Creating Operator Accounts & Enabling Dual Control
By default an "admin" operator account is automatically created when installing ADSS Server for the first time. This admin user is assigned the "administrator" role. For more details on the privileges assigned to the administrator role see the Access Control section. Two other default roles provided within the initial default configuration are “Security Officer” and "Auditor".
Dual control is a security feature of ADSS Server which ensures that at least two operators are required to perform and approve any changes in the system, e.g. the admin user performs the configuration change whilst a separate Security Officer role holder reviews the change before approving (or rejecting) it. The state of the ADSS Server configuration is not changed until an operator with a role of Security Officer has approved it. Although useful in high trust production environments, its use in a test environment will cause testing to take more time as all actions wait to be confirmed by a different Security Officer role. For this reason by default the dual control feature is turned off. To activate dual control the following steps should be performed:
- Login as the default admin user
- Create at least two new operator accounts e.g. Admin_1 who is assigned the Administrator role which has access to various ADSS Server modules for making configuration changes and SO_1 who is assigned the Security Officer role
- Enable Dual Control for the Administrator role from the Access Control > Manage Roles module.
- Logout from ADSS Server Console and re-login for the dual control changes to take into effect.
- Admin_1 can now login to perform configuration changes, whilst SO_1 can login to check and approve the operations being performed by Admin_1
Create further operator accounts and roles as needed. The original default admin account should be replaced with a new certificate. The use of the default admin account is not recommended in normal circumstances. It will only be needed if other operator accounts are deleted or client authentication certificates are expired and access to one or more ADSS Server modules becomes an issue. For high trust environments it is recommended to create and configure a backup token and to hold this in a safe location for emergency use.
See also
Generating a new Operator Certificate
Set-up Emergency Use Admin Accounts