Skip to main content

Targeting One Identity Active Roles system

For each One Identity Active Roles Server, add a target system in Bravura Security Fabric (Manage the System > Resources > Target systems):

  • Type is One Identity Active Roles.

  • Address uses options described in the table below.

Table 1. One Identity Active Roles address configuration

Option

Description

Options marked with a redstar.png are required.

Domain redstar.png

The domain that the One Identity Active Roles Server manages.

(key: domain)

Server

The Active Roles Server hostname or IP address.

(key: svr)

OUs to list users from

List only those OUs that exist in one or more containers.

(key: listOUs)

Connect to local ARS Server

Connect to ARS server or domain controller. Default is connect to domain controller.

(key: arsonly)

Poll time after create

Time in seconds that the product server will check the Active Roles Server to confirm the new account creation. The default is 5 seconds.

(key: polltime)

Connector fail on invalid user

If the server does not find the new account within the poll time, a message will appear in the system log.

(key: failOnInvalidUser)



The address is entered as follows:

{domain=<domain name>/[;svr=<ARS server name>;][listOUs={<OUs>};][arsonly=true|false;][polltime=<N>;][failOnInvalidUser=true|false]}

Setting the administrator credentials

A One Identity Active Roles target system requires one or two administrative credentials depending on whether the connector accesses Active Roles Server locally or remotely.

  • If the connector accesses an Active Roles Server locally, fox example, the Active Roles Server connector is installed on Active Roles Server via proxy, the Administrator ID should be set to a domain administrator account, using the domain name followed by a backslash, then the domain administrator name, for example:

    domain-name\administrator

  • If the connector accesses an Active Roles Server remotely, two sets of administrator credentials are required:

    • A domain administrator account, which is the same as above. The System password option should be checked.

    • A member of Active Roles Admin account.

Accessing Active Roles Server remotely requires additional configuration on both the Active Roles Server and the Bravura Security Fabric server where the Active Roles connector is installed. See Setting up access to Active Roles Management Shell .

In this section: