Managing Security Domains

You can add new security domains, repair or delete previously created domains in your deployment.

You can also activate the RADIUS Front End services on a security domain.

Important: Managing security domain are critical operations as:
  • Adding or deleting a security domain interrupts service (as applications will be restarted), and can adversely impact the backup process.
  • Adding a security domain modifies the database.

Add a Security Domain

Important: Adding a Security Domain causes an interruption of service.

When you create a new security domain, it adds a new set of data to your deployment.

This data is specific to your domain and is defined by the dataset you chose when creating the domain (for example, the default users and permissions included in the dataset).

Prerequisites: For deployments with an external HSM, you must have created the correct IdP keys and certificates for your domain on the external HSM.
  1. Log on to the ActivID Console and, under Configuration in the left menu, select Security Domains.

  2. To add a security domain, click Add.

  3. Enter the Domain Name, select the Dataset from the drop-down list and, optionally, enter a Description.
    Important: You must apply the following rules when creating the domain name:
    • Must contain alphanumeric characters
    • Must not contain any of the special ! # % & ( ) + " ' < > ? * - _ characters
    • Must not start with a numerical character
    • Must be a maximum of 20 characters
    • Must not be a variation of an existing security domain name using a different case for one or more characters (for example, do not use Onlinebank when ONLINEBANK already exists)
    • Oracle reserved keywords are not allowed (that is “SELECT”, “ONLINE”, etc.)
  1. Enter and confirm the password for the ActivID Initialization User (ftinit) for the domain.
    Important:  

    • This user is the pre-defined administrator account for the security domain.

      Make sure you keep a record of the password

    • The password must:

      • Contain at least one alphabetic and one numeric character

      • Contain at least 3 different characters

      • Be a maximum of 20 characters

      • Be a minimum of 10 characters

      • Be different from any previous password

      • Not contain blacklisted or user-related words

      • Not be a sequence of letters or numbers

      • Not be password01

  2. Then click Add.

  3. Repeat the previous step to create additional domains.

    4. You can create up to 10 domains at the same time.

  4. Then click Save.

  5. Click Done when the creation process is complete.

The new security domains are now available in the Domain drop-down list on the login pages of the ActivID Appliance portals.

Repair a Security Domain

The Security Domain repair function allows recovering the ActivID Appliance Node System User, Administrators (ftadmin and ftinit) or the SAML Configuration.

Prerequisites: To recover the System User and SAML Configuration, you must know the password for the security domain’s ftinit user.
  1. Log on to the ActivID Console and, under Configuration in the left menu, select Security Domains.

  2. Click Repair for the required security domain.

  3. Select the required System Recovery option and click Start:
    • Recover the System User - to repair the domain’s system user and renew the user’s self-signed certificates and keys:

    1. Enter the password for the domain’s ftinit user.
    2. Click Recover.
    • Recover the ActivID AS Administrators - to repair the domain’s administration users (ftadmin and ftinit):

    1. Enter and confirm a password for the domain’s ftadmin user.
    2. Enter and confirm a password for the domain’s ftinit user.
    3. Click Recover.
    • Recover the SAML Configuration - to repair the configuration of the domain’s applications:

    1. Enter the password for the domain’s ftinit user.
    2. Click Recover.
  1. Click Done when the recovery is complete.
  2. Restart the applications.

Activate the RADIUS Front End on Security Domains

Prerequisites: The ActivID RADIUS Front End application is installed on the appliance.

You can activate the ActivID RADIUS Front End services on one or multiple security domains.

  1. Log on to the ActivID Console and, under Configuration in the left menu, select RADIUS Front End.

  2. Select the domain(s) on which you want to activate the RADIUS Front End services, and click Activate on domain(s).

  3. Click Ok.

Note: To deactivate the services, select the required domain(s) and click Deactivate on domain(s).

Delete a Security Domain

Important: Deleting a domain deletes all the data associated with the Security Domain, and causes an interruption of service.
  1. Log on to the ActivID Console and, under Configuration in the left menu, select Security Domains.

  2. Select the domain(s) to be deleted, and then click Delete.

  3. Click Ok.