How to configure the Identity Service
Israel +972 4 6308447      USA +1 619 831 0029         UK +44 203 807 9405         JAPAN +81 505 893 6263 担当:萩原

How to configure the Identity Service

You are here:
< All Topics

 

When the  Identity Service is not installed, everyone can access every OpenLM component without any security. If installing Identity Service and setting up Security Configuration, every component needs Client ID and Secret Key to be accessed.

There are 2 types of Security Configuration.

  1. URL settings in Identity Service
  • OpenLM Server
  • Directory Sync
  • Reports Scheduler
  • ServiceNow

By setting URL, when the user tries to open a URL in Browser, Login Credentials will be asked. Client ID and Secret Key will be inserted into configuration files such as appsettings.json or property file. Once secured, every component connected to OpenLM Server should be set up in security mode.

  1. Authorization JSON file from EasyAdmin User Interface:
  • Broker
  • DSA
  • Workstation Agent
  • End User Services (Personal Dashboard)
  • Applications Manager
  • OpenLM Server API

Once OpenLM Server is configured to work in secure mode in Identity Service, issue the Authorization JSON file from EasyAdmin User Interface and import it into each component.

To configure the OpenLM components to work in a secure environment, all select the Settings Icon in the Identity Service window:

 

Identity service settings

Select the Security Configuration tab:

Identity service configuration tab

Further, we will upgrade each component to then configure them to work in a secured environment with the Identity Service.

Configure the OpenLM Server to work in a secure environment

  1. In the Identity Service UI, select the Settings tab, then Security Configuration.
  2. Proceed with turning on the Server toggle switch.
  3. Provide the Fully Qualified Domain Name for OpenLM Server Machine (Ex: http://FQDN:5015).
  4. Type in the username (Admin by default)
  5. Click Save.

Note: this will enable Security, Client ID and Secret Key in the appsettings.json file.
C:\Program Files\OpenLM\OpenLM Server\bin

6. Go to Services and restart both the Identity Service and the OpenLM Server.
Restarting Services are mandatory to get a new Client ID and Secret Key.

In the EasyAdmin User Interface Dashboard, we can now see the logout button with the account:

dashboard with login

Instead, if we turn off the Server’s toggle switch (Non-Security Mode), the logout/in button will disappear. Everyone can access EasyAdmin User Interface.

dashboard without login

Warning: Restart the OpenLM Server Service every time you turn on/off the Security Mode to reflect the changes.

Configure the Directory Sync to work in a secure environment

  1. In the Identity Service UI, select the Settings tab, then Security Configuration.
  2. Proceed with turning on the DSS toggle switch.
  3. Provide the Fully Qualified Domain Name for OpenLM Server Machine (Ex: http://FQDN:7026).
  4. Click Save.

Note: this will enable Security, Client ID and Secret Key in the appsettings.json file. C:\Program Files\OpenLM\OpenLM Directory Synchronization Service
5. Navigate to Services and DSS Service.
Restarting Services is mandatory to get a new Client ID and Secret Key.

Configure the Reports Scheduler to work in a secure environment

  1. In the Identity Service UI, select the Settings tab, then Security Configuration.
  2. Turn on the Reports Scheduler toggle switch.
  3. Provide the Fully Qualified Domain Name for OpenLM Server Machine (Ex: http://FQDN:8888).
  4. Click Save.

Note: this will enable Security, Client ID and Secret Key in the report_scheduler.properties file. C:\Program Files\OpenLM\OpenLM Reports Scheduler
5. Go to Windows Services and restart Reports Scheduler Service.
Restarting Services is mandatory to get a new Client ID and Secret Key.

Configure the ServiceNow Adapter to work in a secure environment

  1. In the Identity Service UI, select the Settings tab, then Security Configuration.
  2. Turn on the ServiceNow toggle switch.
  3. Provide the Fully Qualified Domain Name for OpenLM Server Machine (Ex: http://FQDN:5005).
  4. Click Save.

Note: this will enable Security, Client ID and Secret Key in the appsettings.json file. C:\Program Files\OpenLM\OpenLM External Platforms\Service

5. Go to Services and restart ExternalPlatformServices Service.
Restarting Services are mandatory to get a new Client ID and Secret Key.

Account in Identity Service and Role&Permissions

If your license file doesn’t have Role&Permission, Identity Service still has basic Roles to assign users. It is presented in edit only mode (No Adding, Deleting, Duplicating).

But if your license file has Role&Permission, it can give you full range and functionality of Roles like the below.

Please consult with our Sales at sales@openlm.com if you want full functionalities.

The first default account is Admin in Identity Service. But if you want to create a new user, please follow the below steps.

  1. Create a User account in Easyadmin User Interface.
  2. Assign the Role to the user to login in EasyAdmin User Interface.
    https://www.openlm.com/knowledge-base/roles-and-permission-groups-based-security-kb4006

  1. Create the same user in Identity Service with Password.

Note: If you want the user to be able to edit Identity Service settings, enable the System Administrator toggle button.

  1. Login to EasyAdmin User Interface with the user account.

Right now, we have to manually add the same user in each EasyAdmin User Interface and Identity Service UI. Only the system administrator of Identity Service UI can change the passwords.

FAQ About Users

Configuring each component in Security Mode

Please note that, after you enable OpenLM Server Security mode in Identity Service, each connected component needs Client ID and Secret Key (Authorization Json file).

Open EasyAdmin User Interface → Security&Service→Security Tab→Authorization Tab.

Add each component if you are using and download Authorization Json file.

Import Json file while installing each component or put it under installation folder.
(This depends on each component)

  1. Restart each service in Windows Service with OpenLM Server & Identity Service services running.

    Please note that OpenLM Server needs to read Client ID and Secret Key info from each component.

Configuring User Name and Password

Do not turn off this toggle button unless desired to disable security.

Configuring Windows Authentication

Please refer to this document.

Configuring SMTP

When resetting the password if you forget your account, this button enables you to set it back through your email address.

Configuring Session Time

You can configure the Screen time in this tab and then use your credentials to login.

Configuring External Providers (OKTA)

Please refer to this document.

Troubleshooting

Previous How to configure the Browser for Windows Authentication (v21 and higher)
Next How to move Identity Service to a new machine using the same DB
Table of Contents