Access Manager: Connecting to multiple on-premise and cloud systems

system
This article is marked as obsolete.

In many network environments it is not uncommon for organisations to have multiple user accounts across several different systems, for example many organisations have an Active Directory for the main user base for users to access their desktop machines, in addition some larger organisations will have a forest with several child domains, or even disparate Active Directories located in different states and countries.

Many technology companies have Linux or Solaris based systems for support or payroll because of their stability; staff and students also have accounts for cloud systems such as Office 365 or Google Applications as well all resulting in a massive user and account sprawl.

Nervepoint Access Manager helps manage this web of accounts by connecting to each of these systems all at the same time and offering users or admins to link these disparate accounts together providing a single user account to have control over all accounts. In this article we will explain how to configure this.

 

In our example network we are using Active Directory, there are also two Linux Servers with SSH Databases and one Google Apps database, each of these contains an account for the same user. We will group these together allowing user to manage all of their own users through a single account. To begin, choose the main database that users will be using, this will probably be the largest user database, in this case it is the Active Directory which was configured during installation.

 

The three additional databases will all need to be added to Access Manager as new directories, during the directory creation you will be presented with an option for the type of directory that is being created, each of these should be set as Secondary directories.

 

Once a secondary directory has been created it is possible to begin linking accounts between the Primary and Secondary directories. Account Linking can be performed by the admin or users from Administrator or Helpdesk level directories, or by the users themselves. To link accounts as an administrator user go to the Identities page.

 

Select a user that you wish to link with another account and select the Linked Accounts tab. You will be prompted to select one of the other directories that is not of the same level, if you select an account in a Primary directory then you will be given options from Administrator, Helpdesk, and Secondary directories. Select the directory of the account you are linking to, the Link option will now be enabled. Select this and a popup window will prompt you to enter the username of the account to be linked, select the Link option to confirm the action. Users can also do this themselves through their own Account pages

 

Repeat this process for each account that should be linked to the Primary Account user, in this case I have the Active Directory user linked to the two Unix Server users and the Google Apps user. This Primary Account will now be able to manage all 4 of these users either as a group or individually.

 

 

Login to the user's Primary Account You can see the accounts that have been linked under the Linked Accounts tab. On the Dashboard you can see the control over each account from the Change Password section, a new dropdown field is available that allows you to choose if you wish to apply a password change to all accounts or just one a specific account.

 

Accessing the Password Reset function, login with the Primary Account and proceed through authentication. On the Password Reset page you will once again see the option to select the account that is to be updated, in this case we will reset the password for all accounts.

 

As the Password Reset progresses it will set the password on each account to the new password that was provided. If the user chooses to change the password for a single account then only that account will be changed.

 

In addition to this user accounts can be linked transparently. This will not notify users that they have linked accounts and can be configured in environments where additional user databases are configured without users being aware.