Suppose a company provides services based on Active Directory and Microsoft Exchange. The company relies on the Active Directory infrastructure as a basis for their service offerings.
Configuration of Active Directory involves setting security and partitioning the directory, so that any user has proper access to directory resources. It is paramount to have a framework that facilitates the creation of new user accounts and the assignment of appropriate access rights. There is a need for a robust system that maintains user creation and management with minimal administrative effort.
Active Roles offers a reliable solution to simplify and safely distribute user account management. It addresses the need to create and manage a large number of user accounts, and to ensure that each user can only access their own resources. By implementing an administrative model based on business rules, Active Roles allows domain-level administrators to easily establish and maintain very tight security, while facilitating the provisioning of new users with the appropriate access to IT resources
Active Roles has the ability to safely delegate routine user-management tasks to designated persons. By incorporating policy enforcement and role-based security, Active Roles allows the organization to restrict the administrative actions according to the corporate policies defined by the high-level administrators. In addition, it allows the administrators to change the policies, ensuring that new policy settings are automatically propagated and enforced without additional development.
Active Roles makes it simpler for the organization to delegate authority to administrative and support groups, while enhancing the overall security. The Web Interface can serve as an administrative tool that allows the assistant administrators to manage users, groups, and mailboxes. Active Roles ensures that all actions performed by a Web Interface user are in compliance with the corporate security policies.
The Active Roles Web Interface is a customizable Web-based application that facilitates administration, while taking full advantage of Active Roles’ security, workflow integration, and reporting benefits. To help distribute administrative tasks, the Web Interface allows you to configure multiple Web sites with individual sets of user interface elements. Each Web site can be customized to meet specific business and organizational needs.
Key features of the Web Interface include the following.
Customized interfaces (Web Interface sites) can be installed and configured for administrators, help desk operators, and end users. Administrators use an interface that supports a wide range of tasks, whereas help desk operators use a tailored, dedicated interface to expedite the resolution of trouble tickets. Network end users have access to an interface for self-administration. Multiple interfaces with different configurations can be deployed so that there is no need to re-configure the Web Interface for particular roles.
The Web Interface dynamically adapts to the specific roles assigned to the users. A user can see only the commands, directory objects, and object properties to which the user’s role provides administrative access. Objects and commands beyond the scope of the user are removed from the Web Interface, streamlining the execution of administrative tasks.
It is straightforward to configure the user interface. Administrators can set up a suitable set of user interface elements without writing a single line of code. Administrators can add and remove commands or entire menus, assign tasks and forms to commands, modify forms used to perform tasks, and create new commands, tasks, and forms. All configuration settings are saved in a persistent storage so that the Web Interface users are always presented with the properly configured interfaces that suite their roles.
User input is efficiently supplemented and restricted based on administrative policies defined in Active Roles. The Web Interface displays property values generated in accordance with the policies, and prohibits the input of data that violates them. User input is checked against the policies before committing the operation request, and if a violation is detected, the user can immediately correct the input.
The Web Interface supports all administrative tasks on Active Directory objects such as users, groups, and computers, and on computer resources such as services, printers, network file shares, and local users and groups. With its advanced customization capabilities, the Web Interface serves as a complete administrative tool, providing suitable interfaces for any administrative role.
Provided they have the necessary Active Roles permissions, end users can view or change their personal data. Due to the reliable enforcement of business rules based directory entry, the Web Interface makes these tasks safe and secure. With User Profile Editor, Active Roles enables IT to manage, but not necessarily participate, in these time-consuming tasks, resulting in decreased help desk calls and IS administration time.
The Web Interface allows users to select their preferred language. Changing the language affects all menus, commands, and forms associated with the Web Interface, as well as tool tips and help.
The Web Interface allows multiple Web sites to be installed with individual, customizable configurations. The following configuration templates are available out-of-the box:
Each Web site configuration template provides an individual set of commands installed by default. The Web site can be customized by adding or removing commands, and by modifying Web pages (forms) associated with commands.
Although the Web Interface dynamically adapts to roles assigned to users, the ability to tailor separate Web sites to individual roles gives increased flexibility to the customer. It helps streamline the workflow of directory administrators and help-desk personnel. Static configuration of interface elements ensures that Web Interface users have access to the specific commands and pages needed to perform their duties.