Chat now with support
Chat with Support

Active Roles 7.6.3 - Administration Guide

Introduction About Active Roles Getting Started Rule-based Administrative Views Role-based Administration
Access Templates as administrative roles Access Template management tasks Examples of use Deployment considerations Windows claims-based Access Rules
Rule-based AutoProvisioning and Deprovisioning
About Policy Objects Policy Object management tasks Policy configuration tasks
Property Generation and Validation User Logon Name Generation Group Membership AutoProvisioning E-mail Alias Generation Exchange Mailbox AutoProvisioning AutoProvisioning for SaaS products OneDrive Provisioning Home Folder AutoProvisioning Script Execution Office 365 and Azure Tenant Selection User Account Deprovisioning Office 365 Licenses Retention Group Membership Removal Exchange Mailbox Deprovisioning Home Folder Deprovisioning User Account Relocation User Account Permanent Deletion Group Object Deprovisioning Group Object Relocation Group Object Permanent Deletion Notification Distribution Report Distribution
Deployment considerations Checking for policy compliance Deprovisioning users or groups Restoring deprovisioned users or groups Container Deletion Prevention policy Picture management rules Policy extensions
Workflows
Understanding workflow Workflow activities overview Configuring a workflow
Creating a workflow definition Configuring workflow start conditions Configuring workflow parameters Adding activities to a workflow Configuring an Approval activity Configuring a Notification activity Configuring a Script activity Configuring an If-Else activity Configuring a Stop/Break activity Configuring an Add Report Section activity Configuring a Search activity Configuring CRUD activities Configuring a Save Object Properties activity Configuring a Modify Requested Changes activity Enabling or disabling an activity Enabling or disabling a workflow Using the initialization script
Example: Approval workflow E-mail based approval Automation workflow Activity extensions
Temporal Group Memberships Group Family Dynamic Groups Active Roles Reporting Management History
Understanding Management History Management History configuration Viewing change history
Workflow activity report sections Policy report items Active Roles internal policy report items
Examining user activity
Entitlement Profile Recycle Bin AD LDS Data Management One Identity Starling Management Managing One Identity Starling Connect Configuring linked mailboxes with Exchange Resource Forest Management Configuring remote mailboxes for on-premises users Azure AD, Office 365, and Exchange Online management
Configuring Active Roles to manage hybrid AD objects Managing Hybrid AD Users Unified provisioning policy for Azure O365 Tenant Selection, Office 365 License Selection, and Office 365 Roles Selection, and OneDrive provisioning Office 365 roles management for hybrid environment users Managing Office 365 Contacts Managing Hybrid AD Groups Managing Office 365 Groups Managing Azure Security Groups Managing cloud-only distribution groups Managing cloud-only Azure users Managing cloud-only Azure guest users Managing cloud-only Azure contacts Changes to Active Roles policies for cloud-only Azure objects Managing room mailboxes Managing cloud-only shared mailboxes
Managing Configuration of Active Roles
Connecting to the Administration Service Adding and removing managed domains Using unmanaged domains Evaluating product usage Creating and using virtual attributes Examining client sessions Monitoring performance Customizing the console Using Configuration Center Changing the Active Roles Admin account Enabling or disabling diagnostic logs Active Roles Log Viewer
SQL Server Replication Using regular expressions Administrative Template Communication ports Active Roles and supported Azure environments Active Roles integration with other One Identity and Quest products Active Roles integration with Duo Active Roles integration with Okta Active Roles Diagnostic Tools Active Roles Add-on Manager

Active Roles integration with Duo

Active Roles can be integrated with Duo to complement and extend identity and access management. For more information about Duo, see https://duo.com.

Starting from Active Roles 7.5.3, the rSTS API Admin Tool is no longer available and supported, so you will need assistance from One Identity Professional Services in configuring Active Roles with Duo. To use Active Roles with Duo, contact One Identity Professional Services. For more information, see https://support.oneidentity.com/active-roles/professional-services.

Active Roles integration with Okta

Active Roles can be integrated with Okta to complement and extend identity and access management. For more information about Okta, see https://www.okta.com/.

Okta is a cloud-based identity service offering identity, authentication, and access control functions as a service. To support functions such as Single Sign-on (SSO) and Multi-Factor Authentication (MFA), Active Roles integrates with the Okta identity management service through Federated Authentication. This enables you to leverage an additional out-of-band factor (typically through the user’s registered smartphone) when authenticating the user. The additional factor is processed in-line with the connection, so users do not have to switch to an external application to process the additional factor. This results in a seamless and efficient user experience that is readily accepted by the users. Okta supports a broad range of authentication methods, including software, hardware, and mobile-based solutions.

By enabling this integration with Okta, Active Roles can use your users' Okta accounts to authenticate them when accessing the Active Roles Web Interface. To enable this functionality with Active Roles, you need to configure it using the Federated Authentication login method in the Active Roles Configuration Center. The MFA functionality is an additional configuration that you need to perform in the Okta Admin Console.

Active Roles Diagnostic Tools

The Active Roles Diagnostic Tools package provides optional tools for checking system requirements, logs and changes in your Active Directory domain. The package contains the following tools:

  • System Checker: Checks your computer, SQL Server, and Active Directory domains to see if you are ready to deploy Active Roles. For more information on using the tool, see Using System Checker.

  • Log Viewer: Examines Active Roles diagnostic logs and event logs, and helps finding Knowledge Base Articles that may help you resolve errors.

  • Directory Changes Monitor: Gets the statistics of directory change operations that occurred in a particular Active Directory domain.

For more information on installing the Active Roles Diagnostic Tools package, see Steps to install Diagnostic Tools in the Active Roles Quick Start Guide.

Using System Checker

You can start System Checker by running the Active Roles System Checker application from the Start menu or Apps page, depending upon your version of the Windows operating system.

From the System Checker main window, you can perform the following tasks:

  • To check your computer, click System Readiness Checks, then select the appropriate Active Roles version for which to perform the checks.

  • To check a particular SQL Server instance, click SQL Server Checks and specify the SQL Server instance to check. You can also specify the authentication method and connection credentials for access to the SQL Server instance.

  • To check a particular Active Directory domain or a particular Domain Controller (DC), click Active Directory Checks and specify the name of the domain or the name of the DC. You can also specify connection credentials for access to the domain or DC.

System Checker then creates a report of the selected action, and displays it in its report viewer. Reports are divided into sections, each of which represents the results of a single check. If a report section includes any errors or warning messages, you can view the messages by expanding the section in the report viewer.

The report viewer also allows you to:

  • Print the report.

  • Export the report to an HTML file, so that you can open the report in a web browser later.

  • Save the report to a report file, so that you can open the saved report in the report viewer later.

  • Open a saved report by clicking Open in the main menu of System Checker, and selecting the report file.

  • Rebuild the report, and optionally also changing the report options.

    To rebuild the report, click Recheck on the toolbar of the report viewer.

Related Documents

The document was helpful.

Select Rating

I easily found the information I needed.

Select Rating