All URLs are specified in lowercase.

Switch to C:\inetpub\wwwroot\idp folder and edit appsettings.json file:

ConnectionStrings:

  • Data Sourceis the name of Microsoft SQL Server or its named instance
  • Initial Catalog - is the name of database (IPAMIdP)
  • User ID - is the service account to use with Indeed PAM databases

  • Password - is the password for that service account

"ConnectionStrings": {
	"DefaultConnection": "Data Source=MSSQLServer;Initial Catalog=IPAMIdP;Integrated Security=False;User ID=IPAMSQLService;Password=password"
}

If you are using a named instance of Microsoft SQL Server, the value of the Data Source parameter must be set in the format
<server name>\\<instance name>.

"ConnectionStrings": {
	"DefaultConnection": "Data Source=MSSQLServer\\Named instance; ..."
}

Database:

In the Provider section, select the DBMS connection provider:

  • mssql - is for the MS SQL Server
  • pgsql - is for the PostgreSQL Pro

Example for the PostgreSQL Pro:

"Database":{
   "Provider": "pgsql"
},

IdentitySettings:

  • AdminSids - is SID of the user to get access to administrator console. If there are several of them, then the SIDs must be divided by comma

  • GatewaySecret - Hash for client keys for additional authentication of Indeed PAM Gateway

    The secret and its hash are generated by the console utility Pam.ConsoleApp.exe (located in \Misc\ConsoleApp folder) when configuring Indeed PAM Gateway.

  • IdpUrl - is URL Indeed PAM IdP
  • Lang - is the user interface language of the component, set it to "en" value.
  • SshProxyClientSecret - Hash for client keys for additional authentication of Indeed PAM SSH Proxy, generated when setting up Indeed PAM SSH Proxy in the same way as GatewaySecret
  • Enable2FaCacheForClients - List of client IDs for which the 2nd factor caching will work
  • SecondFaCacheLifetimeSeconds - 2nd factor caching time in seconds
    List of available client IDs:
    • "console-app"
    • "ssh-proxy-app"
    • "pam-management-console"
    • "pam-user-console"
    • "pam-gateway"
"IdentitySettings":{
	"AdminSids": [ "S-1-5-21-1487179672-2651565253-5257550508-0000", "S-1-5-21-1487179672-2651565253-5257550508-0001" ],
	"GatewaySecret": "bQAl17Y58+Htv982eadHmFaDguAPNrjd+Bl9vN0Uw5c=", 
	"IdpUrl": "https://pam.indeed-id.local/idp",
	"Lang": "en",
    "SigningCertificate": "",
	"ConsoleAppClientSecret": ""
    "SshProxyClientSecret": "+Q/anzbwy6ikV7LS3LvUsCpThBGzUOWWo76Idcy8c1E=",
    "Enable2FaCacheForClients": ["pam-management-console"],
    "SecondFaCacheLifetimeSeconds": 60
},


PamSettings:

  • ManagementConsoleUrl - URL of Indeed PAM Management Console
  • UserConsoleUrl - URL of Indeed PAM User Console
"PamSettings": {
	"ManagementConsoleUrl": "https://pam.indeed-id.local/mc",
	"UserConsoleUrl": "https://pam.indeed-id.local/uc",
	"SessionLifetime": 43200
},

EventsSettings:

  • EventCacheDirectorya temporary folder for event writing
  • Url - URL API for the uniform event log
"EventsSettings": {
	"AppId": "pam",
    "Component": "idp",
    "EventCacheDirectory": "C:\\Temp\\ILS\\IdP\\EventCacheDirectory",
    "EventCacheSendingIntervalSec": "10",
    "Url": "https://pam.indeed-id.local/ils/api",
    "CertificateThumbprint": "",
    "CertificateFilePath": "",
    "CertificateFilePassword": ""
},




  • No labels