Chat now with support
Chat with Support

Active Roles 8.2 - Best Practices Guide

SQL database options

Active Roles supports the following SQL Server topologies.

  1. Standalone

    • One or more Active Roles services using one SQL Server.

  2. Multiple SQL Servers

    • Merge replication

    • Mirroring

    • Clustering

    • Always On availability groups

    • Distributed Always On availability groups

    • Transaction log shipping

TIP: One Identity recommends implementing a fault tolerant configuration such as:

  • SQL mirroring

  • Two Active Roles services using the same database sources

Active Roles Web Interface topologies

You can install Active Roles Web Interface either on the machine where Active Roles Administration Service is running, or on a standalone server. However, when Active Roles Web Interface is installed on a standalone server, the following limitations apply:

  • Federated authentication is not supported in a standalone configuration.

  • You must configure constrained delegation.

Active Roles client components

CAUTION: Hazard of data loss!

Active Roles client components are version-specific. Using mismatched or older versions can lead to a loss of functionality or data corruption.

Make sure that all Active Roles client components are up-to-date. The supported client components include:

  • Web Interface

  • SPML

  • ADSI

  • PowerShell or custom code via ADSI or EDMS calls

To check the version of Active Roles client components

  1. Open the Active Roles Console.

  2. To check the list of all clients currently connected to the Active Roles service, navigate to Server Configuration > Client Sessions.

  3. In the Client Version column, take note of any older clients, and upgrade them immediately.

Multi-factor authentication and two-factor authentication support

The Active Roles Web Interface supports the following federated authentication options:

  • Windows authentication

  • WS-Federation

  • SAML 2.0 Authentication (as of Active Roles 8.2).

WS-Federation can be used with Microsoft Entra ID or Active Directory Federation Services (ADFS). SAML 2.0 Authentication can utilize any SAML provider, like OneLogin by One Identity.

You can configure Active Roles Web Interface to use SAML 2.0 Authentication with a number of common Identity Providers. The provider can then request both primary and secondary authentication. For more information, see the Active Roles Administration Guide.

Additional third-party providers can be configured using the Redistributable Secure Token Server (RSTS).

For more information of federated authentication, see Configuring federated authentication in the Active Roles Administration Guide.

Related Documents

The document was helpful.

Select Rating

I easily found the information I needed.

Select Rating