立即与支持人员聊天
与支持团队交流

Active Roles 8.2 - Feature Guide

Introduction About Active Roles
Main Active Roles features Technical overview of Active Roles
About presentation components Overview of service components About network data sources About security and administration elements About Active Directory security management Customization using ADSI Provider and script policies About dynamic groups About workflows Operation in multi-forest environments
Examples of use
Administrative rules and roles
About Managed Units About Access Templates About Access Rules About rule-based autoprovisioning and deprovisioning
Configuring and administering Active Roles Overview of Active Roles Synchronization Service Support for AWS Managed Microsoft AD FIPS compliance LSA protection support STIG compliance

About Active Roles Configuration Center

The Active Roles Configuration Center is a configuration application that provides a unified configuration platform for the Active Roles Administration Service and the Web Interface component. This allows administrators to perform the core Active Roles configuration tasks from a single application, including the following:

  • Performing the initial configuration of Active Roles, such as setting up the Administration Service instances and the default Web Interface sites.

  • Importing the configuration database and the management history database from earlier Active Roles versions.

  • Managing the core Administration Service resources, such as the Active Roles Admin account, service account, and database connections.

  • Creating new Web Interface sites either based on the site configuration objects of the current Active Roles version, or by importing site configuration objects from earlier Active Roles versions.

  • Managing core Web Interface site settings, such as site addresses on the web server, or the configuration object in the Administration Service.

  • Configuring secure communication for the Active Roles Web Interface through forced SSL redirection.

  • Integrating Active Roles with One Identity Starling. For more information, see One Identity Starling Join and configuration through Active Roles in the Active Roles Administration Guide.

  • Managing user login settings for the Active Roles Console (also known as the MMC Interface).

  • Configuring federated authentication, allowing you to access an application or website by authenticating against a certain set of rules, known as "claims".

  • Configuring log management and Solution Intelligence.

For more information on these features, see the following subsections.

Getting Started

Active Roles Configuration Center is automatically installed and started by default if you select to install either the Administration Service or the Web Interface components to a computer. Later, you can start Configuration Center again either from the Windows Start menu, or from the Apps page of the operating system.

About Configuration Center components

The Configuration Center provides a unified, single, simple, wizard-based user interface for all core Active Roles configuration tasks, making it a single point of access to all management wizards for all configuration tasks.

The Configuration Center consists of the following elements.

Initial configuration wizards

After installing Active Roles, the Configuration Center allows administrators to run the initial configuration wizards and create the new Active Roles instance, including the Administration Service and the Web Interface.

Hub pages and management wizards

Once the initial configuration is completed, the Configuration Center provides a consolidated view of the core Active Roles configuration settings, and offers tools for changing those settings.

The hub pages of the Configuration Center show the current settings specific to the Administration Service and the Web Interface, including the commands to start the management wizards for changing those settings. The available hub pages are the following:

  • Administration Service: This page allows administrators to:

    • View or change the Active Roles Admin account, service account, and databases.

    • Import the configuration data and management history data either from an earlier Active Roles version or from the current Active Roles database.

    • View status information, such as whether the Administration Service is started and ready for use, stopped, or being restarted (along with the options to start, stop and restart the service).

  • Web Interface: This page allows administrators to:

    • View, create, modify or delete Web Interface sites. The configurable site settings include the site address, and the configuration object that stores the site configuration data in the Administration Service.

      When creating or modifying a Web Interface site, administrators can either reuse an existing configuration object, or create a new one based on a template or by importing data from another configuration object or from an export file.

    • Export the configuration of any existing Web Interface site to a file.

    • Open each site in a web browser.

Configuration Shell

The ActiveRolesConfiguration module (also known as the Configuration Shell) of the Active Roles Management Shell allows administrators to access all Configuration Center features and functions from a Windows PowerShell command-line interface or with scripts, facilitating the unattended configuration of Active Roles components. The ActiveRolesConfiguration module provides cmdlets for key configuration tasks, such as:

  • Creating the Active Roles database.

  • Creating or modifying the Administration Service instances and the Web Interface sites.

  • Performing data exchange between Active Roles databases and between site configuration objects.

  • Querying the current state of the Administration Service.

  • Starting, stopping or restarting the Administration Service.

Configuration of a local or remote Active Roles instance

Configuration Center is installed as part of the Management Tools component if you install Active Roles on a 64-bit system. You can use the Management Tools package to perform configuration tasks on the local or remote computer that has the current version of the Administration Service or Web Interface installed.

Once installed, the Configuration Center looks for these components on the local computer, and if it does not find any of these components, it prompts you to connect to a remote computer. However, you can also connect to a remote computer by clicking the drop-down menu in the Configuration Center header.

NOTE: Consider the following when planning to use the Configuration Center on a remote computer:

  • When connecting to a remote computer, Configuration Center prompts you for a user name and password. The account you use to log in must match the domain user account belonging to the Administrators group on the remote computer. In addition, whether you are going to perform configuration tasks on the local computer or on a remote computer, your login account must be a member of the Administrators group on the computer running Configuration Center.

  • To perform configuration tasks on a remote computer, Configuration Center requires Windows PowerShell remoting to be enabled on that computer. PowerShell remoting is enabled by default on Microsoft Windows Server 2016 or newer operating systems; however, if it is turned off for any reason on the remote computer, you can enable it by running the Enable-PSRemoting command in Windows PowerShell. For more information, see Enable-PSRemoting in the Microsoft PowerShell documentation.

About running the Configuration Center

The Configuration Center is installed and, by default, automatically started after installing the Active Roles Administration Service or Web Interface component on a computer, allowing you to perform the initial configuration tasks for these components. If you close the Configuration Center, you can start it again later from the Windows Start menu or the Apps page of the operating system.

As the Configuration Center can manage Active Roles not only on the local computer but also on remote computers, you can run it both on client and server operating systems. However, you can only install the Configuration Center on a 64-bit operating system. Once the component is installed on a client operating system, you must start and connect it to the remote server where the Administration Service or Web Interface instances you want to configure are installed. Similarly to a server operating system, you can launch the Active Roles Configuration Center either from the Windows Start menu or from the Apps page.

NOTE: To run the Configuration Center on a client computer, you must be logged in with Administrator privileges.

If neither the Administration Service nor the Web Interface is installed on the local computer, the Configuration Center will prompt you to select a remote computer. In the Select Server dialog that appears, supply the fully qualified domain name of a server on which the Administration Service or the Web Interface instance is installed, then enter the name and password of a domain user account that has administrator rights on that server. You can connect to a remote server at any time by clicking the Connect to another server option in the header of the Active Roles Configuration Center.

相关文档

The document was helpful.

选择评级

I easily found the information I needed.

选择评级