Chatta subito con l'assistenza

Ottieni assistenza in tempo reale
Completa la registrazione

Accedi

Richiedi prezzo

Contatta il supporto vendite

Active Roles 8.2 - Feature Guide

Table of Contents

Introduction About Active Roles

Main Active Roles features Technical overview of Active Roles

About presentation components

About Active Roles Console (MMC Interface)

About the Console tree About the details pane About the advanced details pane About the view mode

About controlled objects

Trustees, permissions, roles and Managed Units Finding directory objects

About Active Roles Web Interface

About the Web Interface components

About the Web Interface Navigation bar About the Web Interface Browse pane About the Web Interface Object list About the Web Interface Toolbar About the Web Interface Command pane About the Web Interface Summary pane

About the Web Interface Personal views

Using Personal views Creating a Personal view

Locating directory objects in the Web Interface

Searching for directory objects in the Web Interface Filtering the contents of a container in the Web Interface

About Active Roles Management Shell About custom interfaces About Active Roles ADSI Provider About Active Roles Reporting

Overview of service components

About the data processing component About the configuration database About the audit trail

About network data sources About security and administration elements

Access Templates for role-based administration Policy Objects to enforce corporate rules Managed Units to provide administrative views

About Active Directory security management

Management of native security

Customization using ADSI Provider and script policies

About custom applications and user interfaces About custom script policies

About dynamic groups About workflows

About workflow features and activities

Workflows to save object properties Workflows to modify requested changes Workflows for initialization scripts Workflows to search for expiring users Workflows to send plain-text notification messages

Operation in multi-forest environments

Examples of use

Distributing administration Integrating with other systems Managing multi-forest Active Directory design Simplifying Active Directory structure Handling organizational changes User account management

Administrative rules and roles

About Managed Units

How Managed Units work Deployment considerations for Managed Units

Managed Unit membership rules Delegation of Managed Units

About Access Templates

How Access Templates work Permission management with Access Templates

About the Add Permission Entries wizard

Full Control access Object access Object property access Creating or deleting child object permissions

Management of Access Template links Synchronization of Access Template permissions to Active Directory

Management of Active Directory permission entries

Adding, modifying, or removing permissions to Access Templates Nesting Access Templates Examples of using Access Templates

Example 1: Implementing a helpdesk

Preparing a helpdesk Access Template Creating a helpdesk group Applying the Help Desk Access Template

Example 2: Implementing Self-Administration

Preparing a self-administration Access Template Applying the self-administration Access Template

Deployment considerations for Access Templates

Delegation of Organizational Unit administration duties Delegation of group administration Delegation in functional and hosted environments

Delegation in a functional environment Delegation in a hosted environment

About Access Rules

Understanding Access Rules Conditional Access Template links Management of Windows claims Overview of claim type management

About the Source Attribute setting About the claim type identifier setting About the display name setting About the description setting About the user or computer claim issuance setting Protection from accidental deletion About the suggested values setting Population of claim source attributes About the conditional expression editor

About rule-based autoprovisioning and deprovisioning

About Provisioning and Deprovisioning Policy Objects Policy Object deployment considerations and event handlers Application of provisioning or deprovisioning Policy Objects Management of the Policy Object scope Policy compliance checks Overview of Provisioning Policy Objects

About User Logon Name Generation About E-Mail Alias Generation About Exchange Mailbox AutoProvisioning About Group Membership AutoProvisioning About Home Folder AutoProvisioning

About Home Folder Restriction

About Property Generation and Validation About Script Execution About O365 and Azure Tenant Selection About AutoProvisioning in SaaS products

Overview of Deprovisioning Policy Objects

List of default built-in deprovisioning policy options About User Account Deprovisioning About Group Membership Removal About User Account Relocation About Exchange Mailbox Deprovisioning About Home Folder Deprovisioning About User Account Permanent Deletion About Office 365 Licenses Retention About Group Object Deprovisioning About Group Object Relocation About Group Object Permanent Deletion About Notification Distribution About Report Distribution

About the Undo Deprovisioning operation About Container Deletion Prevention

About the Protect container from accidental deletion option

About picture management rules About policy extension using custom Policy Types

Main steps of policy extension Main attributes of policy extension

Configuring and administering Active Roles

About the Active Roles Setup wizard About Active Roles Configuration Center

About Configuration Center components Configuration of a local or remote Active Roles instance About running the Configuration Center Supported Configuration Center tasks

Initial configuration tasks

Configuration of the Administration Service Configuration of the Web Interface About Starling Join

Configuration management tasks

Administration Service management tasks

Core Administration Service settings Configuration data import Management History data import Administration Service states

Web Interface management tasks

Identify the Web Interface sites Create a Web Interface site Modify a Web Interface site Delete a Web Interface site Export the configuration of a Web Interface site to a file

Delegation of user access to the Active Roles Console Configuration of Active Roles logging settings Configuration of Solution Intelligence

About Active Roles Configuration Shell About System Checker About Active Roles Log Viewer About federated authentication

SAML 2.0 authentication in Active Roles

Voluntary threshold for managed object count About the installation label About safe mode About Exchange Resource Forest Management About Skype for Business Server User Management

Active Directory topologies supported by Skype for Business Server User Management

Overview of Active Roles Synchronization Service

About bidirectional synchronization About delta processing About group membership synchronization About Windows PowerShell scripting About attribute synchronization rules About rule-based generation of Distinguished Names About synchronization scheduling About extensive data system support

Support for AWS Managed Microsoft AD

Supported AWS Managed Microsoft AD deployment configuration Supported Active Roles features with AWS Managed Microsoft AD Active Roles feature limitations when using AWS Managed Microsoft AD

FIPS compliance LSA protection support STIG compliance

FIPS compliance

FIPS compliance

Active Roles 8.2 supports cryptography libraries and algorithms compliant with Federal Information Processing Standards (FIPS) 140-2. For more information on FIPS-compliant libraries and algorithms, see FIPS 140-2: Security Requirements for Cryptographic Modules.

NOTE: Consider the following when planning to use FIPS-compliant cryptography libraries or algorithms:

Although Active Roles continues to support non-FIPS compliant cryptography libraries and algorithms, it will not work properly if it is configured to use non-FIPS compliant solutions in a FIPS-compliant environment.
If you already use FIPS-compliant security algorithms in your environment (such as the TripleDES security algorithm, or the SHA256 hash algorithm), you must export your existing configuration, and import it in a new Active Roles installation.

LSA protection support

LSA protection support

The Active Roles Synchronization Service Capture Agent supports Local Security Authority (LSA). For more information, see Configuring Additional LSA Protection in the Microsoft Windows Server documentation.

STIG compliance

STIG compliance

Active Roles 8.2 has been checked against the following Security Technical Implementation Guidelines (STIGs) of the Defense Information Systems Agency (DISA).

Application Security and Development
MS SQL Server 2016 Database
MS SQL Server 2016 Instance

The checks performed during STIG validation are compliant with the following National Institute of Standards and Technology (NIST) Special Publications (SP):

NIST SP 800-53
NIST SP 800-53A
NIST SP 800-53 Revision 4

Related Documents

The document was helpful.

Seleziona valutazione

I easily found the information I needed.

Seleziona valutazione

© 2024 One Identity LLC. ALL RIGHTS RESERVED. Termini di utilizzo Privacy Cookie Preference Center