Disabling secure communication for Web Interface sites
By default, Active Roles users connect to the Web Interface using a HTTP protocol, which does not encrypt the data during communication. However, it is recommended to use a HTTPS protocol to transfer data securely over the web. You can use the Force SSL Redirection option in the Configuration Center to enable secure communication over HTTPS for Web Interface on local or remote servers.
In case you do not want a secure communication enabled for transferring data over the web, you can disable the HTTPS option using the Force SSL Redirection option in the Configuration Center.
To disable the secure communication for Web Interface sites
-
In the Configuration Center main window, click Web Interface.
The Web Interface page displays every Web Interface site that are deployed on the web server running the Web Interface.
-
To modify the secure communication settings for the sites, click Force SSL Redirection.
The Manage Force SSL Redirection Settings for sites window is displayed. The Enable Force SSL Redirection option is enabled after HTTPS configuration.
-
In the IIS Web site field, select the required web site from the drop-down list.
-
To disable the force SSL redirection, switch between the Enable Force SSL Redirection states. Turn it off.
-
Click Modify , and then Finish.
NOTE: The browser cache must be cleared after any changes are made to the SSL settings.
After successful completion of the configuration changes, in the Web Interface window, the Force SSL Redirection configuration state for the selected website is displayed as not configured.
After disabling the Force SSL Redirection, all communication is now redirected to HTTP.
For more information on secure communication and federated authentication, see Working with federated authentication.
Configuring federated authentication
You can access an application or websites by authenticating them against a certain set of rules known as claims, by using the federated authentication feature. The federated authentication feature uses the Security Assertion Markup Language (SAML), through which you can sign in to an application once using the single sign-on option and you are authenticated to access websites. For more information, see Working with federated authentication.
Starling Join configuration task
Active Roles version 8.1.1 supports integration with One Identity Starling services. The Starling Join feature in Active Roles now enables you to connect to One Identity Starling, the Software as a Service (SaaS) solution of One Identity. The Starling Join feature enables access to the Starling services through Active Roles, allowing to benefit from the Starling services such as Two-factor Authentication and Identity Analytics and Risk Intelligence.
You can use the Active Roles Configuration Center to join One Identity Starling to Active Roles on the Starling wizard.
To start the wizard, click Configure in the Starling area on the Dashboard page in the Configuration Center main window. The Starling wizard enables you to perform the Starling join operation.
For more information on configuring Starling join for Active Roles, see Configuring Active Roles to join One Identity Starling.
Active Roles Console access management
On installing Active Roles on a computer, the Active Roles Console user access setting is not enabled by default, and any user is enabled to log in to the Active Roles Console. You can use Configuration Center, to set the Active Roles Console user access.
To manage the Active Roles Console access
-
On the Dashboard page in the Configuration Settings main window, in the MMC Interface Access area, click Manage Settings.
-
On the MMC Interface Access page that opens, in the Settings area, click Component, then click Modify or double-click Component.
-
On the MMC Interface Access wizard that is displayed, select one of the following options:
-
Allow Console (MMC Interface) access for all users: Enables user to log in to Active Roles Console.
-
Restrict Console (MMC Interface) access for all users: Selecting this option restricts all non-Active Roles Administrators from using the Console. All delegated users are affected, however, it does not apply to Active Roles Administrators.
-
Click OK.
The Active Roles Console Access settings get configured successfully. A message is displayed prompting you to restart the Administrative Service to disconnect the current Active Roles Console user sessions and for the updated settings to be reflected on the Active Roles Console.
NOTE: Consider the following when managing Active Roles Console:
-
The user must be delegated with the User Interfaces access rights on the User Interfaces container under Server Configuration to obtain access to the Active Roles Console. User Interfaces Access Templates that provide the access rights are available as part of the Active Roles built-in Access Templates in the User Interfaces container.
-
For information on delegating Console access to specified users, see Delegating control to users for accessing Active Roles Console.