Introduction to the Web Interface
Introduction to the Web Interface
The Active Roles Web Interface Configuration Guide describes how to deploy and customize the Active Roles Web Interface for your organization. This document:
-
Provides a brief overview of the Web Interface.
-
Describes the available customization capabilities.
-
Provides instructions on how to customize the Web Interface and perform administrative tasks.
Deploying the Web Interface
Deploying the Web Interface
You can deploy the Active Roles Web Interface on any computer that meets the product system requirements and is running Internet Information Services (IIS) 7.5 or later. For more information on the software and hardware requirements, see System Requirements in the Active Roles Release Notes.
NOTE: You do not need to deploy the Web Interface component on the same computer that runs the Active Roles Administration Service. However, the computer (or computers) hosting the Web Interface must have a reliable network connection to the computer (or computers) running the Administration Service component.
Prerequisites
Before you begin deploying any Web Interface sites, make sure you meet the following requirements on the computer(s) where you will deploy the Web Interface component:
Table 1: Web Interface requirements
Operating system |
You can deploy the Active Roles Web Interface component on the following operating systems:
-
Windows Server 2022
-
Windows Server 2019
-
Windows Server 2016 |
Internet Services |
Make sure that the computer where the Web Interface is deployed has the Web Server (IIS) server role installed, with the following role services:
-
Web Server/Common HTTP Features/
-
Default Document
-
HTTP Errors
-
Static Content
-
HTTP Redirection
-
Web Server/Security/
-
Request Filtering
-
Basic Authentication
-
Windows Authentication
-
Web Server/Application Development/
-
.NET Extensibility
-
ASP
-
ASP.NET
-
ISAPI Extensions
-
ISAPI Filters
-
Management Tools/IIS 6 Management Compatibility/
NOTE: The Active Roles installer automatically configures the Web Server (IIS) server role when installing the Web Interface component.
To verify that the server role is configured properly on the computer, use the native Server Manager tool of the operating system after the Web Interface is installed. |
Feature delegation |
Make sure that Internet Information Services (IIS) provides Read/Write delegation for the following features:
To confirm that these features have the Read/Write delegation configured, use the Feature Delegation option of the native Internet Information Services (IIS) Manager tool of the operating system. |
.NET Trust Levels |
Make sure that the .NET Trust Level is set to Full (internal) on every computer where the Web Interface component will be installed.
To configure this setting:
-
In the system-provided Internet Information Services (IIS) Manager tool, under Connections, expand the node of the computer, and navigate to Sites > Default Web Site.
-
On the Default Web Site Home page, double-click .NET Trust Levels.
-
Under Trust level, select Full (internal).
NOTE: Setting the .NET Trust Level to any other value will result in a failure when attempting to load any of the configured Active Roles Web Interface sites. |
About the Web Interface
The Active Roles Web Interface is a highly customizable, easy-to-use web application for data administration and provisioning in Active Directory. With the Web Interface, an intranet user (such as a helpdesk agent or a delegated administrator) can connect to Active Roles using a web browser and perform day-to-day administrative tasks, including user management tasks (such as modifying personal data) or adding users to groups.
Web Interface users can perform administrative tasks and view or modify directory data. However, their scope of authority is limited by the rights delegated in Active Roles. As such, a Web Interface user sees only the commands, directory objects, and object properties to which they have administrative access.
Administrators can customize the pages of the Web Interface without modifying a single line of code. As part of the site customization, administrators with the proper privileges can add or remove commands or fields displaying property values.
The key features of the Active Roles Web Interface component include the following:
-
Role-based web pages: Active Roles Web Interface supports multiple websites on the same intranet, each of them providing a separate, customizable set of menus, commands, and forms. By default, the Web Interface ships with three default pages: the Administrator Site, the Helpdesk Site, and the Self-Service Site.
-
Dynamic role-based configuration: You can dynamically adapt the contents of any Web Interface site to align them to the roles of their Web Interface users. As such, you can make sure that a user can only see the commands, directory objects and object properties to which they have administrative access.
-
Point-and-click customization: Administrators can customize the menus, commands, and pages of a site without writing a single line of code. As such, administrators can easily adapt the sites to any role, such as day-to-day administrators, business data owners, helpdesk operators, or even regular end-users.
-
Active Directory and Azure AD support: Users can administer a wide range of Active Directory and hybrid or cloud-only Azure AD resources, including users, groups, or computers.
-
Managing computer resources: Users can manage the computer resources of your organization, such as printers, shares, services, devices, local users and groups.
-
User Profile Editor: With the proper permissions configured, end-users can manage their personal or emergency data through an easy-to-use profile editor.
-
Enforcing organizational rules: The Web Interface efficiently supplements and restricts user input based on the organizational rules defined with Active Roles. As such, the Web Interface sites display only property values generated according to the rules in effect, and prohibits users to enter values that violate the rules.
-
Single sign-on with integrated Windows authentication: Active Roles Web Interface supports single sign-on, without requiring users to enter their passwords again once they are logged in and authenticated by the operating system.
-
Localization support: Besides English, the Active Roles Web Interface supports the following languages:
Default Web Interface sites
You can configure multiple instances of the Web Interface, referred to as Web Interface sites. By default, Active Roles ships with the following configuration templates.
-
Default Site for Administrators: The Administrator Site, supporting a broad range of tasks, including the management of directory objects and computer resources.
-
Default Site for Help Desk: The Helpdesk Site, supporting tasks that are typically performed by helpdesk operators, such as enabling or disabling accounts, resetting passwords, and modifying certain user or group properties.
-
Default Site for Self-Administration: The Self-Service Site, providing the User Profile Editor, allowing end users to manage personal or emergency data through an easy-to-use editor.
Each configuration template provides a specific set of commands installed by default. However, you can customize each Web Interface site adding or removing commands, and by modifying the web pages (forms) associated with each command. For more information on customizing the Web Interface sites, see Customizing the Web Interface.
Although the Web Interface dynamically adapts to roles assigned to users, you can ensure additional flexibility by configuring separate Web Interface sites to the various individual roles (such as directory administrators or helpdesk personnel). The static configuration of interface elements ensures that Web Interface users have access to all the specific commands and pages needed to perform their duties.