Web Interface site based on a template. When selected, you must specify a unique Configuration name and must also select a Template used as a baseline for the new configuration. Active Roles contains a default template for Administration, Helpdesk and Self-Service sites.
TIP: Select this option if you want the Web Interface site to use a separate configuration that is initially populated with the default template data and settings.
-
Use an existing configuration: Assigns an existing configuration to the Web Interface site. When selected, you must specify the desired configuration from a list of saved configurations stored by the Administration Service.
NOTE: The list includes configurations compatible with the currently installed Active Roles version only.
-
Import from an existing configuration: Creates a new configuration for the Web Interface site by importing data from an existing configuration. When selected, you must specify a unique Configuration name for the new configuration and must also select the desired Configuration to import from the list of supported configurations stored by the Administration Service.
NOTE: The list includes configurations compatible with the currently installed Active Roles version only.
TIP: Select this option if you want the Web Interface site to use a separate configuration that is:
-
Populated with data imported from the configuration of an earlier Active Roles version, or
-
Copied from an existing configuration of the current Active Roles version.
-
Import from a file: Creates a new configuration for the Web Interface site by importing data from an exported configuration file. When selected, you must specify a unique Configuration name for the new configuration and must also select the File to import.
TIP: Select this option if you want the Web Interface site to use a separate configuration that is:
-
Populated with data imported from the exported configuration file of an earlier Active Roles version.
-
Copied from an existing exported configuration file of the current Active Roles version. You can export existing configurations with the Web Interface > Export Configuration option of the Configuration Center after selecting a web site.
-
(Optional) To commit your changes when creating or modifying a site, click Create or Modify, respectively. The Configuration Center then performs the configured changes, and will indicate the results.
After you configured a new site or modified an existing one, you can access it from your browser by using the specified web application alias in the following format:
http://<website>/<alias>
In this alias, <website> identifies the IIS website containing the web application that implements the Web Interface site, while <alias> is the alias of the web application as specified in the Configuration Center. For example, if the web application is contained in the default website, the address will be the following:
http://<computer>/<alias>
In this example, <computer> is the network name of the computer (web server) running the Web Interface.
NOTE: By default, you can connect to Web Interface sites via HTTP. To encrypt the data transferred from the web browser to the Web Interface with SSL protection provided by the web server, in the Active Roles Configuration Center, configure the Web Interface > Manage Sites > Force SSL Redirection settings.
For more information on how to enable SSL on your web server, see How to Set Up SSL on IIS 7 or later in the Microsoft Learn IIS documentation.
For more information on how to configure SSL redirection in the Active Roles Configuration Center, see Configuring the Web Interface for secure communication.
By default, you can connect to Web Interface sites via HTTP. To encrypt the data transferred from the web browser to the Web Interface with SSL protection provided by the web server, in the Active Roles Configuration Center, configure the Web Interface > Manage Sites > Force SSL Redirection settings.
TIP: One Identity strongly recommends using HTTPS to transfer data securely on local or remote servers.
To enable secure communication for the Web Interface for the first time
-
In the Active Roles Configuration Center, navigate to Web Interface > Manage Sites.
The list of configured Web Interface sites appear.
-
To modify the secure communication settings for the sites, click Force SSL Redirection.
-
From the Available Websites drop-down, select the website for which you want to apply SSL redirection. If you only have the default Web Interface sites configured, this setting shows Default Web Site only.
-
Enable Force SSL Redirection.
NOTE: The Manage SSL redirection settings window shows the SSL redirection status as follows:
-
If the website is not configured for secure communication, Force SSL redirection is set to Off, and the HTTPS configuration Status is shown as Not configured.
-
If the website is configured for secure communication, Force SSL redirection is set to On, and the HTTPS configuration Status is shown as Configured.
-
If the website is configured for secure communication, but the SSL bindings are deleted from the IIS site, the Force SSL redirection option is set to On by default, but the the HTTPS configuration Status is shown as Binding Deleted. In this case, you must reconfigure secure communication for the website.
-
From the Available HTTPS bindings drop-down, select the required binding for the website.
-
To apply your changes, click Modify. The Summary page then appears, showing the results of the configuration and allowing you to check the configuration log.
-
To exit the Manage SSL redirection settings window, click Finish.
TIP: If you need to disable secure communication later for your Web Interface sites for any reason, open Web Interface > Manage Sites > Force SSL Redirection again, and set Force SSL redirection to Off. To apply your change, click Modify, then click Finish.
NOTE: Consider the following when configuring security settings for the Web Interface:
-
After making any changes to the SSL settings, always clear your browser cache.
-
Active Roles supports accessing the configured Web Interface sites via federated authentication. For details, see Configuring federated authentication in the Active Roles Administration Guide.
After deploying the Web Interface, you can use the Configuration Center to delete existing Web Interface sites.
To delete a Web Interface site
-
In the Active Roles Configuration Center, on the Dashboard page, click Web Interface > Manage Sites.
Alternatively, on the side bar, click Web Interface.
-
On the Web Interface page, select an existing site from the list, then click Delete.
-
In the Ready to Delete step, review the site data, then click Delete. The Configuration Center then performs the configured changes, and will indicate the results.