If you want to customize the settings for this component, you need to install the Standard Authentication component.


Indeed AM Phone Management Server is an IIS-based web application. This component offers a lightweight API for adding, changing, and deleting phone numbers in the SQL database.


If you want to add, change, and delete phone numbers in the SQL database, please install the Indeed AM Storage SMS OTP Provider. 


Files of  EAPhone Management Server reside in: indeed AM\Indeed AM Phone Management Server\Distrib\

  • Distrib\EA.PhoneManagementServer.deploy.cmd is the Cmd file required to install the component.
  • Scripts\ - Power Shell scripts with an example of calling each API method.
  • WebDeploy_amd64_en-US.msi - Package for installing the WebDeploy component, version 10.0.1973.


How to install the component 

You need a pre-installed WebDeploy (version 10.0.1973 or higher) to install the component.

  1. Use an administrator account to launch the command line. 
  2. Go to the Distrib folder of the EAPhoneServer component. 

  3. Execute the command to initiate installation. 

    EA.PhoneManagementServer.deploy.cmd /Y


  4. Once the component has been successfully installed, the IIS Manager will display the EAPhoneServer web application.

How to uninstall the EAPhoneServer component

  1. Stop the IIS server running the EAPhoneServer component. 
  2. Open the folder C:\inetpub\wwwroot
  3. Delete the EAPhoneServer folder and all its contents. 
  4. Delete the EAPhoneServer application in the IIS Manager.

How to set up the component

  1. Open the EAPhoneServer component in the IIS Manager. 
  2. Click Authentication and enable the Standard Authentication option. Make sure to disable all other authentication methods. 

  3. Open the Authorization Rules. Change the existing rule or add a new one. In the settings, specify the user or user group who will be able to call the API methods.

    We recommend customization to ensure secure access to the EAPhoneServer component.


    When you select a user group, please indicate a relevant value of the Name attribute for this group. When you select a user, please indicate a relevant value of the sAMAccountName or userPrincipalName attribute.


How to set up your user policy 

You need to set up a policy for assigning appropriate privileges to service users. 

  1. Open the Admin Console and the general system policy that applies to all target users. 
  2. Go to the Administrators tab and assign administrator rights to a service user who has access to the Indeed AM EaPhone Server. 

How to set up the configuration file

If you want to save changes in the app configuration file, please use an administrator account to open the editor. 

  1. Open the Web.config component configuration file (C: \inetpub\wwwroot\EAPhoneServer\Web.config). 

  2. In the appSettings tag, configure the settings as follows:


    API requests will be sent on behalf of the given user.


    1. The string where the key parameter is username: in the value parameter, insert the username in the UPN format for the user designated to work with this component. 

      <add key="username" value="eaphone@indeed.local" />


    2. The string where the key parameter is password: in the value parameter, insert the user password.

      <add key="password" value="Q1q2E3e4" />


    3. In the string where the key parameter is lognames, configure the format for logging usernames. Supported formats:


      If you need to specify multiple formats, you can add values separated by commas.


      • Id − a user ID in the Indeed AM system in the rootUserCatalogProviderId_Guid format. 
      • Name − name attribute value in the Active Directory. 
      • CanonicalName − a username in the Canonical-Name format (myserver.demo.local/users/UserName). 
      • PrincipalNameuserPrincipalName attribute value in the Active Directory. 
      • SamCompatibleName − a username in the domainName\UserName format. 
      • DistinguishedNamedistinguishedName attribute value in the Active Directory. 
      • SidobjectSid attribute value in the Active Directory. 
      • Email − the mail attribute value in the Active Directory or the value indicated in the server configuration file. 

      • Phone − the telephoneNumber attribute value in the Active Directory or the value specified in the server configuration file. 

        <add key="lognames" value="PrincipalName,Sid" />


  3. Insert the URL for log server connections. How to edit the logServer tag 
    1. URL − URL for log server connections in the following format: http(s)://full_dns_server_name/ls/api format. 
    2. CertificateThumbprint − if the private key is stored in the registry and the certificate is stored on the computer. 
    3. CertificateFilePath − if the key pair is stored in a PFX file. 

    4. CertificateFilePassword − password for the PFX file.

      <logServer Url="http://dc2.new.loc/ls/api/" CertificateThumbprint="" CertificateFilePath="" CertificateFilePassword="" />


  4. Create a folder for storing the local event cache. The default path is D: \Temp\IndeedIdServerEventLog\EaPhoneEventCache. Create a default folder or specify another local path. Grant full access to the destination folder for the IIS_IUSRS user. 

    <logServerClient AppId="ea" Component="server" EventCacheDirectory="C:\inetpub\wwwroot\EAPhoneServer\EventCache" LogServerTargetConfigFile="" />


  5. In the connectionString parameter, specify the full URL of the available Indeed AM server or load balancer as follows:

    http/https://<full DNS of the available Indeed AM server or load balancer as follows>/easerver/


    <add name="EAWebAPIURL" connectionString="http://dc2.new.loc/easerver/" />


  6. How to encrypt and decrypt parameters in the appSettings tag.

    We recommend this customization for security reasons.


    1. To encrypt a parameter, use an administrator account and run the following command in the command line:

      C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_regiis.exe -pe "appSettings" -app "/EAPhoneServer" -prov "DataProtectionConfigurationProvider"

    2. To decrypt a parameter, use an administrator account and run the following command in the command line:

      C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_regiis.exe -pd "appSettings" -app "/EAPhoneServer"

UI component access 

Please follow these steps if you want to access the UI component:

  1. Open the URL: http(s)://<Full DNS name of the server containing the EAPhoneServer component> /EAPhoneServer/swagger. 
  2. Log in as a user who is a part of a group specified in the Authorization Rules. To log in, enter the username in the UPN format.

Overview of the API component methods


The input data is transmitted in JSON format. To call the API method, you can use the URL in the following format:

http/https://<Full DNS name of the server containing the EAPhoneServer component>/EAPhoneServer/<API method>



Registration 

To register a phone number, use a POST request to the API method: /api/IID/CreatePhone.

  1. Input data: 
    1. Username − a username in the UPN format for which a phone number is added. 
    2. Phone − a user's phone number to be registered in the system. 
  2. Output data: HTTP response with the HTTP status code. 
  3. Example: 
    1. URLhttp://AmIndeed.demo.local/EAPhoneServer/api/IID/CreatePhone
    2. Data − ‘{"Username": "User@demo.local", "Phone": "123456"}’. 

Generated events

The PrincipalName and Sid name formats are used in the example.

Successful registration 

Upon successful registration of the provider, an event with a unique ID − 1088 will be generated. The event body includes the following parameters:

  • Description - The phone number has been successfully registered.
  • User − a new user that has been registered. You can set the username format in the configuration file (the lognames parameter). 
  • Initiator − a user who was designated as an EAPhoneServer component administrator in the configuration file. You can set the username format in the configuration file (the lognames parameter). 
  • API user − a user who has completed Basic Authentication before the API method was used. The name will be displayed in the same format as it appears in the authentication form. 
  • Phone − a user's phone number to be registered. 

Registration errors 

If an error occurs during provider registration, an event with a unique ID − 2073 will be generated. The event body includes the following parameters:

  • Description - The phone number registration failed.
  • User - a new user that has been registered. You can set the username format in the configuration file (the lognames parameter). 
  • API user − a user who has completed Basic Authentication before the API method was used. The name will be displayed in the same format as it appears in the authentication form. 
  • Error Description a more detailed description of the error that occurred.
  • Error initiator − a user who has caused the error. 

  • Phone - a user's phone number to be registered. 

    In the event of a login error or access error (403), this parameter will display the service user data.

Change

To change a phone number, use a POST request to the API method: /api/IID/UpdatePhone.

  1. Input data: 
    1. Username − a username in the UPN format for which a phone number is changed. 
    2. Phone − a user's phone number to be registered in the system. 
  2. Output data: HTTP response with the HTTP status code. 
  3. Example: 
    1. URLhttp://AmIndeed.demo.local/EAPhoneServer/api/IID/UpdatePhone
    2. Data − ‘{ "Username": "User@demo.local",  "Phone": "654321"}’. 

Generated events


The Id, Name, PrincipalName name formats are used in the example.

Successful change

Upon successful registration of the provider, an event with a unique ID − 1089 will be generated. The event body includes the following parameters:

  • Description - The phone number has been successfully updated.
  • User − a new user that has been registered. You can set the username format in the configuration file (the lognames parameter). 
  • Initiator − a user who was designated as an EAPhoneServer component administrator in the configuration file. You can set the username format in the configuration file (the lognames parameter). 
  • API user − a user who has completed Basic Authentication before the API method was used. The name will be displayed in the same format as it appears in the authentication form. 
  • Phone − a user's phone number to be registered. 


Change error 

If an error occurs during provider registration, an event with a unique ID − 2074 will be generated. The event body includes the following parameters:

  • Description - The phone number updating failed.
  • User - a new user that has been registered. You can set the username format in the configuration file (the lognames parameter). 
  • API user − a user who has completed Basic Authentication before the API method was used. The name will be displayed in the same format as it appears in the authentication form. 
  • Error Description a more detailed description of the error that occurred.
  • Error initiator − a user who has caused the error. 

  • Phone - a user's phone number to be change. 

    In the event of a login error or access error (403), this parameter will display the service user data.



Deleting

To change a phone number, use a POST request to the API method: /api/IID/DeletePhone

  1. Input data: 
    1. Username − a username in the UPN format for which a phone number is deleted. 
  2. Output data: HTTP response with the HTTP status code. 
  3. Example: 
    1. URLhttp://AmIndeed.demo.local/EAPhoneServer/api/IID/DeletePhone 
    2. Data − ‘{ "Username": "User@demo.local"}’. 

Generated events

The DistinguishedNameSamCompatibleName. name formats are used in the example.

Successful deleting

Upon successful deleting of the provider, an event with a unique ID − 1090 will be generated. The event body includes the following parameters:

  • Description - The phone number has been successfully updated.
  • User − a new user that has been registered. You can set the username format in the configuration file (the lognames parameter). 
  • Initiator − a user who was designated as an EAPhoneServer component administrator in the configuration file. You can set the username format in the configuration file (the lognames parameter). 
  • API user − a user who has completed Basic Authentication before the API method was used. The name will be displayed in the same format as it appears in the authentication form. 
  • Phone − a user's phone number to be registered. 

Delete error

If an error occurs during provider delete, an event with a unique ID − 2075 will be generated. The event body includes the following parameters:

  • Description - The phone number removing failed.
  • User - a user that has been remove. You can set the username format in the configuration file (the lognames parameter). 
  • API user − a user who has completed Basic Authentication before the API method was used. The name will be displayed in the same format as it appears in the authentication form. 
  • Error Description a more detailed description of the error that occurred.

  • Error initiator − a user who has caused the error. 

    In the event of a login error or access error (403), this parameter will display the service user data.