For an upgrade demonstration, please refer to the following knowledge base article:
https://support.oneidentity.com/kb/226332
To upgrade Synchronization Service
- Install Synchronization Service on the computer running Quick Connect or on a different host.
- Configure Synchronization Service to use a new database for storing configuration settings and synchronization data. To perform this step, use the Configuration Wizard that appears when the Synchronization Service Administration Console starts for the first time after installation.
- Import configuration settings from Quick Connect to Synchronization Service.
|
|
NOTE: Before proceeding with this step, it is highly recommended to disable the scheduled workflows and mapping operations in Quick Connect. The scheduled workflows and mapping operations may be started after this step is completed. |
To import configuration settings:
- On the computer where the Synchronization Service is installed, start the Synchronization Service Administration Console.
- In the upper right corner of the Administration Console window, click the gear icon, and then click Import Configuration.
- In the wizard that appears, select the correct version of Quick Connect Sync Engine from which to import the configuration settings. Optionally, the Import sync history check box may be selected to import the sync history along with the configuration settings.
- Follow the steps in the wizard to complete the import operation. If the synchronization data to be imported is stored separately from the configuration settings, then, on the Specify source SQL Server databases step, select the Import sync data from the specified database check box, and specify the database.
- Retype access passwords in the connections that were imported from Quick Connect.
This is required due to security reasons. The import of configuration settings does not retrieve the encrypted passwords from Quick Connect. Use the Synchronization Service Administration Console to make changes to each connection as appropriate, depending upon the data system to which the connection applies.
- If the synchronization workflows involve synchronization of passwords, install the new version of Capture Agent on the domain controllers.
The new version of Capture Agent replaces the old version. However, as the new version supports both Synchronization Service and Quick Connect, the password synchronization functions of Quick Connect will not be lost after the Capture Agent is updated.
Table 2: Communication ports
| 53 |
TCP/UDP |
DNS |
Inbound, Outbound |
| 88 |
TCP/UDP |
Kerberos |
Inbound, Outbound |
| 135 |
TCP |
RPC Endpoint mapper |
Inbound, Outbound |
| 139 |
TCP |
SMB/CIFS |
Inbound, Outbound |
| 445 |
TCP |
SMB/CIFS |
Inbound, Outbound |
| 389 |
TCP/UDP |
LDAP |
Outbound |
|
3268 |
TCP |
LDAP |
Outbound |
|
3269 |
TCP |
SSL (only required if SSL is used to connect to AD) |
Outbound |
|
636 |
TCP |
SSL |
Outbound |
|
15173 |
TCP |
Synchronization Service |
Inbound, Outbound |
| 7148 |
TCP |
Capture Agent (only if Synchronization Service is used to sync passwords to AD) |
Inbound, Outbound |
For further information regarding Synchronization Service, refer the latest Active Roles Synchronization Service Administrator Guide included with the Active Roles installation media.
Active Roles version 7.4.x supports integration with One Identity Starling services. The Starling Join feature in Active Roles now enables you to connect to One Identity Starling, the Software as a Service (SaaS) solution of One Identity. The Starling Join feature enables access to the Starling services through Active Roles thus allowing to benefit from the Starling services such as Two-factor Authentication and Identity Analytics and Risk Intelligence.
To start the wizard, click Configure in the One Identity Starling area on the Dashboard page in the Configuration Center main window. For further information and step-by-step instructions, see the “Initial configuration” topic in the “Installing and configuring the Web Interface” section in the Active Roles Quick Start Guide.
A video demonstration is available in the following knowledge base article:
https://support.oneidentity.com/kb/258341
In order to use Starling Two-Factor Authentication with Active Roles, you must first join One Identity Starling to Active Roles on the Active Roles Configuration Center. The Join to One Identity Starling wizard also includes links, which provide assistance for using Starling:
- The Online link displays information about the Starling product and the benefits you can take advantage of by subscribing to Starling services.
- The Trouble Joining link displays the Starling support page with information on the requirements and process for joining with Starling.
Reporting is an optional component of Active Roles. To use Active Roles reports, the following components are required:
- Microsoft SQL Server Reporting Services (SSRS) must be installed and configured.
|
|
NOTE: If the SQL Server service and SRSS are on different hosts, a “Double-Hop” authentication issue may occur. For more information, see the knowledge base article, https://support.oneidentity.com/kb/69693. |
- The Active Roles service account must have sufficient permissions to create and write to a database on the SQL Server.
|
|
NOTE: The database cannot be pre-created, and must be created by Active Roles. |
- The Active Roles service account must have sufficient permission to publish reports on the SRS server.
|
|
NOTE: Quest Knowledge Portal is no longer included with Active Roles 7.x. To view reports, use the native SQL Server Report URL. |
