The Console Access and Permissions report lists users who have access to the mangement console based on membership in a role and the permissions assigned to the role.
To create the Console Access & Privileges report
The report opens a new Console Access and Permissions tab on the Reports view.
|
Note: If you are logged in as supervisor, the mangement console requires that you authenticate to Active Directory in order to view the settings for Active Directory. |
It launches a new browser or application page and displays the report in the selected format.
|
Note: When generating multiple reports simultaneously or generating a single report that contains a large amount of data, One Identity recommends that you increase the JVM memory. (See JVM Memory Tuning Suggestions for details.) |
Use the Active Directory settings to configure the console for Active Directory, specify which sites, domains, domain controllers, and global catalogs the mangement console may access, and to define the default domain you want the console to use when authenticating a user account.
|
Note: If you are logged in as supervisor, the mangement console requires that you authenticate to Active Directory in order to view the settings for Active Directory. |
To configure the mangement console for Active Directory
From the top-level Settings menu, navigate to System settings | Active Directory.
On the AD Configuration dialog, click the Configure console for Active Directory link next to Forest:
|
Note: If a domain name is displayed instead of the link, the mangement console is already configured for Active Directory. To limit how the console accesses Active Directory, refer to Advanced Settings for information about limited the sites, domains, domain controllers, or global catalogs you want the console to contact. |
On the Configure console for Active Directory Logon dialog,
Enter a domain in the forest.
Enter the Active Directory credentials.
The wizard uses these credentials to configure the mangement console for use with Active Directory.
Click Connect to Active Directory.
When you see the message that indicates your console connected to Active Directory successfully, click Next.
On the Set up console access by role dialog, click Add... to specify the Active Directory users and groups that you want to have access to the features available in Management Console for Unix.
The Select Users and Groups dialog opens:
Use the search controls to find and select Active Directory user(s) or group(s). Select one or more objects from the list and click OK.
The mangement console adds the selected object(s) to the list on the Set up console access by role dialog.
By default the mangement console assigns users to All Roles, which gives those accounts permissions to access and perform all tasks within the console. (See Console Roles and Permissions System Settings for more information.)
|
Note: During the initial set up, you can only assign one role per user. Use System Settings to add additional roles to a user. (See Add (or Remove) Role Members for details.) |
Click in the All Roles cell to activate the drop-down menu from which you can choose a role for the user account.
Click Finish to save your selections and return to System Settings.
Click OK to close System Settings and return to the mangement console.
The additional features are now unlocked; however, you must be logged on as an Active Directory user to perform Active Directory tasks.
By default, the mangement console contacts Active Directory through any site, domain, domain controller, or global catalog that is available. To limit how the console contacts Active Directory, click Advanced Settings and specify which sites, domains, domain controllers, or global catalogs you want the console to contact.
To configure advanced Active Directory settings
Log into the mangement console with the supervisor account or an Active Directory account rights to change System Settings; that is, an account in the Console Administration role.
From the top-level Settings menu, navigate to System settings | Active Directory and click the Advanced Settings button.
|
Note: If the Advanced Settings button is not enabled, you must first configure the console for Active Directory. (See Active Directory Configuration for details.) If the Active Directory configuration has become invalid (for example, the console is restricted to a domain that no longer exists), refer to Unable to Configure Active Directory for information about temporarily setting the domain and site settings until you can reset the configuration from the Advanced Settings dialog. |
On the Active Directory Credentials dialog, enter credentials to log into Active Directory and click OK.
The Active Directory Forest Configuration dialog opens which allows you to configure which sites, domains, domain controllers, or global catalogs you want the mangement console to contact for all Active Directory related tasks.
Choose either the Sites or the Domains option.
The Sites option allows you to select and deselect only sites. The Domains option allows you to select or deselect individual domain controllers.
Expand the tree view and select which site, domain, domain controller, or global catalog node you want the console to contact for all Active Directory related tasks.
Click Verify configuration. (Note: You must test before you can save the change.).
Click OK to return to System Settings.
To remove a console access restriction in Advanced Settings
© 2023 One Identity LLC. ALL RIGHTS RESERVED. Feedback Terms of Use Privacy