Web Console

The Web Console is a Web-based user interface that provides quick and easy access to many user account, group, computer, resource, and Microsoft Exchange mailbox tasks. You can customize object properties to increase efficiency of routine tasks. You can also manage general properties of your own user account, such as the street address or cell phone number.

The Web Console displays a task only if you have the power to perform that task.

Starting the Web Console

You can start the Web Console from any computer running Internet Explorer. To start the Web Console, specify the appropriate URL in your Web browser address field. For example, if you installed the Web component on the HOUserver computer, type https://HOUserver.entDomain.com/draclient in the address field of your Web browser.

To display the most current account and Microsoft Exchange information in the Web Console, set your Web browser to check for newer versions of cached pages at every visit.

DRA Server Connection

You can use one of the three option to log in to the Web Console. The behavior for each option, when logging in, is described in the following table:

Login Screen - Options

Connection Option Descriptions

Use automatic discovery

Finds a DRA server automatically; no configuration options are available

Connect to the default DRA server

The pre-configured server and port details are used.

This option is displayed only when you have configured the default DRA server in the Web Console. Also, if you specify that the client must always connect to the default DRA server, you can view only the Connect to the default DRA server option on the login screen.

Connect to a specific DRA server

The user configures the server and port

Connect to a DRA server that manages a specific domain

The user provides a managed domain and chooses a connection option:

  • Use automatic discovery (in the domain provided)

  • Primary server for this domain

  • Search for a DRA server (in the domain provided)

Configuring the Web Console

If you have DRA Administration powers, you can configure Advanced Authentication, client branding and session settings, and all the required server connections for the Web Console. To access any of these settings, log in to the Web Console and navigate to Administration > Configuration.

The Administration tab in the masthead will not display if you do not have the required administrative powers.

Advanced Authentication

Advanced Authentication lets you move beyond a simple user name and password to a more secure way of protecting sensitive information by using multi-factor authentication. Multi-factor authentication is a method of computer access control that requires more than one method of authentication from separate categories of credentials to verify a user's identity.

After the DRA Administrator configures chains and events, if you have the required powers, you can log into the Web Console and enable Advanced Authentication. Once authentication is enabled, every user will be required to authenticate through Advanced Authentication before being given access to the Web Console.

To enable Advanced Authentication, select Advanced Authentication from the Configuration tab, click Enable Advanced Authentication, and configure the form according to the instructions provided for each field.

For more information about Advanced Authentication, see “Authentication” in the DRA Administrator Guide.

Web Console Branding

You can customize the login screen and the masthead of the DRA Web Console, as follows:

  • Masthead: This is the high-level navigation bar at the top of the Web Console after logging in.

    • Logo image or alternate text: Displays on the far left of the masthead bar. You can display a logo image or alternate text, but not both.

    • Masthead color: Overlays the entire masthead with this color, except for the logo image area.

  • Themed login screen: How the login page appears when accessing the Web Console URL in your browser. The DRA theme is configured and enabled by default.

    • Logo image or alternate text: Displays above the product title and credential fields. You can display a logo image or alternate text, but not both.

    • Application title: Displays between the credential fields and logo image.

    • Notification modal: This is a message box that overlays and obscures the login page until the user clicks OK. It is typically used to inform the user that access to the console implies consent to follow a company security policy. Once enabled, all users who access the Web Console will get the prompt.

Configure the Masthead

To configure the masthead:

  1. Log in to Web Console, and navigate to Administration > Configuration > Branding.

  2. Do one of the following. If you add both text and an image file, only the image will be displayed.

    • Update the Logo Image:

      1. Add the saved image file name, including the file extension in the Logo Image field of the Masthead tile.

      2. Save the logo image in the “assets” directory on the web server. For example:

        C:\inetpub\wwwroot\DRAClient\assets

        The optimal image size is 56x56 pixels.

    • Type or overwrite existing text in the Logo Image Alternate Text field of the Masthead tile, as required.

  3. Click Save at the bottom of the page to complete the configuration changes.

Configure the Login Screen

The procedure below provides information for modifying all three configurable options, the company logo, application title, and notification modal. You can modify one, two, or all three of these options.

To change the default theme in the Login screen:

  1. Save your company logo in the “assets” folder on the web server. For example:

    C:\inetpub\wwwroot\DRAClient\assets

    The optimal image size is 115x28 pixels.

  2. Log in to Web Console, and navigate to Administration > Configuration > Branding.

  3. Replace the file name in the Company Logo Image field of the Login tile with the name of the saved image file, including the file extension.

  4. Modify the text in the Application Title field, as applicable.

  5. Click Show a notification modal at login to enable this setting, and type a title for the notification prompt. Type or paste the content of the message you want the users to see in the Content field. For example:

    You are logging into a secure network. By logging into this system you consent to abide by the company's security policies for network access.

  6. Select the style for the message. The style changes the image flag that is attached to the message box (shown below). If desired, you can click Preview to see how the message will be displayed.

    login_modal_info Information

    login_modal_error Error

    login_modal_warning Warning

    login_modal_question Question

  7. Click Save at the bottom of the page to complete the configuration changes.

Client Session Settings

In Client Session Settings, you can define a time increment for the Web Console to log out automatically after inactivity or set it to never log out automatically.

To configure Auto Logout in the Web Console, navigate to Administration > Configuration > Client Session Settings. Enable the automatic logout feature with the toggle switch and if needed, modify the setting for the inactivity duration, in minutes.

Server Connection

When accessing the login page for the Web Console in your browser, there are Options settings that you can configure to define how you connect to DRA. These settings are also located via the Server Connection option in the user profile menu of the Web Console. The service port for the DRA Server has the default setting of 8775. You can set a new default for the DRA Server in the user profile or login screen Options when no default is enabled. The connection settings for the Server Connection configuration are retained with your Windows user profile.

Information about the settings you can modify from the Server Connection configuration, either from the Options menu on the login screen or the user profile menu after logging in, is provided below:

DRA Server Settings

Description

Use automatic discovery

Finds a DRA server automatically; no configuration options are available

Connect to the default DRA Server

(Only displayed if the default is enabled in the Server Connection configuration)

Uses the default setting from the Server Connection configuration (when enabled); no configuration options are available

Connect to a specific DRA server

The user configures the server and port

If desired, you can configure a default location, server and domain, for the DRA Server from the Server Connection configuration in the Web Console.

To enable default settings, log in to the Web Console and navigate to Administration > Configuration > DRA Server Connection. Enable the connection settings that you want to use and click Save.

DRA Server Connection

The configuration for the DRA Service connection includes setting a default server location, modifying the port (if needed), and a connection timeout, in seconds. You can also disable the setting with the toggle switch.

When providing the DRA Server location, use the format shown in the example below:

ServerName.DomainName.com

Customizing the Web Console

You can customize object properties in the Web Console. When implemented correctly, property customizations will help to automate tasks with object management.

Customizing Property Pages

If you have DRA Administration powers, you can customize the object property forms that you use in your Active Directory management role by object type. This includes creating and customizing new object pages that are based on object types that are built into DRA. You can also modify properties for the built-in object types.

Property objects are clearly defined in the Property Pages list in the Web Console so you can easily identify which object pages are built-in, which built-in pages are customized, and which pages are not built-in and were created by an administrator.

Customizing an Object Property Page

You can customize object property forms by adding or removing pages, modifying existing pages and fields, and by creating custom handlers for property attributes. The custom handlers on a field are executed whenever that field's value is modified. The timing can be configured as well, so the administrator can specify if the handlers should be run immediately (on every key press), when the field loses focus, or after a specified time delay.

The object list in Property Pages provides operation types for each object type, Create Object and Edit Properties. These are the principal operations your assistant administrators perform in the Web Console. They perform these operations by navigating to Management > Search or Advanced Search. Here they can create objects from the Create pull-down menu or edit existing objects selected in the search results table through the Properties icon

To customize an object property page in the Web Console:

  1. Log in to the Web Console with DRA Administration privileges.

  2. Navigate to Administration > Customization > Property Pages.

  3. Select an object and operation type (Create Object or Edit Object) in the Property Pages list.

  4. Click the Properties icon edit_button .

  5. Customize the object property form by doing one or more of the following, and then apply your changes:

    • Add a new property page: + Add Page

    • Reorder and delete property pages

    • Select a property page and customize the page:

      • Reorder configuration fields on the page: reorder_button

      • Edit fields or subfields: edit_button

      • Add one or more fields: add_button or Insert a new Field

      • Remove one or more fields: delete_button

    • Create custom handlers for properties by using scripts, message boxes, or queries (LDAP, DRA, or REST)

      For more information about using custom handlers, see “Adding Custom Handlers”, in the DRA Administrator Guide.

Creating a New Object Property Page

To create a new object property page:

  1. Log in to the Web Console with DRA Administration powers, and navigate to Administration > Customization > Property Pages, and click add_button Create.

  2. Create the initial object properties form by defining its name, icon, object type, and operation configuration.

    After clicking OK, Create actions are added to the Create drop-down menu while Property actions display in object form when the user selects and edits an object from the search list.

  3. Customize the new form as required. See Customizing an Object Property Page.

Managing Objects in the Web Console

You manage objects in the Web Console by navigating to the Management masthead. From here, you can search by object type for objects in managed domains, Entra ID tenants, containers, and the Recycle Bin. Within a domain or Entra ID tenant, you can manage and take actions on Active Directory and Entra ID Active Directory objects using DRA.

If you select an object in the search results list, all applicable actions that you can take on that object are available on the taskbar above the grid. The options available are based on the object type selected, the components currently configured for DRA, and your assigned administrator privileges.

To edit an object’s properties, mouse over the object and click the Properties icon edit_button that appears on the object row. From here, you can access all the object’s Properties pages in the left navigation pane.

If you want to protect an object from accidental deletion, scroll to the bottom of the General Properties page, select the check box to enable this feature, and Apply the changes.

For more information about actions you can take on objects, see the following topics:

Generating Change History Reports

If Change History is configured by your DRA Administrator and you have the Generate UI Reports power, you can generate change history reports, and export reports for managed objects in DRA. This includes changes made in DRA and outside of DRA. You can only generate change history reports from the Web Console, which includes the following types of reports:

  • Changes made by the user

  • Changes made to the user

  • User mailboxes created by the user

  • User mailboxes deleted by the user

  • Group and contact email addresses established by the user

  • Group and contact email addresses deleted by the user

  • Virtual attributes created or disabled by the user

  • Objects moved by the user

To generate Unified Change History (UCH) reports:

  1. Launch the Web Console.

  2. Go to Management > Search.

  3. Define the search criteria using the Search by, search term, OBJECTS, and SCOPE options.

  4. Click the Search button to display the search results.

  5. Select the objects for which you want to generate reports.

  6. Click the View Change History Reports icon change_history_icon .

    In the Unified Change History Report form, you can edit and generate your report criteria from the Type, Target object(s), Date Range, and Maximum Rows options, to include defining the servers where the changes are detected (DRA and Change Guardian).

  7. Click Generate to fetch audit data and to generate a UCH report.

  8. You can sort and export the report into a required format such as CSV and HTML.

To create a CSV file of the displayed report, you can export all of the changes generated or just those displayed on the current page, by executing one of the following options after generating the report using the steps above:

  • Click Export All export_all and save the exported report.

  • Click Export Current Page export_current_page and save the exported report.

    If needed, you change the number of changes that show on the page, up to 200 items.

Using Workflow Automation

Using Workflow Automation you can automate IT processes by launching workflow forms that run on the execution of a workflow or when triggered by a named workflow event that is created in the Workflow Automation server.

Workflow forms, when created or modified, are saved to the Web Server. When you log on to the Web Console for this server, you will have access to the forms based on delegated powers and how the forms are configured. Forms are generally available to all users with web server credentials. The capability to submit the form requires appropriate powers.

Launching a workflow form: Workflows are created in the Workflow Automation Server, which must be integrated with DRA via the Web Console. To save a new form, you must have either the Launch Specific Workflow or Trigger Workflow by Event option configured in the form properties. More information about these options is provided below:

  • Launch Specific Workflow: This option lists all the available workflows that are in production in the Workflow Server for DRA. For the workflows to populate in this list, they need to be created in the DRA_Workflows folder in the Workflow Automation server.

  • Trigger Workflow by Event: This option is used to execute workflows with pre-defined triggers. The workflows with triggers are also created in the Workflow Automation server.

Only workflow forms configured with Launch Specific Workflow will have an execution history that can be queried in the main search pane under Tasks > Requests.

More information about Workflow Automation is included in the following guides on the DRA documentation site:

  • DRA Administrator Guide

  • WFA Administrator Guide

  • WFA User Guide

  • WFA Process Authoring Guide