Chat now with support
Chat with Support

Safeguard Authentication Services 4.1.5 - Management Console for Unix Administration Guide

One Identity Privileged Access Suite for Unix Introducing One Identity Management Console for Unix Installing Management Console for Unix Preparing Unix Hosts Working with Host Systems Managing Local Groups Managing Local Users Active Directory Integration Authentication Services Integration Privilege Manager Integration Reporting Setting Preferences Security Troubleshooting Tips
Auto Profile Issues Active Directory Issues Auditing and Compliance Cannot Create a Service Connection Point Check Authentication Services Agent Status Commands Not Available CSV or PDF Reports Do Not Open Database Port Number Is Already in Use Elevation Is Not Working Hosts Do Not Display Import File Lists Fakepath Information Does Not Display in the Console Java Applet Failures License Info in Report is not Accurate Out of Memory Error Post Install Configuration Fails on Unix or Mac Privilege Manager Feature Issues Profile Task Never Completes questusr Account was Deleted Readiness Check Failed Recovering From a Failed Upgrade Reports Are Slow Reset the Supervisor Password Running on a Windows 2008 R2 Domain Controller Service Account Login Fails Setting Custom Configuration Settings Single Sign-on (SSO) Issues JVM Memory Tuning Suggestions Start/Stop/Restart Management Console for Unix Service Tool Bar Buttons Are Not Enabled UID or GID Conflicts
System Maintenance Command Line Utilities Web Services Database Maintenance

Review the Console Access & Privileges Report

The Console Access and Permissions report lists users who have access to the mangement console based on membership in a role and the permissions assigned to the role.

To create the Console Access & Privileges report

  1. From the mangement console, navigate to Reporting.
  2. From the Reports view, double-click the Console Access and Permissions report name.

    The report opens a new Console Access and Permissions tab on the Reports view.

  3. Open the Export drop-down menu and select the format you want to use for the report: PDF or CSV.

    Note: If you are logged in as supervisor, the mangement console requires that you authenticate to Active Directory in order to view the settings for Active Directory.

    It launches a new browser or application page and displays the report in the selected format.

    Note: When generating multiple reports simultaneously or generating a single report that contains a large amount of data, One Identity recommends that you increase the JVM memory. (See JVM Memory Tuning Suggestions for details.)

Active Directory System Settings

Use the Active Directory settings to configure the console for Active Directory, specify which sites, domains, domain controllers, and global catalogs the mangement console may access, and to define the default domain you want the console to use when authenticating a user account.

Note: If you are logged in as supervisor, the mangement console requires that you authenticate to Active Directory in order to view the settings for Active Directory.

Active Directory Configuration

To configure the mangement console for Active Directory

  1. From the top-level Settings menu, navigate to System settings | Active Directory.

  2. On the AD Configuration dialog, click the Configure console for Active Directory link next to Forest:

    Note:

    If a domain name is displayed instead of the link, the mangement console is already configured for Active Directory. To limit how the console accesses Active Directory, refer to Advanced Settings for information about limited the sites, domains, domain controllers, or global catalogs you want the console to contact.

  3. On the Configure console for Active Directory Logon dialog,

    1. Enter a domain in the forest.

    2. Enter the Active Directory credentials.

      The wizard uses these credentials to configure the mangement console for use with Active Directory.

    3. Click Connect to Active Directory.

    4. When you see the message that indicates your console connected to Active Directory successfully, click Next.

  4. On the Set up console access by role dialog, click Add... to specify the Active Directory users and groups that you want to have access to the features available in Management Console for Unix.

    The Select Users and Groups dialog opens:

    1. Use the search controls to find and select Active Directory user(s) or group(s). Select one or more objects from the list and click OK.

      The mangement console adds the selected object(s) to the list on the Set up console access by role dialog.

      By default the mangement console assigns users to All Roles, which gives those accounts permissions to access and perform all tasks within the console. (See Console Roles and Permissions System Settings for more information.)

      Note: During the initial set up, you can only assign one role per user. Use System Settings to add additional roles to a user. (See Add (or Remove) Role Members for details.)

    2. Click in the All Roles cell to activate the drop-down menu from which you can choose a role for the user account.

    3. Click Finish to save your selections and return to System Settings.

  5. Click OK to close System Settings and return to the mangement console.

    The additional features are now unlocked; however, you must be logged on as an Active Directory user to perform Active Directory tasks.

  6. Navigate to the User menu in the upper right-hand region of the screen and click Sign out. Then sign back on using an Active Directory account that has been granted access to the mangement console (that is, an account that was added to the list on the Set up console access by role dialog).

Advanced Settings

By default, the mangement console contacts Active Directory through any site, domain, domain controller, or global catalog that is available. To limit how the console contacts Active Directory, click Advanced Settings and specify which sites, domains, domain controllers, or global catalogs you want the console to contact.

To configure advanced Active Directory settings

  1. Log into the mangement console with the supervisor account or an Active Directory account rights to change System Settings; that is, an account in the Console Administration role.

  2. From the top-level Settings menu, navigate to System settings | Active Directory and click the Advanced Settings button.

    Note: If the Advanced Settings button is not enabled, you must first configure the console for Active Directory. (See Active Directory Configuration for details.)

    If the Active Directory configuration has become invalid (for example, the console is restricted to a domain that no longer exists), refer to Unable to Configure Active Directory for information about temporarily setting the domain and site settings until you can reset the configuration from the Advanced Settings dialog.

  3. On the Active Directory Credentials dialog, enter credentials to log into Active Directory and click OK.

    The Active Directory Forest Configuration dialog opens which allows you to configure which sites, domains, domain controllers, or global catalogs you want the mangement console to contact for all Active Directory related tasks.

  4. Choose either the Sites or the Domains option.

    The Sites option allows you to select and deselect only sites. The Domains option allows you to select or deselect individual domain controllers.

  5. Expand the tree view and select which site, domain, domain controller, or global catalog node you want the console to contact for all Active Directory related tasks.

  6. Click Verify configuration. (Note: You must test before you can save the change.).

  7. Click OK to return to System Settings.

To remove a console access restriction in Advanced Settings

  1. Expand the tree view and deselect site, domain, domain controller, or global catalog node.
  2. Click Verify configuration. (Note: You must test before you can save the change.).
  3. Click OK to save the change and return to System Settings.
Related Documents