Chat now with support
Chat with Support

Safeguard Authentication Services 4.1.5 - ActiveRoles Integration Pack Administration Guide

Deleting Policy Objects

To delete policy objects

  1. From the ActiveRoles Server Console, navigate to Configuration | Policies | Administration.
  2. Right-click a Policy Object and choose Policy Scope.

    This displays the links in which the Policy Object occurs.

  3. Select the link, click Remove, Yes, OK, and then OK again.

    This deletes the links to the policy object.

  4. Right-click the policy object and click Delete.
  5. Click Yes to confirm your decision.

De-provisioning Unix Users

You can automatically disable Unix accounts when users are de-provisioned in ActiveRoles Server.

To de-provision Unix users

  1. From the ActiveRoles Server Console, navigate to Configuration | Policies | Administration.
  2. From the Action menu, select New | Deprovisioning Policy.
  3. When the New Deprovisioning Policy Object Wizard starts, click Next.
  4. On the Name and Description page, enter Disable Unix accounts for deprovisioned users in the Name box and click Next.
  5. On the Policy to Configure page, locate the Authentication Services Integration Pack and select the Deprovision Unix User policy type and click Next.
  6. On the Policy Parameters page, select the UnixDisable parameter and click Edit.
  7. On the Edit Parameter page, open the Value: drop-down menu, select True and click OK.
  8. On the Policy Parameters page, select the PrimaryGidNumber parameter and click Edit.
  9. On the Edit Parameter page, specify an integer value for the Primary GID number and click OK.
  10. On the Policy Parameters page, click Next.
  11. On the Enforce Policy page, click the Add button.
  12. On the Select Objects page, click Browse, select Active Directory (to apply this policy to all new users), and click OK.
  13. On the Select Objects page, select the Active Directory item at the top of the list, click Add and then click OK.
  14. On the Enforce Policy page, click Next.
  15. Click Finish to create the new policy object and close the wizard.

    When you de-provision a user account, the Integration Pack automatically disables the user's Unix attributes.

Provisioning Unix Groups

To automatically Unix-enable groups

  1. From the ActiveRoles Server Console, navigate to Configuration | Policies | Administration.
  2. From the Action menu, select New | Provisioning Policy.
  3. When the New Provisioning Policy Object Wizard starts, click Next.
  4. On the Name and Description page, enter Unix-enable new groups in the Name box and click Next.
  5. On the Policy to Configure page, locate the Authentication Services Integration Pack and select the Provision Unix Group policy type and click Next.
  6. On the Policy Parameters page, select the AutoUnixEnable parameter and click Edit.
  7. On the Edit Parameter page, open the Value: drop-down menu, select True and click OK.
  8. On the Policy Parameters page, click Next.
  9. On the Enforce Policy page, click the Add button.
  10. On the Select Objects page, click Browse, select Active Directory (to apply this policy to all new Active Directory groups), and click OK.
  11. On the Select Objects page, select the Active Directory item at the top of the list, click Add and then click OK.
  12. On the Enforce Policy page, click Next.
  13. Click Finish to create the new policy object.
  14. On the ActiveRoles Server dialog, click OK to return to the ActiveRoles Server Console.

    When you provision a new group account, the Integration Pack automatically Unix-enables the users associated with that account. That is, it populates the user's Unix attributes.

De-provisioning Groups

You can automatically disable Unix accounts when groups are de-provisioned in ActiveRoles Server.

To de-provision Unix groups

  1. From the ActiveRoles Server Console, navigate to Configuration | Policies | Administration.
  2. From the Action menu, select New | Deprovisioning Policy.
  3. When the New Deprovisioning Policy Object Wizard starts, click Next.
  4. On the Name and Description page, enter Disable Unix accounts for deprovisioned groups in the Name box and click Next.
  5. On the Policy to Configure page, locate the Authentication Services Integration Pack and select the Deprovision Unix Group policy type and click Next.
  6. On the Policy Parameters page, select the UnixDisable parameter and click Edit.
  7. On the Edit Parameter page, open the Value: drop-down menu, select True and click OK.
  8. On the Policy Parameters page, click Next.
  9. On the Enforce Policy page, click the Add button.
  10. On the Select Objects page, click Browse, select Active Directory (to apply this policy to all new groups), and then click OK.
  11. On the Select Objects page, select the Active Directory item at the top of the list, click Add and click OK.
  12. On the Enforce Policy page, click Next.
  13. Click Finish to create the new policy object and close the wizard.

When you de-provision a group account, the Integration Pack automatically clears the group's Unix attributes rendering it Unix-disabled.

Related Documents