About Safeguard Authentication Services
Safeguard Authentication Services integrates native (missing or bad snippet) and Linux authentication and identity subsystems with Active Directory. It eliminates key vulnerabilities and end-user downtime, to minimize risk and lower costs.
At its core Safeguard Authentication Services provides centralized authentication for Unix, Linux, and Mac systems to Active Directory (AD). With more than 500 current customers and 3 million seats, Safeguard Authentication Services is the clear market leader in Active Directory integration.
Key Features of the Integration Pack
The Safeguard Authentication Services ActiveRoles Integration Pack extends the capabilities of the ActiveRoles Server Web interface to include the management of Unix and Linux identities such as Unix-enabled users and groups. You define all management operations by means of the ActiveRoles Server console. Then when managing the users and groups in the Web interface, the defined provisioning and security policies will be followed.
You can also use the ActiveRoles Server change-tracking features, such as management history, to monitor changes made to Unix-related data. ActiveRoles Server gives you a clear log, which documents the changes made to a given identity, such as a Unix-enabled user account. The log includes entries detailing actions performed, success or failure of the actions, as well as which properties were changed.
The Integration Pack provides ActiveRoles policy types that enable automatic provisioning and de-provisioning of Unix account attributes for users and groups. You can incorporate these provisioning actions into custom work flows.
The following sections describe these Integration Pack components:
Access Templates
You use standard ActiveRoles Server functionality to delegate management tasks on Unix data. You implement a delegation scheme by applying Access Templates included with the integration pack. For example, to delegate all Unix-related management tasks on (missing or bad snippet) user accounts, link the Users - Modify All Unix Properties template to a certain organizational unit and select the appropriate group as Trustee. As a result, any member of that group is authorized to perform the tasks on any user account held in that organizational unit.
To locate the Access Templates provided by the Integration Pack, in theActiveRoles Server Console, navigate to Configuration | Access Templates | Safeguard Authentication Services Integration v2.1.x.
The following table summarizes the Access Templates included with the Integration Pack.
Table 1: Access templates included with the integration pack
Groups-Modify All Unix Properties |
Permissions to view and modify these Unix-related properties of (missing or bad snippet) groups:
|
Users-Modify All Unix Properties |
Permissions to view and modify these Unix-related properties of Windows user accounts:
- Unix name
- User ID
- Primary Group ID
- Comments (GECOS)
- Home Directory
- Login Shell
|
Managed Units
Managed Units allow you to locate the Unix users and groups in your ActiveRoles Server managed environment.
You use standard ActiveRoles Server functionality to provide administrative views of user and group accounts with Unix attributes.
To locate the Managed Units provided by the Integration Pack, in the ActiveRoles Server Console, navigate to Configuration | Managed Units | Safeguard Authentication Services Integration v2.1.x.
The following table summarizes the Managed Units included with the Integration Pack.
Table 2: Managed units included with the integration pack
Unix-enabled groups |
Administrative view of all Unix-enabled groups that exist in the domains registered with ActiveRoles Server (managed and unmanaged domains). |
Unix-enabled users |
Administrative view of all Unix-enabled users that exist in the domains registered with ActiveRoles Server (managed and unmanaged domains) |