Installation guide
The Pointsharp ID Server setup comes with the Web based Admin Portal and User Portal, with the possibility to use SMS or email notification as well as flexible multifactorial authentication methods.
Pointsharp ID Admin GUI is the client used to configure the Pointsharp ID Server. It is also used to configure Pointsharp products such as Pointsharp Password Reset or Pointsharp Access Gateway.
Run the installation as administrator. The installation is simple and straight forward, and will install the Pointsharp ID Admin GUI and both its Web services as default.
Prerequisites
Obtain the software from https://support.pointsharp.com, click the link to the Download Center. The software to download is listed in the Release Notes per each version. (For versions prior 7.2.4, contact support.)
| You will need to pre-install the software listed in the release notes if you do not have Internet access or if you need to handle it manually. |
Hardware requirements
Please note that the hardware requirements change depending on how many users there are in the system and how the system is being used. Virtual Servers are of course supported.
| Component | Minimum | Recommended |
|---|---|---|
CPU |
4 Cores |
8 Cores |
Memory |
8 GB RAM |
16 GB RAM |
Disk Space |
500 GB |
500 GB or more |
System requirements
| Requirements | Notes |
|---|---|
1x Windows 2016 server or newer |
The server needs to be fully patched. |
Internal DNS name |
The server needs to have a proper DNS name set internally. |
Server Certificate |
Needs to have a valid Server Certificate. If AD/LDAP/AD LDS is on another network, the AD/LDAP/AD LDS cert needs to be installed on the PSID server. |
Antivirus
Pointsharp recommends that no antivirus is installed on the servers running PSID. This is due to the risk that they may interfere with the services in an erroneous manner.
Pointsharp recognizes that company policies can enforce the use of antivirus on servers where Pointsharp software is installed. In this case, exclusions must be made to the exclusion list of the antivirus scheduled scans, live scans, on-access scans, etc. To make the exclusions, please follow the instructions in Antivirus Exclusions (Systems).
Preparations of the Directory
The Directory can be an AD, AD LDS, Open LDAP, or other LDAPv3 compatible Directory. The PSID server needs to be able to reach the Directory server over port: 636 (SSL).
If the Directory is on another network, the Directory cert needs to be installed on the PSID server.
-
Create an OU in the Directory, where to store Pointsharp user information.
-
Create a service account with Read and Write permissions to your Pointsharp ID Storage (the OU created above), to be able to store and edit the user information.
-
Create a service account with Read permissions to your Directory server where your users are stored. The service account used for user storage only needs Read access. Create one service account per each defined user storage.
If the Reset Windows Password feature is to be used, this service account also needs Write permissions.
Delegate permissions for the service account to PSID Storage
Pointsharp ID stores information about its users inside a specified OU in a Directory server, and must be able to create, read, write, and delete data under the specified OU.
Follow these steps below to delegate the permissions needed for the service account that Pointsharp ID will use.
-
Start a Directory Users and Computers console.
-
Locate the OU that will be used as a Pointsharp Storage.
-
Right-click the OU and choose Properties.
-
Click the tab Security and then add the Service Account to be used.
If tabs are missing — please enable Advanced Features in the Directory Users and Computers GUI. -
Click the Advanced button and locate the Service Account added, and click Edit.
-
The Type should be set to Allow and the Applies to should be set to This object and all descendant objects.
-
Under Permissions check the following checkboxes:
-
Create Organizational Unit Objects
-
Delete Organizational Unit Objects
-
Read all properties, and
-
Write all properties.
-
-
Click OK all the way back to finish.
The service account now has the correct permissions on the specified Pointsharp ID storage OU.
Installation and configuration order
-
Verify that the prerequisites are met, including the Preparations of the Directory.
-
Run the Pointsharp ID Server installation.
-
Configure Pointsharp ID Storage (where to store data) and User Storage (where to find the users) on Pointsharp ID Server. This is done in Pointsharp ID Admin GUI — the Storage tab.
-
Add Clients. All RADIUS clients must be defined to be able to communicate with Pointsharp ID. This is done in Pointsharp ID Admin GUI — the Clients tab.
-
Configure notification methods to use when sending SMS or when provisioning OATH tokens, in the Notification tab.
-
Configure authentication methods (SMS or OATH token methods) in the Authentication tab. Add OATH tokens to the user in the Users tab.
-
If using Access Gateway or Identity Provider, continue with their installation.
Run the installation
-
Run the Pointsharp.exe file.
-
Click Next.
-
The installer will download and process all necessary prerequisites if Internet access is available. (You will need to pre-install the software listed in the release notes if you don’t have Internet access.)
When all prerequisites are installed, check the Terms in the license agreement and click Accept. -
Default installation path is C:\Program Files\Pointsharp\. If this needs to be changed, click the Installation Folder tab and select a new installation path.
Continue with the Products tab and select the following options:-
Pointsharp ID
-
Admin Portal
-
User Portal
-
-
Click Install.
-
Click Browse and locate the Pointsharp license file.
-
Click Next.
-
Choose a valid server certificate for the PSID server. If not available, skip this part and configure this later directly in IIS Manager.
-
Click Install.
Installation of Pointsharp ID Server, including Admin Portal and User Portal, is now completed.