Idenprotect Core Platform Quick Start Guide
- 1 Introduction
- 2 Steps to install the idenprotect Core Platform
- 3 Quick Start Wizard
- 4 Post-installation actions
This quick start guide is a high-level guide to help you get the idenprotect Core Platform application up and running quickly. Links will be provided throughout this article to more in-depth documentation if you require it for any particular steps.
Alternatively, for a full in-depth guide, please Start Here - idenprotect Core Platform
Steps to install the idenprotect Core Platform
- You will need an environment ready, please check that yours meet the Idenprotect Core Platform Prerequisites
- Download the latest idenprotect Core Platform Version from the Downloads and Links
- Install the RPM using yum --nogpgcheck localinstall packagename.rpm. More information at Installing with an RPM
- Verify that the idenprotect Core Platform is running using service idenprotect status. More information at Verifying an RPM installation
Quick Start Wizard
The Quick Start Wizard is designed to help you do the basic configuration for a standard set up where all idenprotect applications are installed on to the same server. By default, when all applications are on the same server, the idenprotect User Portal is automatically set up as the first Service Provider and the Quick Start Wizard will help you to configure the server, enroll your first device and authenticate using the idenprotect Authentication Portal to the idenprotect User Portal. This article assumes that this is all set up on the same server, if you wish to install on a different server, please refer to the main guide which will give you the detailed configuration information.
Note that in order to complete every step of the Quick Start Wizard, you will need to have installed the idenprotect Core Platform, the idenprotect Authentication Portal and the idenprotect User Portal. If you need help with those installations, please Start Here - idenprotect Authentication Portal or Start Here - idenprotect User Portal
The Quick Start Wizard is available when arriving on the idenprotect Core Platform dashboard after logging in. If you have closed it and wish to access it again, please go to the Config tab, go to Config Configuration and set Server URL / IP Address to "localhost". When you return to the dashboard it will show again. To see the default login credentials and how to access the idenprotect Core Platform, see First time login and navigation
Step 1 - EULA
The first step is to read and accept the End User Licence Agreement. If you do not accept this, you cannot continue with the wizard.
Step 2 - Server URL / IP Address
Next, you should enter either the URL or IP address of the server
Step 3 - Uploading a licence
Next, you should browse to and upload your licence. If you do not have one yet, please contact your idenprotect partner or email us at firstname.lastname@example.org
Step 4 - Application type and Certificate Verification
Next, the application type is preset to Standalone SAML as BlackBerry cannot be configured until later. You will need to specify whether certificate verification is required. If you do not yet have a valid SSL, we recommend that you switch off the certificate verification until this is available. These settings can be updated later.
Step 5 - Restarting the User Portal
Next, to ensure the changes are all in place, the idenprotect User Portal will require a restart. A check will take place to see if the idenprotect Service Manager application is installed and accessible, if it is, a button will appear which you can click to restart the idenprotect User Portal application. If this button does not show up, a message will advise you that the idenprotect User Portal will require a manual restart.
Step 6 - Testing your set up
In the final step, you can download the mobile application and scan the QR code to begin enrollment with a test account.
Once enrolled, you should restart the User Portal to ensure it has the new settings, you can then test the authentication process with the test account and mobile app. To complete the authentication process you should also restart the idenprotect Core Platform
Making configuration changes
To give you flexibility in how you use the idenprotect solution, there are many more configurable settings, these ones just help you get up and running. We advise taking a look through How to make configuration changes.
The idenprotect Core Platform Configuration Screens article gives an overview of each of the Config screens present in the idenprotect Core Platform and has links to the relevant articles.
Alternatively, you can view all of our Configuration articles under the Configuration Category. Note that this also includes configuration articles for our other applications.
Synchronizing users from Active Directory
One of the primary things you may want to do is to create users automatically by synchronizing with Active Directory. To do this, a suitable Active Directory account is required. The idenprotect Core Platform will create an account for all users that are within a specified group so details of this group will also be required. The basic settings are shown below but you should also look at our LDAP Connection Configuration guide.
Go to the Config -> Auth Server -> Ldap Connection Configuration screen and update the following settings
|Authentication Password||The password of the account being used to read from Active Directory|
|Authentication User||The username of the account being used to read from Active Directory|
|LDAP Protocol||ldap:// (or ldaps:// if required)|
|Default Host||The IP address or hostname of the domain controller|
|User Sync Enabled||true|
Go to the Config -> Auth Server -> Ldap User Sync Configuration screen and update the following settings
|Auto Enroll Enabled?||The FQDN of the group that contains the idenprotect users.|
|Search Base||The based of the directory eg DC=domain,DC=com|
You may need to restart the service after making changes to these settings.
You should ensure that there is at least one user in the specified group in Active Directory, you can then go to the User page on the admin console and click the Sync button. Once the synchronization completes, any new accounts that are required should be listed on the Users page on the admin console.
Setting Up Email
A standard approach for enrolling users is to send them an email that has within it instructions for enrollment and a link to a QR Code that they can scan to enroll their device. To enable this, the idenprotect Core Platform needs to be integrated with an SMTP server. The basic settings are shown below but you should also look at our Email SMTP Configuration
Go to the Config -> Email -> Email SMTP Configuration screen and update the following settings
|Requires Authentication?||Set to true if the idenprotect Core Platform needs to authenticate to the SMTP server|
|From Address||The email address from which the emails will appear|
|Host||Hostname or IP address of SMTP server|
|Password||Password used to authenticate to the SMTP server|
|Port||Port number to connect to the SMTP server|
|Username||Username used to authenticate to the SMTP server.|
Go to the Config -> Email -> Email Content Configuration screen and update the following settings
|Display Name||The display name that the emails will be from|
Once these settings are in place the connection can be tested by going to the User page and selecting Send Assign Email for a user with a valid email address.
Once the idenprotect Core Platform has been installed and configured and it is ready for testing/deployment. There are a number of steps we recommend taking to harden and secure your installation. Please see our Post Installation Hardening guide.