Idenprotect Core Platform Quick Start Guide

From iDENprotect Knowledge Base
Jump to: navigation, search

Introduction

This quick start guide is a high-level guide to help you get the idenprotect Core Platform application up and running quickly. Links will be provided throughout this article to more in-depth documentation if you require it for any particular steps.

Alternatively, for a full in-depth guide, please Start Here - idenprotect Core Platform


Steps to install the idenprotect Core Platform


Quick Start Wizard

The Quick Start Wizard is designed to help you do the basic configuration for a standard set up where all idenprotect applications are installed on to the same server. By default, when all applications are on the same server, the idenprotect User Portal is automatically set up as the first Service Provider and the Quick Start Wizard will help you to configure the server, enroll your first device and authenticate using the idenprotect Authentication Portal to the idenprotect User Portal. This article assumes that this is all set up on the same server, if you wish to install on a different server, please refer to the main guide which will give you the detailed configuration information.

Note that in order to complete every step of the Quick Start Wizard, you will need to have installed the idenprotect Core Platform, the idenprotect Authentication Portal and the idenprotect User Portal. If you need help with those installations, please Start Here - idenprotect Authentication Portal or Start Here - idenprotect User Portal

The Quick Start Wizard is available when arriving on the idenprotect Core Platform dashboard after logging in. If you have closed it and wish to access it again, please go to the Config tab, go to Config Configuration and set Server URL / IP Address to "localhost". When you return to the dashboard it will show again. To see the default login credentials and how to access the idenprotect Core Platform, see First time login and navigation

Step 1 - EULA

The first step is to read and accept the End User Licence Agreement. If you do not accept this, you cannot continue with the wizard.

Wizard Step 1.png

Step 2 - Server URL / IP Address

Next, you should enter either the URL or IP address of the server

Wizard Step 2.png

Step 3 - Uploading a licence

Next, you should browse to and upload your licence. If you do not have one yet, please contact your idenprotect partner or email us at support@idenprotect.com

Wizard Step 3.png

Step 4 - Application type and Certificate Verification

Next, you will need to select your chosen application type and specify whether certificate verification is required. If you do not yet have a valid SSL, we recommend that you switch off the certificate verification until this is available. These settings can be updated later.

Wizard Step 4.png

Step 5 - Testing your set up

In the final step, you can download the mobile application and scan the QR code to begin enrollment with a test account.

Wizard Step 5a.png

Once enrolled, you should restart the User Portal to ensure it has the new settings, you can then test the authentication process with the test account and mobile app. To complete the authentication process you should also restart the idenprotect Core Platform

Wizard Step 5b.png

Post-installation actions

Making configuration changes

To give you flexibility in how you use the idenprotect solution, there are many more configurable settings, these ones just help you get up and running. We advise taking a look through How to make configuration changes.

The idenprotect Core Platform Configuration Screens article gives an overview of each of the Config screens present in the idenprotect Core Platform and has links to the relevant articles.

Alternatively, you can view all of our Configuration articles under the Configuration Category. Note that this also includes configuration articles for our other applications.

Synchronizing users from Active Directory

One of the primary things you may want to do is to create users automatically by synchronizing with Active Directory. To do this, a suitable Active Directory account is required. The idenprotect Core Platform will create an account for all users that are within a specified group so details of this group will also be required. The basic settings are shown below but you should also look at our LDAP Connection Configuration guide.

Go to the Config -> Auth Server -> Ldap Connection Configuration screen and update the following settings

Parameter Name Value
Authentication Password The password of the account being used to read from Active Directory
Authentication User The username of the account being used to read from Active Directory
LDAP Enabled true
LDAP Protocol ldap:// (or ldaps:// if required)
Default Host The IP address or hostname of the domain controller
Connection Type real
User Sync Enabled true

Go to the Config -> Auth Server -> Ldap User Sync Configuration screen and update the following settings

Parameter Name Value
Auto Enroll Enabled? The FQDN of the group that contains the idenprotect users.
Search Base The based of the directory eg DC=domain,DC=com

You may need to restart the service after making changes to these settings.

You should ensure that there is at least one user in the specified group in Active Directory, you can then go to the User page on the admin console and click the Sync button. Once the synchronization completes, any new accounts that are required should be listed on the Users page on the admin console.

Setting Up Email

A standard approach for enrolling users is to send them an email that has within it instructions for enrollment and a link to a QR Code that they can scan to enroll their device. To enable this, the idenprotect Core Platform needs to be integrated with an SMTP server. The basic settings are shown below but you should also look at our Email SMTP Configuration

Go to the Config -> Email -> Email SMTP Configuration screen and update the following settings

Parameter Value
Requires Authentication? Set to true if the idenprotect Core Platform needs to authenticate to the SMTP server
From Address The email address from which the emails will appear
Host Hostname or IP address of SMTP server
Password Password used to authenticate to the SMTP server
Port Port number to connect to the SMTP server
Username Username used to authenticate to the SMTP server.

Go to the Config -> Email -> Email Content Configuration screen and update the following settings

Parameter Value
Display Name The display name that the emails will be from

Once these settings are in place the connection can be tested by going to the User page and selecting Send Assign Email for a user with a valid email address.


Post-installation Hardening

Once the idenprotect Core Platform has been installed and configured and it is ready for testing/deployment. There are a number of steps we recommend taking to harden and secure your installation. Please see our Post Installation Hardening guide.