Enabling Dual Control
To enable the dual control, Follow these steps:
- Launch ADSS Server admin console in a web browser.
- Navigate to Access Control > Roles module
- Create a new role in Access Control module with module Approval Manager enabled in it. You can also use the Security Officer role which is created as part of the ADSS Server installation if you do not wish to create a new role. Following screenshot details about creating the new role for dual control:
- Create a new operator using this role. Click here for more details about creating a new operator.
- Edit the role against the operator for which you want to enable the approval manager. e.g. Go>Sign Service as show in the following screenshot:
- Logout from the ADSS Server Console so that changes can take into effect.
- Re-login to the ADSS Server Console.
- Make any change in the modules for which dual control in enabled. When you will Add/Update or Delete anything then following message will be shown:
- Log-in to the ADSS Server Console using the security officer certificate
- Click the Approval Manager module
- You will see the requests that are waiting for approval and you can accept or reject accordingly.
- Once you approved or reject the pending approval then following message will be shown:
Before enabling dual control ensure that at least one operator exists with access to the Approval Manager module and also the issuer of this operator's TLS client certificate is registered in Trust Manager. When Dual Control is already enabled then the Security Officer must approve the creation of new operators before these newly generated operators can login. |
See also