Installation guide

The Pointsharp ID Server is intended to be used together with Pointsharp Access Gateway, to ensure secure access to the internal systems from the internet.

Installation prerequisites

Run the installation as administrator. The installation is simple and straight forward, and will install the Pointsharp Access Gateway and its Web services as default.

There will be two separate installations: one for the Pointsharp ID Server and one for the Access Gateway Server.

Obtain the software from https://support.pointsharp.com, click the link to the Download Center. The software to download is listed in the Release Notes per each version. (For versions prior 7.2.4, contact support.)

You will need to pre-install the software listed in the release notes if you do not have Internet access or if you need to handle it manually.

Hardware requirements

Please note that the hardware requirements change depending on how many users there are in the system and how the system is being used. Virtual Servers are of course supported.

Component Minimum Recommended

CPU

4 Cores

8 Cores

Memory

8 GB RAM

16 GB RAM

Disk Space

500 GB

500 GB or more

System requirements

Requirements Notes

1x Windows 2016 server or newer

The server needs to be fully patched.

Internal DNS name

The server needs to have a proper DNS name set internally.

Server Certificate

Needs to have a valid Server Certificate.

Access to published resources

The PSGW needs to be able to reach each backend resource that is going to be published in the PSGW.

Access to AD, LDAP, or AD LDS

To be able to use Kerberos Delegation, the PSGW needs access to your Directory (Port: 88).

Not needed if using NTLM pass-through.

Reachable externally

The Access Gateway server needs to be reachable externally.

Webservices (Port: 443).

The server itself doesn’t need an external DNS name.

External DNS name for each listener in the Access Gateway – and certificate that contains all names (wildcard supported).
Certificate must have the private key.

Each listener in the Access Gateway needs to have an external DNS name pointing towards the PS Gateway servers IP.

Example: If publishing an OWA called: owa.contoso.com there must be an external DNS name for this, pointing towards the PS Gateway’s IP.

Antivirus

Pointsharp recommends that no antivirus is installed on the servers running PSID or PSGW. This is due to the risk that they may interfere with the services in an erroneous manner.

Pointsharp recognizes that company policies can enforce the use of antivirus on servers where Pointsharp software is installed. In this case, exclusions must be made to the exclusion list of the antivirus scheduled scans, live scans, on-access scans, etc. To make the exclusions, please follow the instructions in Antivirus Exclusions (Systems).

It is only possible to run an endpoint protection with these exclusions defined.

A warning will be displayed in the UI of the Gateway if an endpoint protection is used. To disable the warning, go to Tools in the upper right corner and click UI Preferences and uncheck the Warn on Antivirus box.

Installation and configuration order

  1. Verify that the prerequisites are met, including the Preparations of the Directory.

  2. Run the Pointsharp ID Server installation.

  3. Configure Pointsharp ID Storage (where to store data) and User Storage (where to find the users) on Pointsharp ID Server. This is done in Pointsharp ID Admin GUI — the Storage tab.

  4. Configure notification methods to use when sending SMS or when provisioning OATH tokens, in the Notification tab.

  5. Configure authentication methods (SMS or OATH token methods) in the Authentication tab. Add OATH tokens to the user in the Users tab.

  6. Run the Access Gateway installation.

  7. Configure the connection between Access Gateway and Pointsharp ID Server.

  8. Configure what is to be published in the Access Gateway.

    When you have reached this point, please reach out to us in our Support Portal for further assistance.

Run the installation

Follow the steps below to run the installation:

  1. Run the Pointsharp Access Gateway.exe file.

  2. Click Next.

  3. The installer will download and process all necessary prerequisites if Internet access is available. (You will need to pre-install the software listed in the release notes if you don’t have Internet access.)
    When all prerequisites are installed, check the Terms in the license agreement and click Accept.

  4. Default installation path is C:\Program Files\Pointsharp\. If this needs to be changed, click the Installation Folder tab and select a new installation path.

  5. Continue with the Products tab and select only the following option:
    Access Gateway

  6. Click Install.

Connection to Pointsharp ID Server

The first thing the wizard wants to do when you open the Access Gateway UI, is to connect to the PSID server.

The Pointsharp Access Gateway uses the Pointsharp ID to perform authentication and authorization when required by the configuration. The Pointsharp ID is providing its features through a Web API. The configuration provided here should correspond to where the Pointsharp ID is located, and its required authentication data (if any).

  1. Start Access Gateway Admin.

  2. Click Next on the initial setup.

  3. Fill in the information:
    URL: the FQDN of the PSID server.

  4. Fill in this information if the Web API has been secured by a certificate or user authentication. If not used or not yet created, skip this step for now.

    • User Domain: Domain for the service account used to gain access to the API.

    • Username: Service account to gain access to the API.

    • Password: Password of the service account to gain access to the API.

    • Select the correct Client certificate if certification authentication is needed.

  5. Click Test Connection to make sure the connection is established.

  6. Click Next.

  7. Click Apply to finish the initial setup.

A basic Gateway installation is now completed.