Safeguard Authentication Services 4.1.5 - ActiveRoles Integration Pack Administration Guide

Upgrading

The Integration pack is not meant to be upgraded. Each version of the Integration Pack installs its policy objects, access templates, scripts and managed units into a version-specific container to isolate the data objects for each version. However, the Integration Pack shares Web interface modifications between all versions. For this reason, One Identity recommends that you uninstall the previous version before installing the new version.

When upgrading from one version of the Integration Pack to another, any customizations to Integration Pack data objects will be lost. To preserve Integration Pack customizations, One Identity recommends that you backup the modified objects before you uninstall the previous version. That is, copy or move the Access Templates, Policy Objects, Script Modules, or Virtual Attributes created by the old version of the Authentication Services Support Pack for ActiveRoles Server Web Interface to a new location using ActiveRoles Server management console. These objects are located in the ActiveRoles Server configuration container.

Uninstalling

To uninstall the Authentication Services ActiveRoles Integration

1. Navigate to the Control Panel | Programs | Programs and Features.
2. Right-click Authentication Services ActiveRoles Integration and choose uninstall.
3. Click Yes on the Programs and Features dialog to confirm your decision.
4. When prompted,
   1. Click Yes to remove the ActiveRoles Server configuration.

      This removes the server and Web interface extensions from ActiveRoles Server.

   2. Click No to uninstall the Integration Pack but retain the ActiveRoles Server configuration.

      This leaves the ActiveRoles Server integration extensions in the console.

Administration Tasks

The Integration Pack enables you to automate the provisioning and de-provisioning of UNIX account attributes. You can also delegate rights to manage Unix accounts that reside in Active Directory. Managed Units allow you to locate the Unix users and groups in your ActiveRoles Server managed environment. This chapter explains how to accomplish these tasks with the Integration Pack.

To access the ActiveRoles Server Console

1. From the Start menu, navigate to Program Files | Quest Software | ActiveRoles Server | ActiveRoles Server Console.

Provisioning Unix Users

You can automatically Unix-enable users that are provisioned in ActiveRoles Server.

To automatically Unix-enable users

1. From the ActiveRoles Server Console, navigate to Configuration | Policies | Administration.
2. From the Action menu, select New | Provisioning Policy.
3. When the New Provisioning Policy Object Wizard starts, click Next.
4. On the Name and Description page, enter Unix-enable new users in the Name box and click Next.
5. On the Policy to Configure page, locate the Authentication Services Integration Pack and select the Provision Unix User policy type and click Next.
6. On the Policy Parameters page, select the AutoUnixEnable parameter and click Edit.
7. On the Edit Parameter page, open the Value: drop-down menu, select True and click OK.
8. On the Policy Parameters page, click Next.
9. On the Enforce Policy page, click the Add button.
10. On the Select Objects page, click Browse, select Active Directory (to apply this policy to all new Active Directory users), and click OK.
11. On the Select Objects page, select the Active Directory item at the top of the list, click Add and then click OK.
12. On the Enforce Policy page, click Next.
13. Click Finish to create the new policy object.
14. On the ActiveRoles Server dialog, click OK to return to the ActiveRoles Server Console.

    When you provision a new user account, the Integration Pack automatically Unix-enables that account. That is, it populates the user's Unix attributes.