Indexing certain attributes used by the Safeguard Authentication Services Unix agent can have a dramatic effect on the performance and scalability of your Unix and Active Directory integration project.
The Control Center, Preferences | Schema Attributes | Unix Attributes panel displays a warning if the Active Directory configuration is not optimized according to best practices.
One Identity recommends that you index the following attributes in Active Directory:
Note: LDAP display names vary depending on your Unix attribute mappings.
It is also a best practice to add all Unix identity attributes to the global catalog. This reduces the number of Active Directory lookups that need to be performed by Safeguard Authentication Services Unix agents.
Click the Optimize Schema link to run a script that updates these attributes as necessary. The Optimize Schema option is only available if you have not optimized the Unix schema attributes defined for use in Active Directory.
This operation requires administrative rights in Active Directory. If you do not have the necessary rights to optimize your schema, it generates a schema optimization script. You can send the script to an Active Directory administrator who has rights to make the necessary changes.
All schema optimizations are reversible and no schema extensions are applied in the process.
You can specify the user mobile number and user email address attributes to be used by the Starling push notifications.
Modifications to the Starling schema attributes configuration are global and apply to all Safeguard Authentication Services clients in the forest. For users configured to use Starling, this could cause user logins to fail.
To configure custom LDAP attributes for use with Starling push notifications
Enter the LDAP display name for one or both of the Starling attributes used by the Starling push notifications:
Management Console for Unix allows you to centrally manage Safeguard Authentication Services agents running on Unix, Linux, and macOS systems.
With the management console you can:
You can install the management console on supported Unix, Linux, and macOS platforms. Once installed, you can access it from a browser using default port of 9443 or from the Control Center.
You can run the One IdentityManagement Console for Unixmanagement console within the Control Center or you can run it separately in a supported web browser. The management console is a separate install on Windows, Unix, Linux, or macOS that you can launch from the ISO.
Typically, you install one management console per environment to avoid redundancy. One Identity does not advise managing a Unix host by more than one management console in order to avoid redundancy and inconsistencies in stored information. If you manage the same Unix host by more than one management console, you should always re-profile that host to minimize inconsistencies that may occur between instances of the management consoles.
Install instance of Management Console for Unix
You must install an instance of Management Console for Unix in your environment in order to access the Management Console. The installation can be accessed from the Safeguard Authentication Services distribution media:
Access the MCU configuration from the Control Center
From the Control Center, select Preferences then Management Console for Unix Configuration. The configuration for the Management Console for Unix displays. If the Management Console cannot be located, you will see a message like: The Management Console could not be located. Specify a URL where Management Console for Unix is running. The URL can be specified on this page.
Specify the following:
For more information
For details, go to these sections of this documentation:
Also see the One Identity Management Console for Unix - Administration Guide available on the Safeguard for Authentication Services Technical Documentation page, along with the latest Release Notes.
The topics in this section help you learn how to do some basic system administration tasks using the Control Center and Management Console for Unix.
Note: The exercises in this section assume that you have successfully installed Safeguard Authentication Services and Management Console for Unix and have added a host to the console and joined it to Active Directory. For more information, see Prepare Unix hosts.
This section shows you how to create the following test user and group accounts used in various examples:
One Identity recommends that you work through the topics in this section in order as a self-directed "test drive" of some of the key product features. You will learn how easy it is to manage your users and groups from the management console.