立即与支持人员聊天
与支持团队交流

Active Roles 8.0.1 LTS - Feature Guide

Introduction Administrative rules and roles Using Active Roles Configuring and administering Active Roles FIPS compliance LSA protection support

Active Roles Setup wizard

The Active Roles Setup wizard facilitates the evaluation, deployment, upgrade and configuration of Active Roles. The key highlights of the wizard include the following:

  • Unified setup process: Active Roles is shipped with a single wizard for installing all core product components, including the Administration Service, the Web Interface, and the Console (also known as the MMC Interface).

  • Configuration Center: After installation, Active Roles launches the Configuration Center, an application that you can use to perform the core configuration tasks after installation, or to finish upgrading Active Roles. As such, the Configuration Center lets you configure Administration Service instances and deploy Web Interface sites. For more information on the Configuration Center, see Active Roles Configuration Center.

  • Side-by-side deployment: The Active Roles Setup allows you to deploy new Active Roles versions side-by-side on the same computers with Active Roles 6.9. This allows you to use the same hardware and infrastructure to run newer versions of Active Roles while also keeping Active Roles 6.9 deployed for your business needs.

    CAUTION: Upgrading from Active Roles 6.9 to a newer version is only meant to be a temporary solution, as the side-by-side installation of two different Active Roles versions can have a negative impact on the environment.

    Different versions of Active Roles are not supported in the same Active Directory domain. Different versions of Active Roles servers in the same AD domain will cause issues with dynamic groups, policies, workflows, or custom scripts, and can also cause conflicts in product functionality.

    When upgrading Active Roles to a later version, One Identity recommends to upgrade all servers running Active Roles components to the same version to be in a supported configuration.

    For more information, see Knowledge Base Article 4307177.

    NOTE: To avoid potential conflicts with Active Roles 6.9, newer versions of the product use a different name for the Windows service of the Administration Service and for the default Web Interface sites.

  • Separate component installation files: Although the Active Roles Setup allows you to install every major product component at once, the installation *.iso delivers each component (such as the Administration Service, the Web Interface, the Add-on Manager, the SPML Provider, or the Management Shell) in separate *.msi files. This allows you to install the various Active Roles components individually without the need of running the Active Roles Setup.

Active Roles Configuration Center

The Active Roles Configuration Center is a configuration application that provides a unified configuration platform for the Active Roles Administration Service and the Web Interface component. This allows administrators to perform the core Active Roles configuration tasks from a single application, including the following:

  • Performing the initial configuration of Active Roles, such as setting up the Administration Service instances and the default Web Interface sites.

  • Importing the configuration database and the management history database from earlier Active Roles versions.

  • Managing the core Administration Service resources, such as the Active Roles Admin account, service account, and database connections.

  • Creating new Web Interface sites either based on the site configuration objects of the current Active Roles version, or by importing site configuration objects from earlier Active Roles versions.

  • Managing core Web Interface site settings, such as site addresses on the web server, or the configuration object in the Administration Service.

  • Configuring secure communication for the Active Roles Web Interface through forced SSL redirection.

  • Integrating Active Roles with One Identity Starling. For more information, see One Identity Starling Join and configuration through Active Roles in the Active Roles Administration Guide.

  • Managing user login settings for the Active Roles Console (also known as the MMC Interface).

  • Configuring Federated Authentication, allowing you to access an application or website by authenticating against a certain set of rules, known as "claims".

  • Configuring log management and Solution Intelligence.

For more information on these features, see the following subsections.

Getting Started

Active Roles Configuration Center is automatically installed and started by default if you select to install either the Administration Service or the Web Interface components to a computer. Later, you can start Configuration Center again either from the Windows Start menu, or from the Apps page of the operating system.

Configuration Center components

The Configuration Center provides a unified, single, simple, wizard-based user interface for all core Active Roles configuration tasks, making it a single point of access to all management wizards for all configuration tasks.

The Configuration Center consists of the following elements.

Initial configuration wizards

After installing Active Roles, the Configuration Center allows administrators to run the initial configuration wizards and create the new Active Roles instance, including the Administration Service and the Web Interface.

Hub pages and management wizards

Once the initial configuration is completed, the Configuration Center provides a consolidated view of the core Active Roles configuration settings, and offers tools for changing those settings.

The hub pages of the Configuration Center show the current settings specific to the Administration Service and the Web Interface, including the commands to start the management wizards for changing those settings. The available hub pages are the following:

  • Administration Service: This page allows administrators to:

    • View or change the Active Roles Admin account, service account, and databases.

    • Import the configuration data and management history data either from an earlier Active Roles version or from the current Active Roles database.

    • View status information, such as whether the Administration Service is started and ready for use, stopped, or being restarted (along with the options to start, stop and restart the service).

  • Web Interface: This page allows administrators to:

    • View, create, modify or delete Web Interface sites. The configurable site settings include the site address, and the configuration object that stores the site configuration data in the Administration Service.

      When creating or modifying a Web Interface site, administrators can either reuse an existing configuration object, or create a new one based on a template or by importing data from another configuration object or from an export file.

    • Export the configuration of any existing Web Interface site to a file.

    • Open each site in a web browser.

Configuration Shell

The ActiveRolesConfiguration module (also known as the Configuration Shell) of the Active Roles Management Shell allows administrators to access all Configuration Center features and functions from a Windows PowerShell command-line interface or with scripts, facilitating the unattended configuration of Active Roles components. The ActiveRolesConfiguration module provides cmdlets for key configuration tasks, such as:

  • Creating the Active Roles database.

  • Creating or modifying the Administration Service instances and the Web Interface sites.

  • Performing data exchange between Active Roles databases and between site configuration objects.

  • Querying the current state of the Administration Service.

  • Starting, stopping or restarting the Administration Service.

Configuring a local or remote Active Roles instance

Configuration Center is installed as part of the Management Tools component if you install Active Roles on a 64-bit system. You can use the Management Tools package to perform configuration tasks on the local or remote computer that has the current version of the Administration Service or Web Interface installed.

Once installed, the Configuration Center looks for these components on the local computer, and if it does not find any of these components, it prompts you to connect to a remote computer. However, you can also connect to a remote computer by clicking the drop-down menu in the Configuration Center header.

NOTE: Consider the following when planning to use the Configuration Center on a remote computer:

  • When connecting to a remote computer, Configuration Center prompts you for a user name and password. The account you use to log in must match the domain user account belonging to the Administrators group on the remote computer. In addition, whether you are going to perform configuration tasks on the local computer or on a remote computer, your login account must be a member of the Administrators group on the computer running Configuration Center.

  • To perform configuration tasks on a remote computer, Configuration Center requires Windows PowerShell remoting to be enabled on that computer. PowerShell remoting is enabled by default on Microsoft Windows Server 2016 or newer operating systems; however, if it is turned off for any reason on the remote computer, you can enable it by running the Enable-PSRemoting command in Windows PowerShell. For more information, see Enable-PSRemoting in the Microsoft PowerShell documentation.

相关文档

The document was helpful.

选择评级

I easily found the information I needed.

选择评级