Indeed AM Admin Console is a Web application based on IIS. This module performs system administration. It also handles all the settings of the system and of the users.


Files of Admin Console reside in: indeed AM\Indeed AM Admin Console\<Version number>\

  • Indeed.AdminConsole-x64.msi is the installation package of Admin Console.

Additional AdminConsole installation files reside in: indeed AM\

  • Misc\Server2008\Indeed.AdminConsole.IIS.Install.MSServer2008.ps1 is the script file to install the required components of IIS server for Windows Server 2008.
  • Misc\Server2008\NDP452-KB2901907-x86-x64-AllOS-ENU.exe is the Microsoft .NET Framework 4.5.2  update package for Windows Server 2008. 
  • Misc\Server2012\AccessControlInitialConfig\Indeed.AdminConsole.IIS.Install.MSServer2012.ps1 is the script to install the required IIS server components for Windows Server 2012.

Installation

  1. Install the Admin Console by running Indeed.AdminConsole-x64.msi installer.

  2. Add HTTPS binding in Default Web Site settings of IIS Manager.

    Indeed AM Admin Console is a web application on the basis of IIS. “Require SSL” is a default installation setting, which, in turn, requires active HTTPS binding.

    If you do not plan to use https protocol, then deactivate SSL requirement in IIS settings for Admin Console. 


    1. Run IIS Manager and expand the Sites item.
    2. Select the Default Web Site site and click Bindings item in the Actions section.
    3. Click Add:
      1. Type - https.
      2. Port - 443.
      3. Select the SSL Certificate.
    4. Save the binding.
  3. Configure Kerberos delegation.
  4. Add Admin Console application to local Internet. 


Modifying a configuration file

  1. Open the console configuration file named Web.config (C:\inetpub\wwwroot\iidemc\Web.config).
  2. Specify the URL to connect to Indeed AM server for Url parameter in amAuthServer tag.

    1. Urlparameter is url address of Indeed server in the following format: http(s):// full_dns_name_of_server/easerver/

      To ignore server certificate errors, change the "isIgnoreCertErrors" parameter to "true" in "applicationSettings. config" file ( iidemc\Config ).


      <amAuthServer Url="https://amserv.indeed-id.local/easerver"/>


  3. Specify the url to connect to log server. To do so, edit the logServer tag.

    1. URL is url to connect to log server in the following format http(s)://full_dns_name_of_server/ils/api. 

      If several servers are used, then you have to specify the load balancer address


    2. CertificateThumbprint - this is to be defined if the private key is stored in the registry, and the certificate is in the PC storage.
    3. CertificateFilePath -this is to be defined, if the key pair is stored in pfx.

    4. CertificateFilePassword is the password for pfx.

      <logServer Url="http://log.indeed-id.local/ils/api/" CertificateThumbprint="" CertificateFilePath="" CertificateFilePassword=""/>


  4. Restart IIS server after modification of configuration files. Admin Console is available at the following address: “http(s)://full_dns_name_of_server/iidemc/"

Setting session Expiration Time

This setting is optional
  1. Open the configuration file Indeed Admin Console applicationSettings.config:  C:\inetpub\wwwroot\iidemc\Config\applicationSettings.config.

  2. Specify a required value for the sessionExpirationTimeMinutes parameter. Default value: 30(minutes).

    <amApplicationSettings
  findUsersMaxResultCount="200"
  isIgnoreCertErrors="false"
  sessionExpirationTimeInMinutes="60"
  allowOverrideRandomPasswordGeneration="false"
/>


  3. Save changes in configuration file. 


Configuring of logging in to Admin Console using SAML IDP

This setting is optional

  1. Open the console configuration file named Web.config (C:\inetpub\wwwroot\iidemc\Web.config).
  2. Specify the URL to connect to Indeed AM SAML server for LoginUrl parameter in amAuthentication tag.

    1. loginUrl parameter is URL address of the server with Indeed SAML idp component installed in the following format: http(s)://full_dns_name_of_server/iidsamlidp/

      <amAuthentication mode="Saml" loginUrl="http://saml.demo.local/iidsamlidp"/>


  3. In code:

    <authentication mode="Windows">
      <forms loginUrl="~/Account/Authenticate"></forms>
 </authentication>

    Change the value of mode parameter to Forms

    <authentication mode="Forms">
      <forms loginUrl="~/Account/Authenticate"></forms>
 </authentication>


  4. Save changes in configuration file. 

    To disable domain login and password prompt, activate “Anonymous authentication” and deactivate “Windows authentication” for iidsamlidp, at the SAML server.


Configuring of logging out of Admin Console using SAML idp

  1. Open the console configuration file named Web.config (C:\inetpub\wwwroot\iidemc\Web.config).

  2. For amAuthentication tag, add enableLogout parameter set to true (false by default).

    <amAuthentication mode="Saml" loginUrl="http://saml.demo.local/iidsamlidp/" enableLogout="true"/>


  3. Open the SAML configuration file named Web.config (C:\inetpub\wwwroot\iidsamlidp\Web.config).

  4. Specify the Admin Console server URL address for EmcServiceUrl parameter of  amPartnerServiceProviderSettings tag.

    <amPartnerServiceProviderSettings SelfServiceUrl="http://dc.demo.local/iidselfservice/" EmcServiceUrl="http://dc.demo.local/iidemc/"/>