Setting IES server parameters

IPI Enterprise Server – Setting IES Server parameters

To work correctly, you need to specify some basic settings.

Go to Settings -> Parameters.

Licensing

Click the button Set License Settings.\

Fill in and save the API Key, you have to get it at the stage of setting up the server. Ask us if you have ordered a pilot and don't know your API key.

After saving, the API Key is not displayed in the settings in open form. To view it, click the Show button.

Also, here you can import your licenses from ILS by clicking on Import licenses button.

You can import licenses via API key or using a file. Please, ask us if you need to get your licenses file.

Mail

Administrators can configure credentials to send emails with service notifications to the users. Such notification is used for inviting new employees, resetting employees' passwords, changing mail for employees, sending activation codes for IPI Key, etc.

To check the current credentials that you use to send emails, you have to expand the Mail section:

Click Configure to set or change the credentials for sending emails:

To set Email Credentials, fill the following fields:

Host – this is the email server address you want to connect to. For example, for Gmail, the SMTP host might be “smtp.gmail.com” and the IMAP host might be “imap.gmail.com”. The actual host may vary depending on the email service provider and the specific protocol you are using.
Port – this is the numeric code that determines the specific network port for establishing a connection to the email server using a specific email protocol.
Enable SSL – this is an option that indicates whether to use SSL (Secure Socket Layer) to establish a secure connection with the email server. SSL encrypts the data transmitted between your computer and the server to protect sensitive information during transmission.
Email – is the email address that you use for sending and receiving messages.
Password – this is the password associated with your email address. It is used for authentication and confirming your identity when connecting to the server.

Active Directory (On-premises)

Active Directory on-premises

These parameters must be specified if you will use IES scenarios for working with AD. Import and sync users from Active Directory Import and sync users from Active Directory with domain password changing

Click the button Settings→Parameters→Add Domain Settings

Fill in and save the following parameters (domain on-premises):

Domain Name: enter your Active Directory domain. This is necessary to import users from previously created groups in AD.
User Logon Name: AD administrator's login with permissions to get users and groups from the AD and change user passwords.
- Skip credentials (sync will be disabled)
Password: AD administrator's password with permissions to get users and groups from the AD and change users' passwords.
Auto Password Change (days): number of days after which it is necessary to change the password from the domain account to users from the Security Key Auto Password Change group.

Azure AD (Entra)

To connect the Azure AD with the IES, please, first, set the Azure AD application:

Open Settings→Parameters→Add Domain Settings→ select radio button Azure Active Directory

Login to the Azure portal
Go to the Azure Active Directory → App registrations

Click New Registration

Go to app overview copy the Application (client) ID, and Directory (tenant) ID, and paste those values into Domain Settings on IPI Server

Fill in and save the following parameters on IES (Azure AD):

Application ID: enter your Azure AD application id.
Client secret: enter your Azure AD client secret.
Tenant ID: enter your Azure AD tenant id.
Auto Password Change (days): number of days after which it is necessary to change the password from the domain account to users from the Security Key Auto Password Change group.

After saving the data, login parameters are not displayed in the setting

On Azure portal, go to the Certificates & secrets → New client secret and then add and copy Client Secret

Copy the secret from column Value and paste it to the field Client Secret on IPI Server

On Azure portal, go to the API permissions -> Add a permission -> Microsoft Graph

Click Application permissions, then scroll down and select the Directory → _Directory.Read.All_ permission.

Click Grant admin consent

Fill in and save the following parameters on IES (Azure AD):

Application ID: enter your Azure AD application id.
Client secret: enter your Azure AD client secret.
Tenant ID: enter your Azure AD tenant id.
Auto Password Change (days): number of days after which it is necessary to change the password from the domain account to users from the Security Key Auto Password Change group.

After saving the data, login parameters are not displayed in the settings.

If you use Linux and need the AD integration, join your Linux server to the AD

Be aware! As soon as you remove the AD administrator login and password from the settings, all AD sync scenarios will stop working.

With this instruction, you can add on server several domains at the same time. Each domain is managed separately.

Other Domain settings

Domain Settings – These credentials will be used to connect to Active Directory via LDAPS
Users default single sign-on settings - This setting will be used for all users synchronized from Active Directory. Later you can change this Single Sign-On setting for each user individually in user settings.

Workstation passwordless logon settings - Update Workstation Passwordless Logon Settings.

Splunk

Also you can set here Splunk settings.

FIDO2

If the "Allow Platform Authenticators" feature is enabled, you can choose the type of security key you are enrolling for the user (by default it is cross-platform):

So the list of the user's FIDO keys will look like this: