立即与支持人员聊天
与支持团队交流

Active Roles 8.1.5 - Feature Guide

Introduction About Active Roles
Main Active Roles features Technical overview of Active Roles
Presentation components Service components Network data sources Security and administration elements Active Directory security management Customization using ADSI Provider and script policies Dynamic groups Workflows Operation in multi-forest environments
Examples of use
Administrative rules and roles
Managed Units Access Templates Access Rules Active Roles Synchronization Service Exchange Resource Forest Management Skype for Business Server User Management
Configuring and administering Active Roles Support for AWS Managed Microsoft AD FIPS compliance LSA protection support

Configuring the Administration Service

The Configure Administration Service wizard creates the Administration Service instance, preparing it for use. The wizard needs the following data for configuration:

  • The login name and password of the account in which the configured Administration Service instance will be running (service account). In case of a Group Managed Service account, you must specify the service account details.

  • The name of the group or user account that will have full access to all Active Roles features and functions through the configured Administration Service instance. This group or account is known as the Active Roles Admin.

  • The database in which the configured Administration Service instance will store the configuration data and management history data. When specifying the database, you can either create a new database, or use an existing database compatible with the current Active Roles version. You can use the same database for multiple Administration Service instances.

  • The authentication mode that the configured Administration Service instance will use when connecting to the database:

    • When using Windows authentication, the Administration Service will use the credentials of the service account.

      When using SQL Server authentication, the Administration Service will use the SQL login name and password you specify in the wizard.

To start the wizard, in the Administration Service tab, click Configure.

Configuring the Web Interface

The Configure Web Interface wizard creates the default Web Interface sites, getting the Web Interface component ready for use. The wizard prompts you to choose which Administration Service instance will be used by the Web Interface instance you are configuring. The Web Interface can:

  • Use the Administration Service instance running on the same computer as the Web Interface.

  • Use an Administration Service instance running on a different computer. In this case, you must supply the fully qualified domain name of the computer running the preferred instance of the Administration Service.

  • Let the Web Interface choose any Administration Service instance that has the same configuration as the specified one. In this case, you must supply the fully qualified domain name of the computer running the Administration Service instance of the desired configuration.

    NOTE: If your environment uses Active Roles replication, you must specify the computer running the Administration Service instance whose database server acts as the Publisher of the Active Roles configuration database.

You can access the Configure Web Interface wizard from the Configure > Web Interface menu of the Configuration Center Dashboard.

After configuring the Web Interface, you can perform the following additional Web Interface configuration steps in the Configuration Center:

  • Forcing SSL redirection: By default, Active Roles users can connect to the configured Web Interface sites via HTTP protocol that does not encrypt data during communication. To enable secure communication for the Web Interface on local and remote servers, One Identity recommends enabling the HTTPS protocol with the Force SSL Redirection option.

  • Federated authentication: You can authenticate the Web Interface sites against a certain set of rules (known as "claims"), by using the federated authentication. The implementation in Active Roles uses Security Assertion Markup Language (SAML), through which you can sign in to an application via single sign-on, then authenticate to access the configured Web Interface sites. For more information, see Working with federated authentication in the Active Roles Administration Guide.

Configuring join to Starling

Active Roles supports integration with One Identity Starling via the Starling Join feature. Joining Active Roles to Starling enables access to the various Starling services, including Identity Analytics and Risk Intelligence, and Connect. For more information, see One Identity Starling Join and configuration through Active Roles in the Active Roles Administration Guide.

Configuration management tasks

Once you completed the initial configuration of Active Roles in the Configuration Center as described in Initial configuration tasks, you can check the state of the Administration Service and Web Interface components anytime, and can also perform various management tasks on them. The following sections describe these tasks in detail.

相关文档

The document was helpful.

选择评级

I easily found the information I needed.

选择评级