立即与支持人员聊天
与支持团队交流

Active Roles 8.2 - Feature Guide

Introduction About Active Roles
Main Active Roles features Technical overview of Active Roles
About presentation components Overview of service components About network data sources About security and administration elements About Active Directory security management Customization using ADSI Provider and script policies About dynamic groups About workflows Operation in multi-forest environments
Examples of use
Administrative rules and roles
About Managed Units About Access Templates About Access Rules About rule-based autoprovisioning and deprovisioning
Configuring and administering Active Roles Overview of Active Roles Synchronization Service Support for AWS Managed Microsoft AD FIPS compliance LSA protection support STIG compliance

Supported Configuration Center tasks

The Configuration Center lets administrators perform:

Initial configuration tasks

Once the Active Roles Setup wizard installs Active Roles, the Configuration Center starts automatically so that administrators can create an Administration Service instance and deploy the default Web Interface sites. The following sections describe these tasks in detail.

Configuration of the Administration Service

The Configure Administration Service wizard creates the Administration Service instance, preparing it for use. The wizard needs the following data for configuration:

  • The login name and password of the account in which the configured Administration Service instance will be running (service account). In case of a Group Managed Service account, you must specify the service account details.

  • The name of the group or user account that will have full access to all Active Roles features and functions through the configured Administration Service instance. This group or account is known as the Active Roles Admin.

  • The database in which the configured Administration Service instance will store the configuration data and management history data. When specifying the database, you can either create a new database, or use an existing database compatible with the current Active Roles version. You can use the same database for multiple Administration Service instances.

  • The authentication mode that the configured Administration Service instance will use when connecting to the database:

    • When using Windows authentication, the Administration Service will use the credentials of the service account.

      When using SQL Server authentication, the Administration Service will use the SQL login name and password you specify in the wizard.

To start the wizard, in the Administration Service tab, click Configure.

Configuration of the Web Interface

The Configure Web Interface wizard creates the default Web Interface sites, getting the Web Interface component ready for use. The wizard prompts you to choose which Administration Service instance will be used by the Web Interface instance you are configuring. The Web Interface can:

  • Use the Administration Service instance running on the same computer as the Web Interface.

  • Use an Administration Service instance running on a different computer. In this case, you must supply the fully qualified domain name of the computer running the preferred instance of the Administration Service.

  • Let the Web Interface choose any Administration Service instance that has the same configuration as the specified one. In this case, you must supply the fully qualified domain name of the computer running the Administration Service instance of the desired configuration.

    NOTE: If your environment uses Active Roles replication, you must specify the computer running the Administration Service instance whose database server acts as the Publisher of the Active Roles configuration database.

You can access the Configure Web Interface wizard from the Configure > Web Interface menu of the Configuration Center Dashboard.

After configuring the Web Interface, you can perform the following additional Web Interface configuration steps in the Configuration Center:

  • Forcing SSL redirection: By default, Active Roles users can connect to the configured Web Interface sites via HTTP protocol that does not encrypt data during communication. To enable secure communication for the Web Interface on local and remote servers, One Identity recommends enabling the HTTPS protocol with the Force SSL Redirection option.

  • Federated authentication: You can authenticate the Web Interface sites against a certain set of rules (known as "claims"), by using the federated authentication. The implementation in Active Roles uses Security Assertion Markup Language (SAML), through which you can sign in to an application via single sign-on, then authenticate to access the configured Web Interface sites. For more information, see Working with federated authentication in the Active Roles Administration Guide.

相关文档

The document was helpful.

选择评级

I easily found the information I needed.

选择评级