サポートと今すぐチャット
サポートとのチャット

Starling CertAccess Hosted - Administration Guide for One Identity Active Roles Integration

About this guide Starling CertAccess basics The Starling CertAccess Agent architecture Setting up initial synchronization Starling CertAccess Agent system requirements Installing, updating, and uninstalling Starling CertAccess Agent components Working with the Starling CertAccess Agent

Deleting system connections

If you do not want anymore data being exchanged between an Active Directory domain and Starling CertAccess, you can delete the respective system connection. From then on, no more data will be synchronized between this domain and Starling CertAccess. Existing data that has been synchronized over this system connection up until now, remains in both systems. For more information about deleting data from a domain, see the One Identity Starling CertAccess Web Portal User Guide.

To delete an Active Directory domain's connection data

  1. In the Launchpad, select Administrative tasks > Data synchronization > Maintain synchronizations.

  2. Click Run.

  3. In the Maintain synchronizations dialog, select the domain.

  4. Click Delete system connection.

  5. Confirm the security prompt with Yes.
Related topics

Displaying the Starling CertAccess Service log file

You can check the current processing status in the Starling CertAccess Service log file. Use a browser front-end to show the log file. It is called up over the default port 1880.

To display the Starling CertAccess Service log file

  1. In the Launchpad, select Administrative tasks > Data synchronization > Show the service's log file.

  2. Click Show.

    This shows the various services of the Starling CertAccess Service in the browser.

  3. To display the contents of the log file, select Log File in the navigation view.

The messages to be displayed on the web page can be filtered interactively. There is a menu on the website for this.

The log output is color-coded to make it easier to identify.

Table 6: Log file color code
Color Meaning

Green

Processing successful

Yellow

Warnings occurred during processing

Red

Fatal errors occurred during processing

Related topics

Start the Starling CertAccess Service as a Docker container

The Starling CertAccess Service carries out synchronization between Starling CertAccess and the connected Active Roles environment. In addition to installing the Starling CertAccess Service from the Launchpad, One Identity provides a Docker image for simple and standardized installation and running of the Starling CertAccess Service in Docker containers. For the Starling CertAccess Service connection to Active Roles, you must build this Docker image on your Windows Docker host because the Active Roles ADSI Provider must be installed in the version matching the Active Roles version. Use the One Identity Manager Docker image that is supplied in the Docker hub as basis.

To create a Docker image for your Starling CertAccess Service

  1. Create a new directory on your Windows Docker host.

  2. In this directory, create a files subdirectory.

  3. Copy the ActiveRoles.exe installation file that matches your version of the Active Roles server into this subdirectory.

  4. In the main directory, create a file with the name Dockerfile and the following content:

    # base image (see https://hub.docker.com/r/oneidentity/oneim-job)
    FROM oneidentity/oneim-job:windows-amd64-latest-windowsservercore-1903
    
    # copy and install Active Roles ADSI Provider
    COPY files/ActiveRoles.exe /Installer/
    RUN C:/installer/ActiveRoles.exe /quiet /install ADDLOCAL=Tools /IAcceptActiveRolesLicenseTerms
  5. To build the Docker image, open a command line console in the main directory and run the following command:

    docker build -t local/oneim-job-ars:windows-amd64-latest-windowsservercore-1903 .

    Once the build process is complete, the Docker image is available with the name local/oneim-job-ars:windows-amd64-latest-windowsservercore-1903.

To start the Docker container

  1. Define the following parameters as secret or as environment variables.

    HTTP_User

    User name required for accessing the service's status website.

    HTTP_PWD

    Password required for accessing the service's status website.

    CLOUDCONFIG

    Connection string of your Starling CertAccess instance that is made available for your instance on the Starling CertAccess website.

  2. Start the container.

Example of starting the container through Windows PowerShell

In this example, the parameters are set as secrets.

$secrets='C:\Path\To\secrets'

# Create directory
New-Item -ItemType Directory -Force -Path "$secrets"

# Create secrets
Set-Content -NoNewline -Path "$secrets\HTTP_USER" -Value "<user for status website>"
Set-Content -NoNewline -Path "$secrets\HTTP_PWD" -Value "<password for status website>"
Set-Content -NoNewline -Path "$secrets\CLOUDCONFIG" -Value "<connetion string>"

# Create Container
docker run -d `
--name "StarlingCertAccessService" `
--hostname "DockerService" `
--cpus="4.0" `
-m 4GB `
-p 1880:1880 `
-v $secrets/:C:/ProgramData/Docker/secrets:ro `
local/oneim-job-ars:windows-amd64-latest-windowsservercore-1903

For more information about One Identity Manager Docker images, see https://hub.docker.com/r/oneidentity/oneim-job.

Related topics
関連ドキュメント

The document was helpful.

評価を選択

I easily found the information I needed.

評価を選択