Nervepoint Access Manager uses a wizard process to guide you quickly and easily through the installation process, these steps are covered in this article.
Locating the Installation Wizard URL
The first thing you notice when installing 1.2 is the addition of a root password this allows you to lockdown your underlying operating system completely and uniquely and only and you alone can actually go in and access the root account.
After hitting OK the main VM console will be visible.
So the first thing to do is set a memorable but sufficiently complex password you will rarely need this but we do now provide the ability for you to easily access the underlying VM.
VM console provides all the required functions for managing the VM itself details of which can be found here, VM Console UI.
The installation wizard is accessible on https:<server-ip> which is shown in the VM console when the VM is started in the above example it is shown by the line:
To access the Nervepoint application, use a browser to connect to
Simply go to the URL to step through the Installation Wizard.
Step 1: Configure the Administrator
The next step requires a secure password for the administrator account. This is the sole identity that will be allowed access to the Nervepoint Access Manager administration console to manage and configure the server from setting up authentication factors, settings security options, updating email notifications and keeping an eye on the system through the Dashboard and Identities as well as setting up and updating the backend connectors such as Active Directory.
The required security rules are visible to the right and any password must conform to this. The password can be changed later from within the admin console.
Step 2: Connecting to Primary Connector
Nervepoint Access Manager requires that at least one primary connector is available to connect to in the 1.2 release Access Manager now supports AD and any SSH based connector: Linux, Ubuntu, Solaris and other Linux variants. In 1.2 Access Manager now supports multiple primary and secondary accounts. A basic description of these is as follows:
Primary: users can login to Access Manager with an account on this directory but cannot link accounts in a primary directory to an account in another primary connector.
Secondary: users can not login to Access Manager with an account in this directory but a primary connector can be linked with accounts in secondary directories allowing you to manage multiple accounts with just a primary account.
Nervepoint Access Manager will try to auto-discover any SSH or AD servers but if you wish to configure it manually simply select the Configure Manually option.
NOTE: Active Directory must be configured for SSL communication
Step 3: Configure Primary Connector
Once discovered Nervepoint Access Manager will pre-populate the settings for your Active Directory these should be reviewed and any remaining un-configured items set.
• Name – a name for the directory this will also be used as part of the logon process
if more than one connector is configured using the syntax username@name or name\username
• Allow service-service Linking – enable this to allow end users to link their account in secondary directories to this account. Disable this so its only admin can link an account.
• Domain controller - name of AD domain controller
• Backup Controller – list of any replica Active Directories that can take the place of the main domain controller if there are communication problems
• Domain - domain of AD
• Service Account Name - name of service account. Account must have administrator permissions on the AD. Nervepoint Access Manager will use this
account to communicate and run any required commands against your AD.
• Service Account Password - password associated with Service Account Name.
Additional items can be configured for your AD a basic overview is below but for more details refer to the administration article, Directory Settings and Reconciliation:
• Advanced: Options for controlling how users are acquired and displayed
• Filters: Control which accounts may have access based on OU and group filter controls
• Synchronization: settings for reconciliation
Step 4: Testing AD Settings
Nervepoint Access Manager tests the settings you configured to verify permissions and account details are correct. If this step fails you can re-enter the settings.
Step 5: Self Service Questions
Nervepoint Access Manager requires an initial set of Questions for Q&A authentication configuring. A number of defaults are provided and can be changed.
These questions can be amended later and additional questions added from the administration portal after installation, refer to this article for more information, Authentication Basics.
Step 6: Mail Configuration
Nervepoint Access Manager is able to send email to all your users using a built in mail server, this requires a sender address to be provided as the sender for outgoing emails. A false address can be provided as this is will not receive any replies.
Nervepoint Access Manager uses simple mode during the installation process which configures a basic postfix email server. Another email server can be configured once installation is complete from the administration console, refer to this article for more on configuring an email server, Email Configuration.
Step 7: Setting a Self Signed Certificate
The final step allows you to configure a self signed certificate as halfway point to setting up a secure SSL connection using certificates.
Once installed and running in 1.2 you can now install a secure SSL certificate from within Access Manager itself.
The final step is verifying the details you have configured hitting Back allows you to re-configure any step.
Hitting Finish will result in the server being install as per your configuration. Nervepoint Access Manager provides a progress report as below.
Once complete hitting Close results in being redirected to the main Nervepoint Access Manager portal.
You are now ready to start using Nervepoint Access Manager.