Admin Guide
IPI Authentication Service – Admin Guide
First steps with IPI Authentication Service
System Requirements
Server:
Can be installed on a bare metal or virtual server
Linux
CentOS Linux 7
Ubuntu Server LTS 18.04
Ubuntu Server LTS 20.04
Windows Server 2012 and up
4 GB RAM
Only for passwordless PC authentication (for AD on premises accounts):
Workstation with Windows 10 or 11 and must have a TPM 2.0 module.
The workstation must be connected to an Active Directory domain.
The Active Directory domain must have a Certification Server (Certification Authority)
A special template has been set up in the certification authority. (See Configuring an Active Directory Certification Authority).
The IES server must be available for both the IPI Client and the mobile application, i.e. the computer and the phone must be in the same network, or the IES must have a public Internet address.
Our engineers can set up a test server in the cloud for you so that you can try out its features. The production server you have to install yourself inside your local network. To do this, follow these steps:
Step 1: Obtaining the API Key
The API Key is required so that your IES server can communicate with the IPI License Server (ILS) and obtain the licenses necessary for the IPI Keys to work. To do this, you can request a pilot. The resulting API Key must be registered in the server settings in Step 4.
Step 3: Obtaining administrator rights on the server
Log on to the server using the default login admin@server and the password admin. Invite a new administrator and then delete the default administrator's account.
Step 4: Configuring the server
Go to Settings -> Parameters. Fill in all required parameters and save them.
Step 5: Obtaining employees licenses
You need to obtain licenses for employees so they will be able to use IPI Authenticator with their accounts. Follow the instructions in the section How to get employee licenses. You will need to wait until your order will be processed (goes to the Completed status) and then proceed to the next step - setting up IPI Clients.
Step 6: Installing the IPI Client application on the user's computer
The IPI Client application should be installed on all workstations where users will log in using IPI Keys.
You can find the latest version of IPI Client here. You can find installation instructions here.
Note! The Client settings must contain the path to the server that you just installed. To automate this step, follow this guide.
Note! You can install the IPI Client version to work with internal Bluetooth or with an external IPI Dongle. If you will not use IPI Keys, it does not matter which option to choose.
You need to specify the full server address, for example, https://publicdemo.ipi.com/ or http://192.168.10.203/, or use any port you required, for instance, http://192.168.10.203:9090/.
Step 7: Approve workstations
For using the IPI Authenticator on the employee's workstation, it should be approved by the administrator.
Step 8: Add Employees to your server
You can add employees manually or import them from AD. Don't forget to enable SSO for them.
Step 9: Choosing use scenario
You can use IPI Authenticator as only SSO method or you may try full functionality (which includes PC passwordless or password-based login).
There are 2 possible use scenarios:
Windows login (passwordless or password-based PC login)
SSO use only (To setup your system environment for password-based login you only have to configure SSO on IES)
Last updated