Chat now with support
Chat with Support

Safeguard Authentication Services 4.1.5 - ActiveRoles Integration Pack Administration Guide

About Authentication Services

Authentication Services integrates native UNIX and Linux authentication and identity subsystems with Active Directory. It eliminates key vulnerabilities and end-user downtime, to minimize risk and lower costs.

At its core Authentication Services provides centralized authentication for Unix, Linux, and Mac systems to Active Directory (AD). With more than 500 current customers and 3 million seats, Authentication Services is the clear market leader in Active Directory integration.

Key Features of the Integration Pack

The Authentication Services ActiveRoles Integration Pack extends the capabilities of the ActiveRoles Server Web interface to include the management of Unix and Linux identities such as Unix-enabled users and groups. You define all management operations by means of the ActiveRoles Server console. Then when managing the users and groups in the Web interface, the defined provisioning and security policies will be followed.

You can also use the ActiveRoles Server change-tracking features, such as management history, to monitor changes made to Unix-related data. ActiveRoles Server gives you a clear log, which documents the changes made to a given identity, such as a Unix-enabled user account. The log includes entries detailing actions performed, success or failure of the actions, as well as which properties were changed.

The Integration Pack provides ActiveRoles policy types that enable automatic provisioning and de-provisioning of Unix account attributes for users and groups. You can incorporate these provisioning actions into custom work flows.

The following sections describe these Integration Pack components:

NOTE: Refer to Administration Tasks for procedures on how to use these Integration Pack components.

Access Templates

You use standard ActiveRoles Server functionality to delegate management tasks on Unix data. You implement a delegation scheme by applying Access Templates included with the integration pack. For example, to delegate all Unix-related management tasks on Windows user accounts, link the Users - Modify All Unix Properties template to a certain organizational unit and select the appropriate group as Trustee. As a result, any member of that group is authorized to perform the tasks on any user account held in that organizational unit.

To locate the Access Templates provided by the Integration Pack, in theActiveRoles Server Console, navigate to Configuration | Access Templates | Authentication Services Integration v2.1.x.

The following table summarizes the Access Templates included with the Integration Pack.

Table 1: Access templates included with the integration pack
Access template Description

Groups-Modify All Unix Properties

Permissions to view and modify these Unix-related properties of Windows groups:

  • Unix name
  • Group ID

Users-Modify All Unix Properties

Permissions to view and modify these Unix-related properties of Windows user accounts:

  • Unix name
  • User ID
  • Primary Group ID
  • Comments (GECOS)
  • Home Directory
  • Login Shell

Managed Units

Managed Units allow you to locate the Unix users and groups in your ActiveRoles Server managed environment.

You use standard ActiveRoles Server functionality to provide administrative views of user and group accounts with Unix attributes.

To locate the Managed Units provided by the Integration Pack, in the ActiveRoles Server Console, navigate to Configuration | Managed Units | Authentication Services Integration v2.1.x.

The following table summarizes the Managed Units included with the Integration Pack.

Table 2: Managed units included with the integration pack
Managed unit Description

Unix-enabled groups

Administrative view of all Unix-enabled groups that exist in the domains registered with ActiveRoles Server (managed and unmanaged domains).

Unix-enabled users

Administrative view of all Unix-enabled users that exist in the domains registered with ActiveRoles Server (managed and unmanaged domains)

Related Documents