If you want to access the Active Roles Web Interface through a firewall, then you need to open the following ports:
The Web Interface normally runs over port 80, or over port 443 if SSL is enabled (off by default).
This section explains about the different types of Azure environment configurations supported by Active Roles and examples of each configuration.
Active Roles supports the following Azure environment configurations:
An environment in which, the on-premise domains are not registered in Azure AD and Azure AD Connect or any third party synchronization tools are not configured in the domain for synchronization is called as a Non-federated environment. The changes made in Active Roles are immediately replicated to Azure or Office 365 using Graph API Calls or Command-let calls. Users are typically created in Azure with onmicrosoft.com UPN suffix. It is less likely to have this type of environment in production and can be used only for testing.
Examples of non-federated configuration
On-premise Domain: test.local
Azure AD Domain: ARSAzure.onmicrosoft.com
Azure AD Connect: Not present in the domain
The domain is not registered in Azure. The user is created in Active Roles with an id: user001@test.local and in Azure as user001@ARSAzure.onmicrosoft.com. The user is created in Azure simultaneously when it is created in Active Roles using GRAPH API call.
In a Synchronized Identity, the on-premise domain may or may not be registered in Azure AD. Here Azure AD Connect is configured to synchronize the local AD objects to Azure. Users may typically be created with selected on-premises domains or onmicrosoft.com UPN suffix.
Figure 122: Synchronized identity configuration
Examples of Synchronized Identity configuration
The On-premise domain may or may not be registered in Azure. User will be created in Active Roles with id: user001@test.local and in Azure as user001@rd4.qsftdemo.com.
In a Federated environment, the on-premises domain will be registered in Azure AD. Azure AD Connect and ADFS are configured to facilitate synchronization. Users are typically created with the UPN suffix of the selected on-premises domain.
Figure 123: Federated configuration
Examples of Federated configuration
The domain is registered and verified in Azure. The User is created in Active Roles and Azure AD with the same id: user001@rd4.qsftdemo.com
This section provides information about the supported operations and methods for performing the operations for Azure objects in various Azure environments using Active Roles Web interface, such as Federated, Synchronized Identity, and Non-Federated environments.
In Active Roles Web interface, the required Azure environment configuration can be selected during the Azure tenant creation. The specified configuration can be modified later if needed by changing the Azure properties of the tenant.
Active Roles identifies the environment based on the Azure Tenant type and applies the changes to the Web interface.
Non-federated environment is used generally for testing purposes. In non-federated environment, most of the Azure properties can be modified, other than attributes such as UserPrincipalName and ObjectId which identify the object uniquely.
The following table provides information about the operations and methods of operation that can be performed on Azure Objects in a non-federated environment.
|
NOTE: *Active Roles provides cloud-only support only for Office 365 Groups management. |
© 2021 One Identity LLC. ALL RIGHTS RESERVED. Feedback 이용 약관 개인정보 보호정책