Skip to main content

Preparation

Before you can target One Identity Active Roles Server, you must:

  1. Provide access to Active Roles Management Shell.

  2. Set up target system administrator(s)

  3. Create at least one template account

Setting up access to Active Roles Management Shell

When listing accounts from Active Roles Server remotely, access to Active Roles Management Shell is required.

On the Active Roles Server:

  1. Add the Active Roles target system administrator into following local user groups by using server manager:

    • Remote Desktop Users

    • WinRMRemoteWMIUsers__

    • WSS_ADMIN_WPG

    Note

    Local group WinRMRemoteWMIUsers__ is not installed by default in Windows later versions, such as Windows 2016. It can be added by using command:

    net localgroup /add WinRMRemoteWMIUsers__

  2. Launch Active Roles Management Shell as an Administrator.

  3. Execute the following command to enable Windows Remote Management (WinRM):

    Enable-PSRemoting -Force

  4. Execute the following command to enable Credential Security Support Provider (CredSSP) authentication on the Active Roles Server:

    Enable-WSManCredSSP -Role Server

To configure the client computer where the connector(agtars) is installed:

  • If the connector (agtars) is installed on Bravura Security Fabric server:

    1. Launch Windows PowerShell as an Administrator.

    2. Execute the following command to enable Credential Security Support Provider (CredSSP) authentication:

    Enable-WSManCredSSP -Role client -DelegateComputer "<ARS server name>"

  • If the connector (agtars) is installed on the Active Roles Server:

    1. Install Proxy Service (psproxy) on the Active Roles Server.

    2. Install Connector Pack, which should match the setup of Bravura Security Fabric server Connector Pack.

Creating a template account

Bravura Security Fabric uses template accounts as models or "blueprints" for creating new accounts in One Identity Active Roles Server.

Setting up target system administrator(s)

Bravura Security Fabric uses designated account(s) on One Identity Active Roles Server to perform Bravura Security Fabric operations.

The target system administrator must be a member of the Domain Administrators group from the domain the Active Roles Server manages, and a member of the Active Roles Admin group if the connector accesses the Active Roles Server remotely.

In this section: