Creating Operator Accounts & Enabling Dual Control
By default an "admin" operator account is automatically created when installing ADSS Server for the first time. This admin user is assigned the "administrator" role. For more details on the privileges assigned to the administrator role see the Access Control section. Two other default roles provided within the initial default configuration are “Security Officer” and "Auditor".
Dual control is a security feature of ADSS Server which ensures that at least two operators are required to perform and approve any changes in the system, e.g. the admin user performs the configuration change whilst a separate Security Officer role holder reviews the change before approving (or rejecting) it. The state of the ADSS Server configuration is not changed until an operator with a role of Security Officer has approved it. Although useful in high trust production environments, its use in a test environment will cause testing to take more time as all actions wait to be confirmed by a different Security Officer role. For this reason by default the dual control feature is turned off. To activate dual control the following steps should be performed:
Create further operator accounts and roles as needed. The original default admin account should be replaced with a new certificate. The use of the default admin account is not recommended in normal circumstances. It will only be needed if other operator accounts are deleted or client authentication certificates are expired and access to one or more ADSS Server modules becomes an issue. For high trust environments it is recommended to create and configure a backup token and to hold this in a safe location for emergency use.