2.1 Web Console

The Web Console is a Web-based user interface that provides quick and easy access to many user account, group, computer, resource, and Microsoft Exchange mailbox tasks. You can customize object properties to increase efficiency of routine tasks. You can also manage general properties of your own user account, such as the street address or cell phone number.

The Web Console displays a task only if you have the power to perform that task.

2.1.1 Starting the Web Console

You can start the Web Console from any computer running Internet Explorer. To start the Web Console, specify the appropriate URL in your Web browser address field. For example, if you installed the Web component on the HOUserver computer, type https://HOUserver.entDomain.com/draclient in the address field of your Web browser.

NOTE:To display the most current account and Microsoft Exchange information in the Web Console, set your Web browser to check for newer versions of cached pages at every visit.

2.1.2 Configuring the Web Console

If you have DRA Administration powers, you can configure Advanced Authentication, client branding and session settings, and all the required server connections for the Web Console. To access any of these settings, log in to the Web Console and navigate to Administration > Configuration.

NOTE:The Administration tab in the masthead will not display if you do not have the required administrative powers.

Advanced Authentication

Advanced Authentication lets you move beyond a simple user name and password to a more secure way of protecting sensitive information by using multi-factor authentication. Multi-factor authentication is a method of computer access control that requires more than one method of authentication from separate categories of credentials to verify a user's identity.

After the DRA Administrator configures chains and events, if you have the required powers, you can log into the Web Console and enable Advanced Authentication. Once authentication is enabled, every user will be required to authenticate through Advanced Authentication before being given access to the Web Console.

To enable Advanced Authentication, select Advanced Authentication from the Configuration tab, click Enable Advanced Authentication, and configure the form according to the instructions provided for each field.

For more information about Advanced Authentication, see Authentication in the DRA Administrator Guide.

Web Console Branding

You can customize the login screen and the masthead of the DRA Web Console, as follows:

  • Masthead: This is the high-level navigation bar at the top of the Web Console after logging in.

    • Logo image or alternate text: Displays on the far left of the masthead bar. You can display a logo image or alternate text, but not both.

    • Masthead color: Overlays the entire masthead with this color, except for the logo image area.

  • Themed login screen: How the login page appears when accessing the Web Console URL in your browser. The DRA theme is configured and enabled by default.

    • Logo image or alternate text: Displays above the product title and credential fields. You can display a logo image or alternate text, but not both.

    • Application title: Displays between the credential fields and logo image.

    • Notification modal: This is a message box that overlays and obscures the login page until the user clicks OK. It is typically used to inform the user that access to the console implies consent to follow a company security policy. Once enabled, all users who access the Web Console will get the prompt.

Configure the Masthead

To configure the masthead:

  1. Log in to Web Console, and navigate to Administration > Configuration > Branding.

  2. Do one of the following. If you add both text and an image file, only the image will be displayed.

    • Update the Logo Image:

      1. Add the saved image file name, including the file extension in the Logo Image field of the Masthead tile.

      2. Save the logo image in the assets directory on the web server. For example:

        C:\inetpub\wwwroot\DRAClient\assets

        The optimal image size is 56x56 pixels.

    • Type or overwrite existing text in the Image Alternate Text field of the Masthead tile, as required.

  3. Click Save at the bottom of the page to complete the configuration changes.

Configure the Login Screen

The procedure below provides information for modifying all three configurable options, the company logo, application title, and notification modal. You can modify one, two, or all three of these options.

To change the default theme in the Login screen:

  1. Save your company logo in the assets folder on the web server. For example:

    C:\inetpub\wwwroot\DRAClient\assets

    The optimal image size is 115x28 pixels.

  2. Log in to Web Console, and navigate to Administration > Configuration > Branding.

  3. Replace the file name in the Company Logo Image field of the Login tile with the name of the saved image file, including the file extension.

  4. Modify the text in the Application Title field, as applicable.

  5. Click Show a notification modal at login to enable this setting, and type a title for the notification prompt. Type or paste the content of the message you want the users to see in the Content field. For example:

    You are logging into a secure network. By logging into this system you consent to abide by the company's security policies for network access.

  6. Select the style for the message. The style changes the image flag that is attached to the message box (shown below). If desired, you can click Preview to see how the message will be displayed.

    Information

    Error

    Warning

    Question

  7. Click Save at the bottom of the page to complete the configuration changes.

Client Session Settings

In Client Session Settings, you can define a time increment for the Web Console to log out automatically after inactivity or set it to never log out automatically.

To configure Auto Logout in the Web Console, navigate to Administration > Configuration > Client Session Settings. Enable the automatic logout feature with the toggle switch and if needed, modify the setting for the inactivity duration, in minutes.

Server Connections

When accessing the login page for the Web Console in your browser, there are Options settings that you can configure to define how you connect to DRA. These settings are also located via the Server Connection option in the user profile menu of the Web Console. The service ports for the REST Server and the DRA Server have default settings of 8775 and 11192, respectively. You can set new defaults for these in the Server Connections configuration or update them from the profile or login screen Options when no default is enabled. The connection settings for the Server Connection configuration are retained with your Windows user profile.

Information about the settings you can modify from the Server Connection configuration, either from the Options menu on the login screen or the user profile menu after logging in, are provided below:

REST Server Settings

Description

Use automatic discovery

Finds a REST server automatically; no configuration options are available

Connect to the default REST Server

(Only displayed if the default is enabled in the Server Connections configuration)

Uses the default setting from the Server Connections configuration (when enabled); no configuration options are available

Connect to a specific REST server

The user configures the server and port

Connect to a REST server in a specific domain

The user provides a managed domain and chooses a connection option:

  • Use automatic discovery (in the domain provided)

  • Primary server for this domain

  • Search for a REST server (in the domain provided)

DRA Server Settings

Description

Use automatic discovery

Finds a DRA server automatically; no configuration options are available

Connect to the default DRA Server

(Only displayed if the default is enabled in the Server Connections configuration)

Uses the default setting from the Server Connections configuration (when enabled); no configuration options are available

Connect to a specific DRA server

The user configures the server and port

Connect to a DRA server in a specific domain

The user provides a managed domain and chooses a connection option:

  • Use automatic discovery (in the domain provided)

  • Primary server for this domain

  • Search for a DRA server (in the domain provided)

If desired, you can configure a default location, server and domain, for the REST Server, the DRA Server, or both, from the Server Connections configuration in the Web Console.

To enable default settings, log in to the Web Console and navigate to Administration > Configuration > Server Connections. Enable the connection settings that you want use and click Save.

REST Server Connection

The configuration for the REST Service connection includes setting a default server location, modifying the port (if needed), and a connection timeout, in seconds. You can also disable both settings with the toggle switch.

When providing the REST Server location, use the format shown in the example below:

ServerName.DomainName.com

DRA Server Connection

The configuration for the DRA Service connection includes setting a default server location and modifying the port (if needed). You can also disable the setting with the toggle switch.

When providing the DRA Server location, use the format shown in the example below:

ServerName.DomainName.com

2.1.3 Customizing the Web Console

You can customize object properties in the Web Console. When implemented correctly, property customizations will help to automate tasks with object management.

Customizing Property Pages

If you have DRA Administration powers, you can customize the object property forms that you use in your Active Directory management role by object type. This includes creating and customizing new object pages that are based on object types that are built into DRA. You can also modify properties for the built-in object types.

Property objects are clearly defined in the Property Pages list in the Web Console so you can easily identify which object pages are built-in, which built-in pages are customized, and which pages are not built-in and were created by an administrator.

Customizing an Object Property Page

You can customize object property forms by adding or removing pages, by modifying existing pages and fields, and by creating custom handlers for property attributes. The custom handlers on a field are executed whenever that field's value is modified. The timing can be configured as well, so the administrator can specify if the handlers should be run immediately (on every key press), when the field loses focus, or after a specified time delay.

The object list in Property Pages provides operation types for each object type, Create Object and Edit Properties. These are the principal operations your assistant administrators perform in the Web Console. They perform these operations by navigating to Management > Search or Advanced Search. Here they can create objects from the Create pull-down menu or edit existing objects selected in the search results table through the Properties icon.

To customize an object property page in the Web Console:

  1. Login to the Web Console with DRA Administration privileges.

  2. Navigate to Administration > Customization > Property Pages.

  3. Select an object and operation type (Create Object or Edit Object) in the Property Pages list.

  4. Click the Properties icon .

  5. Customize the object property form by doing one or more of the following, and then applying your changes:

    • Add a new property page: + Add Page

    • Reorder and delete property pages

    • Select a property page and customize the page:

      • Reorder configuration fields in the page:

      • Edit fields or subfields:

      • Add one or more fields: or Insert a new Field

      • Remove one or more fields:

    • Create custom handlers for properties by using scripts, message boxes, or queries (LDAP, DRA, or REST)

      For more information about using custom handlers, see Adding Custom Handlers, in the DRA Administrator Guide.

Creating a New Object Property Page

To create a new object property page:

  1. Login to the Web Console with DRA Administration powers, and navigate to Administration > Customization > Property Pages, and click Create.

  2. Create the initial object properties form by defining its name, icon, object type, and operation configuration.

    After clicking OK, Create actions are added to the Create drop-down menu while Property actions display in object form when the user selects and edits an object from the search list.

  3. Customize the new form as required. See Customizing an Object Property Page.

2.1.4 Managing Objects in the Web Console

You manage objects in the Web Console by navigating to the Management masthead. From here, you can search by object type for objects in domains, containers, and the Recycle Bin. With a domain, container, or OU selected, you can also create new objects, add and remove members from groups, and move objects.

If you select an object in the search results list, all applicable actions that you can take on that object are available on the taskbar above the grid. The options available are based on the object type selected, the components currently configured for DRA, and your assigned administrator privileges.

To edit an object’s properties, mouse over the object and click the Properties icon that appears on the object row. From here, you can access all the object’s Properties pages in the left navigation pane.

IMPORTANT:If you want to protect an object from accidental deletion, scroll to the bottom of the General Properties page, select the check box to enable this feature, and Apply the changes.

For more information about actions you can take on objects, see the following topics:

2.1.5 Generating Change History Reports

If Change History is configured by your DRA Administrator and you have the Generate UI Reports power. You can generate change history reports for managed objects in DRA. This includes changes made in DRA and outside of DRA. You can only generate change history reports from the Web Console.

To generate Unified Change History (UCH) reports:

  1. Launch the Web Console.

  2. Go to Management > Search.

  3. Define the search criteria using the Search by, search term, and Filters options.

  4. Click the Search button to display the search results.

  5. Select the objects for which you want to generate reports.

  6. Click the View Change History Reports icon .

    In the Unified Change History Report form, you can edit and generate your report criteria from the Type, Target object(s), and Filters options, to include defining the servers where the changes are detected (DRA and Change Guardian).

  7. Click Generate to fetch audit data and to generate a UCH report.

  8. You can sort and export the report into a required format such as CSV and HTML.

Generate and Export a User’s Change History

You can use the Web Console to view and export a history of the changes made to or by a user, which includes the following types of reports:

  • Changes made by the user

  • Changes made to the user

  • User mailboxes created by the user

  • User mailboxes deleted by the user

  • Group and contact email addresses established by the user

  • Group and contact email addresses deleted by the user

  • Virtual attributes created or disabled by the user

  • Objects moved by the user

To view or generate the Change History report:

  1. Start the Web Console.

  2. Search for the user whose history you want to view.

  3. Click the View Change History Reports icon.

  4. Select the type of change required from the Type pull-down menu, and define the Filters criteria.

  5. Click Generate.

  6. To create a CSV file of the displayed report, you can export all of the changes generated or just those displayed on the current page, by executing one of the following options:

    • Click Export All and save the exported report.

    • Click Export Current Page and save the exported report.

      If needed, you change number of changes that show on the page, up to 200 items.

2.1.6 Using Workflow Automation

Using Workflow Automation, you can automate IT processes by launching workflow forms that run on execution of a workflow or when triggered by a named workflow event that is created in the Workflow Automation server.

Workflow forms, when created or modified, are saved to the Web Server. When you log on to the Web Console for this server, you will have access to the forms based on delegated powers and how the forms are configured. Forms are generally available to all users with Web server credentials. The capability to submit the form requires appropriate powers.

Launching a workflow form: Workflows are created in the Workflow Automation Server, which must be integrated with DRA via the Web Console. In order to save a new form, you must have either the Launch Specific Workflow or Trigger Workflow by Event option configured in the form properties. More information about these options is provided below:

  • Launch Specific Workflow: This option lists all the available workflows that are in production in the Workflow Server for DRA. For the workflows to populate in this list, they need to be created in the DRA_Workflows folder in the Workflow Automation server.

  • Trigger Workflow by Event: This option is used to execute workflows with pre-defined triggers. The workflows with triggers are also created in the Workflow Automation server.

NOTE:Only workflow forms configured with Launch Specific Workflow will have an execution history that can be queried in the main search pane under Tasks > Requests.

More information about workflow automation is included in the DRA Administrator Guide.