This discussion has been locked.

You can no longer post new replies to this discussion. If you have a question you can start a new discussion

1IM service account permissions required in the DA Domain when using Active Roles?

[1IM 6.1.4, Active Roles 6.9, SQL DB, Windows 2012 R2 servers]

Does the 1IM service account (used to run the job server service) need or require domain admin permissions if using Active Roles to connect to the domain?

We are using Active Roles and our 1IM service account doesn't have domain admin or domain enterprise admin permissions, just a few Active Roles security groups.

I am wondering, if My system is missing something if the service account doesn't have the higher permissions?

Thanks, Todd Fendt

Troy Grandy over 6 years ago

The 7.1.2 guide says this:

The following access templates are suggested for delegating permissions:
l All Objects - Read All Properties
l All Objects - Full Control
One Identity Manager works without controlling Active Roles workflows. To avoid existing Active Roles
workflows, you must add the user account to the Active Roles administrators group. This group is created
during Active Roles installation. The name of the group is saved in the registry database under:
l Registration key: HKEY_Local_Machine\Software\Aelita\Enterprise Directory Manager
l Value: DSAdministrators

support.oneidentity.com/.../2

I can't see 6.1.x being much different
Cancel
Up 0 Down

Cancel

Endpoint Privilege Management

1IM service account permissions required in the DA Domain when using Active Roles?