Initializing the ActivID Appliance

Once the appliance network is configured via the ActivID UNIX Terminal, you can log on to the ActivID Console to initialize the appliance (set the installation type, add security domains, etc.).

Prerequisites: You have:
Important: After successfully setting the appliance installation type (Full or Front End), you cannot change it unless you revert the appliance to the Initial State.

Access the ActivID Console

  1. From any browser, access the ActivID Console using the following URL:

    https://<appliance-hostname>:1005

    The first time you access the ActivID Console, you are prompted to trust the connection to the site.

  1. Click Proceed to <appliance site>.

  1. Enter the credentials for the Appliance Administrator account (appadmin and the password you set during the initial configuration using the UNIX terminal).

Initialize the ActivID Appliance

  1. Under Appliance in the left menu, select Dashboard.

    The ActivID Appliance License Agreement is displayed.

  1. Select I accept the agreement and click Next.

    The appliance dashboard screen is displayed.

    You are then prompted to select the Installation Type.

  1. Select Full installation to install all the ActivID applications.

    The deployment of the Authentication Services and the database are enforced.

    To install only the ActivID Front Ends (ActivID Management Console, Self-Service Portal and RADIUS Front End), select Front-End installation and follow the instructions in Installing the Front-End Applications.

    Important: Once an installation type is applied, the only way to change it is to revert the appliance to the Initial State.

  1. Click Initialize.

    The initialization process might take several minutes.

    To finalize the initialization of the appliance, you must now create your security domains.

    Alternatively, you can click Dashboard in the menu on the left to view the status of the appliance.

Back Up the Initialized State (Virtual Appliance Only)

For virtual ActivID Appliances only, before you start using the appliance, it is recommended that you generate the appliance Site ID and then back up the virtual appliance (that is, create a snapshot/checkpoint) in its initialized state.

This initialized state will be used as a reference in case you need revert to a clean installation (in this state you will be able to install the latest hot fixes, perform reconfiguration and restore your latest backup).

  1. Log on to the ActivID Console, under Appliance in the left-side menu, select Licenses.

    This generates the Site ID.

    The Site ID can be used to register licenses at any time, and the registered licenses will work if you need to revert to this backup to reset the appliance.

    For further information, see Managing the Licenses.

  1. Make a note of the displayed Site ID and then log off from the ActivID Console.

  2. Shut down the appliance from the ActivID UNIX Terminal.

  3. Back up this virtual appliance state (that is, create a snapshot/checkpoint) in case you need to reset the appliance in the future.

Create the Security Domains

When you create a new security domain, it adds a new set of data to your deployment.

This data is specific to your domain and is defined by the dataset you chose when creating the domain (for example, the default users and permissions included in the dataset).

  1. Under Configuration in the left menu, select Security Domains (or click Go to Security Domains in the Dashboard).

  2. To add a security domain, click Add.

    Important: Adding a domain causes an interruption of service and the process might take several minutes.

  3. Enter the Domain Name, select the Dataset from the drop-down list and, optionally, enter a Description.

    Important: You must apply the following rules when creating the domain name:
    • Must contain alphanumeric characters
    • Must not contain any of the special ! # % & ( ) + " ' < > ? * - _ characters
    • Must not start with a numerical character
    • Must be a maximum of 20 characters
    • Must not be a variation of an existing security domain name using a different case for one or more characters (for example, do not use Onlinebank when ONLINEBANK already exists)
    • Oracle reserved keywords are not allowed (that is “SELECT”, “ONLINE”, etc.)

  4. Enter and confirm the password for the ActivID Initialization User (ftinit).

    Important:  

    • This user is the pre-defined administrator account for the security domain.

      Make sure you keep a record of the password

    • The password must:

      • Contain at least one alphabetic and one numeric character

      • Contain at least 3 different characters

      • Be a maximum of 20 characters

      • Be a minimum of 10 characters

      • Be different from any previous password

      • Not contain blacklisted or user-related words

      • Not be a sequence of letters or numbers

      • Not be password01

  5. Then click Add.

  6. Repeat the previous step to create additional domains.

    You can create up to 10 domains at the same time.

  7. Then click Save.

    The configuration process might take several minutes.

  8. Click Done when the creation process is complete.

  9. Under Appliance in the left menu, select Dashboard and then review the appliance status.

Configure an External HSM (Optional)

If you want to integrate a network Entrust® nShield® Connect HSM (all versions) as an external HSM with the ActivID Appliance, you can now install and configure the HSM.

Enable the RADIUS Front End (Optional)

This section explains how to activate the ActivID RADIUS Front End on all or a subset of the security domains.

  1. Under Configuration in the left menu, select RADIUS Front End.

  1. Select the checkbox(es) of the domain(s) that you want to activate for RADIUS Front End.

  2. Click Activate on domain(s).

  1. Click Ok.

    The Activation Status is updated to ‘Activated’ and a green check mark is displayed under Connection Status when the connection is established.

  1. Under Configuration in the left menu, click Applications.

  2. Click Restart RADIUS Front End to restart the RADIUS service to update the RADIUS configuration.

  3. If required, configure the ActivID RADIUS Front End for the push-based solution.

Important: For push-based authentication, the RADIUS client application (NAS) must be configured to use the PAP mode RADIUS protocol

Post-Installation Steps

Once you have completed the ActivID Appliance installation and setup, you can configure the initial elements of the authentication system.

  1. Log on to the ActivID Management Console using one of the pre-defined operator accounts (for example, ftadmin).

    2. It is strongly recommended that you access the ActivID Management Console immediately after installation in order to change the default password.

  2. Configure the ActivID Appliance environment such as:
  3. Organize your user population by user type or administration group.
  4. Create the ActivID Management Console operators and define the access control rules by assigning roles and permissions.
  5. Import devices so they can be assigned to your users.
  6. Register authentication methods for your users.

See also:

Managing ActivID Appliance

Configuring ActivID Appliance

Managing Your Users

Managing User Authentication

Managing Devices