Accessing Archer when Active Directory is down
Our Production and Non-Production environments are all through SaaS, and we have recently implemented SSO. Obviously with that - our end users' access into Archer leverages their network credentials through AD, and they no longer maintain separate Archer credentials. We are in the process of writing our business continuity plans (which by the way - also reside in Archer), and I am looking for advice as to how end users can access Archer if our network / AD is down. What are others doing?
- accessing archer during diaster
- Community Thread
- Forum Thread
- RSA Archer
- RSA Archer Suite
- rsa archer with sso
We are also SaaS, using SSO. We built a manual DR process - in the event that our network is down and we needed to access our BC Plans, our Administrators have a separate manual log-in for the User Import Utility tool. We run a report out of Archer Quarterly to identify users who would need to access their plans and store that data on a secured jump drive. In the event the network is down, we can use the User Import Utility tool to reset their passwords for a manual log in, thus enabling them to access the system off network. I hope this helps!
Thank you Leah. Unfortunately we have found the User Load Utility tool no longer works for us. We've been told its not supported by RSA Archer, and it stopped working after one of the recent platform upgrades. Possibly there's something new that we are not aware of.
Though you're comments have helped me to formulate some new thoughts about manually resetting end user's passwords utilizing a Non-AD user account (such as our testuser accounts), as long as it has a role that permits Access Rights Administration. Though this solution would not be immediate, manual, and very time consuming (not ideal). Communication would also be a challenge, as we would have to inform the end users of the URL path (it would be different not going through SSO), and what their credentials are (username, password, instance number).
I have heard the same in regards to the utility being unsupported. I believe it still works in our instance, but I would need to confirm. We transferred Access as well as this DR process to another internal team last year. It's my understanding they are still executing quarterly tests but that may have changed.
As for the communication piece, we are using Everbridge to communicate to the end users the URL, user ID and credentials. Our Archer contact and role data are synced with Everbridge - but the notification piece is executed manually at this time.
We had a discussion with a RSA rep today because we´re looking for a solution that automatically forwards requests to the manual login page if the user isn´t set up for Windows authentication. I believe this might be of help for you as well though it doesn´t solve the problem of the local account creation. I´ll let you know as soon as we know more.
These tools are used for the testing purposes and it is not supported but you can engage the Professional Service to assist with that. I would recommend to contact your Account Manager to engage Professional Services to develop a solution to meet your requirements.