Tchater maintenant avec le support
Tchattez avec un ingénieur du support

Starling CertAccess Hosted - Administration Guide for One Identity Active Roles Integration

About this guide Starling CertAccess basics The Starling CertAccess Agent architecture Setting up initial synchronization Starling CertAccess Agent system requirements Installing, updating, and uninstalling Starling CertAccess Agent components Working with the Starling CertAccess Agent

Configuring automatic IT Shop assignment

Synchronization ensures that Active Directory groups are automatically added to the IT Shop as products and, therefore, can be requested in the Starling CertAccess Web Portal. Certain groups may be excluded from this. Use the exclusion list to specify the groups that should not be added automatically to the IT Shop. Each entry in the list is handled as part of a regular expression.

To edit the exclude list

  1. In the Launchpad, select Administrative tasks > System configuration > Configure automatic IT Shop assignment.

  2. Click Run.

    This opens the Exclude list for Active Directory groups dialog.

  3. To add a new entry, click Add.

    To edit an entry, select it and click Edit.

  4. Enter the name of the group that you do not want to automatically add to the IT Shop.

    You are allowed to use the usual special characters for regular expressions.

  5. To delete an entry, select it and click Delete.

  6. Click OK.
Related topics

Installing the Active Roles ADSI provider

The Active Roles Starling CertAccess Agent connector uses the Active Roles ADSI interface for communicating with an Active Roles instance. The Active Roles connector is used for synchronization and provisioning Active Directory. The Active Roles connector connects to an Active Roles instance, which then connects to the Active Directory domain controller.

To establish the connection, you must install the Active Roles ADSI provider on the administrative workstation in the same version of Active Roles as the one you are going to connect. Starling CertAccess Agent supports synchronization with Active Roles in versions 6.9, 7.0, 7.2, 7.3.1, 7.3.3, 7.4.1, 7.4.3, and 7.4.4.

To install the Active Roles ADSI provider

  1. In the Launchpad, select Administrative tasks > Data synchronization > Install Active Roles ADSI Provider.

  2. Click Install.

  3. Use the file explorer to select the path to the ActiveRoles.exe file. Select the file and click Open.

    This runs the installation.

    Once installing is complete, the Install button is grayed out in the Launchpad.

Related topics

Setting up synchronization with an Active Directory domain

To manage Active Directory user accounts and groups with Starling CertAccess, set up synchronization between Active Roles and Starling CertAccess. To do this, have the following information available:

Table 5: Information required to set up synchronization
Data Explanation

Distinguished name of the domain.

Distinguished LDAP name of the Active Directory domain.

User account and password for logging in to Active Roles.

User account and password for logging in to Active Roles. Make a user account available with sufficient permissions. For more information, see Permissions required for synchronizing with One Identity Active Roles.

DNS name or IP address of the Active Roles server.

DNS name or IP address of the Active Roles server that connects against the synchronization server.


<Name of servers>.<Fully qualified domain name>

IMPORTANT: Set up synchronization for all Active Directory domain that are managed by your Active Roles. Run the steps described here for each of your domains.

To set up synchronization of an Active Directory domain through Active Roles

  1. In the Launchpad, select Administrative tasks > Data synchronization > Configure synchronization.

  2. Click Run.

    This starts the system connection wizard.

  3. When prompted, enter the configuration data for your Starling CertAccess instance.

  4. On the start page of the system connection wizard, click Next.

  1. On the Target server page, enter the Active Roles server to which you want to connect. If possible, servers are determined automatically.

    • In the Host name/IP address menu, select a target server.

    • If the server cannot be found automatically, in the Host name/IP address field, enter the DNS name or the IP address.

  2. On the Credentials page, enter the user account and password for accessing Active Roles.

  3. On the Domain/root entry selection page, select the domain you want to synchronize or enter the root entry's distinguished name.

  1. On the last page of the system connection wizard, click Finished.

    Synchronization is now set up.

    The Launchpad shows the Manage synchronization task.

TIP: You can set up other Active Directory domains in the same way.

Related topics

Synchronization maintenance

If synchronization is set up for an Active Directory domain, you can carry out the following tasks:

Related topics
Documents connexes

The document was helpful.

Sélectionner une évaluation

I easily found the information I needed.

Sélectionner une évaluation