When deploying an Access Manager Virtual Machine package for the first time there are certain configuration steps which need to be completed in order to allow users to access the system. To begin deploy the VM to your server of choice using the appropriate package, then start the VM. Access Manager will start up and first display a message that it is configuring the "First Time Setup" once this completes you will see the following.
Set your Root User password
The first action you will need to complete is to set the password that is used by the root user, this is your system root and will be used to access the command backend in future, as well s being a valid password for SSH and VNC connections to the server. The requirements for a valid password are displayed to the right of the window.
Once the root user password is set and accepted you are taken to the Dashboard of the VMCentre management console, this is where you are able to configure the system itself. A full breakdown of the VMCentre is available here, VMCentre Overview.
Select the Networking tab to continue configuration.
You will now see the hostname and IP address setting that have been assigned to the system by DHCP, you should set these to the settings you require for your own network before continuing. Once set connect to the system's address via web browser, for example the server in this case is on https://10.0.2.5, or if DNS is configured correctly https://nervepoint.
The Installation Wizard will take you through a number of steps to configure the Access Manager system and database for use by your users. To begin you must accept the end user license agreement.
After accepting the license you will be prompted to set a secure password for the Access Manager 'admin' user. The admin is the default administrator account for the Access Manager web interface and will be used to manage and configure the server from setting up authentication factors, settings security options, updating email notifications and keeping an eye on the system through the Dashboard and Identities pages as well as setting up and updating backend connectors such as Active Directory.
Again the password requirements are listed on the right of the window. The password can be changed later from within the admin console.
After setting your admin user password the system will begin to scan the network for any Active Directory or SSH servers that you might be wanting to use as your primary user database. One connector must be configured during this stage so you can select one of these or you can select the Configure Manually option to provide all details for the database connection yourself. Additional connectors can be configured once installation is complete.
If you are attempting to connect to an Active Directory please note that the Domain Controller needs to be configured for SSL communication.
Once selected the Connector Configuration page is loaded, if you selected a detected server it will pre-populate the entries on the General tab which will require reviewing and the configuration of any remaining required options.
- Name - the name that is used to identity the directory in Access Manager
- Allow Self-Service Account Linking - determines if users from this directory will be able to set their own linked accounts
- Domain Controller - name of AD host
- Backup Controllers - set any backup domain controllers
- Domain - domain of AD
- Service Account Name - name of service account. Account must have administrator permissions on the AD. Nervepoint Access Manager will use this account to communicate and run any required commands against your AD.
- Service Account Password - password associated with Service Account Name.
Additional items can be configured for your AD a basic overview is below but for more details refer to the administration article, Directory Settings and Reconciliation:
- Advanced - add or remove OUs and groups
- Global Catalog - settings required for using AD forests
- Synchronization - settings for reconcilation
Access Manager will now test the settings that have been configured to verify permissions and account details are correct. If the check fails you will be able to re-enter the settings.
Access Manager requires an initial set of Questions for Question & Answer authentication configuring. A number of defaults are provided and can be changed.
The questions that are set can be amended later and additional questions added from the administration portal after installation completes, refer to this article for more information, Authentication Basics.
Access Manager contains a built in mail server that can be used to send notifications, reminders, and passwords to all your users, to do this an email address must be set to act as a sender. If you wish to use an external mail server you can do so in the system configuration after installation has completed.
The final step allows you to configure a self signed certificate as halfway point to setting up a secure SSL connection using certificates.
Once installed and running you can install a secure SSL certificate following the instructions here, Uploading an SSL Certificate.
The final step is verifying the details you have configured, selecting Back allows you to re-configure any step.
Selecting Finish will result in the server being installed as per your configuration. Access Manager provides a progress report as this occurs.
Once complete select Close results in the service restarting, the web browser will redirect to the Access Manager home portal automatically.
From this point you can now configure the login processes you want to use, how you want the server to look, additional user databases, and much more. Your users from the configured database can also now begin to start using the server if you wish to let them. It would be best to run through the Administration Primer and make sure you have the server set to your requirements first though.