Installation guide

The Pointsharp ID Server setup comes with the Web based Admin Portal and User Portal, with the possibility to use SMS or email notification as well as flexible multifactorial authentication methods.

Pointsharp ID Admin GUI is the client used to configure the Pointsharp ID Server. It is also used to configure Pointsharp products such as Pointsharp Password Reset and authentication methods used by Access Gateway.

Run the installation as administrator.

The prerequisites are no longer applied automatically by the installer. All additional software are included separately in the download. Please follow the installation instructions.

Requirements

Hardware requirements

Please note that the hardware requirements change depending on how many users there are in the system and how the system is being used. The amount of disk space needed for an installation depends mostly on requirements for log space in regards to retention and debugging. Virtual Servers are of course supported.

Component Minimum Recommended

CPU

4 Cores

8 Cores

Memory

8 GB RAM

16 GB RAM

Disk Space

5 GB

30 GB or more

System requirements

Requirements Notes

1x Windows 2016 server or newer

The server needs to be fully patched.

Internal DNS name

The server needs to have a proper DNS name set internally.

Server Certificate

Needs to have a valid Server Certificate. If AD/LDAP/AD LDS is on another network, the AD/LDAP/AD LDS cert needs to be installed on the PSID server.

Antivirus

Pointsharp recommends that no antivirus is installed on the servers running PSID. This is due to the risk that they may interfere with the services in an erroneous manner.

Pointsharp recognizes that company policies can enforce the use of antivirus on servers where Pointsharp software is installed. In this case, exclusions must be made to the exclusion list of the antivirus scheduled scans, live scans, on-access scans, etc. To make the exclusions, please follow the instructions in Antivirus Exclusions (Systems).

Preparations of the Directory

The Directory can be an AD, AD LDS, Open LDAP, or other LDAPv3 compatible Directory. The PSID server needs to be able to reach the Directory server over port: 636 (SSL).

If the Directory is on another network, the Directory cert needs to be installed on the PSID server.

  1. Create an OU in the Directory, where to store Pointsharp user information.

  2. Create a service account with Read and Write permissions to your Pointsharp ID Storage (the OU created above), to be able to store and edit the user information.

  3. Create a service account with Read permissions to your Directory server where your users are stored. The service account used for user storage only needs Read access. Create one service account per each defined user storage.

    If the Reset Windows Password feature is to be used, this service account also needs Write permissions.

Delegate permissions for the service account to PSID Storage in Active Directory

Pointsharp ID stores information about its users inside a specified OU in an Active Directory server, and must be able to create, read, write, and delete data under the specified OU.

Follow these steps below to delegate the permissions needed for the service account that Pointsharp ID will use.

  1. Start a Directory Users and Computers console.

  2. Locate the OU that will be used as a Pointsharp Storage.

  3. Right-click the OU and choose Properties.

  4. Click the tab Security and then add the Service Account to be used.

    If tabs are missing — please enable Advanced Features in the Directory Users and Computers GUI.

  5. Click the Advanced button and locate the Service Account added, and click Edit.

  6. The Type should be set to Allow and the Applies to should be set to This object and all descendant objects.

  7. Under Permissions check the following checkboxes:

    • Create Organizational Unit Objects

    • Delete Organizational Unit Objects

    • Read all properties, and

    • Write all properties.

  8. Click OK all the way back to finish.

The service account now has the correct permissions on the specified Pointsharp ID storage OU.

See also: Delegation of permissions to Pointsharp ID storage

Installation and configuration order

  1. Verify that the prerequisites are met, including the Preparations of the Directory.

  2. Run the Pointsharp ID Server installation.

  3. Configure Pointsharp ID Storage (where to store data) and User Storage (where to find the users) on Pointsharp ID Server. This is done in Pointsharp ID Admin GUI — the Storage tab.

  4. Add Clients. All RADIUS clients must be defined to be able to communicate with Pointsharp ID. This is done in Pointsharp ID Admin GUI — the Clients tab.

  5. Configure notification methods to use when sending SMS or when provisioning OATH tokens, in the Notification tab.

  6. Configure authentication methods (SMS or OATH token methods) in the Authentication tab. Add OATH tokens to the user in the Users tab.

  7. If using Access Gateway, continue with that installation.

Run the installation

Obtain the software from https://support.pointsharp.com, click the link to the Download Center to find the latest release and downloads.

  1. Open folder Prerequisites and run the Install-WindowsFeatures.bat. This bat file simply sets the Powershell Policy to allow script to be run, and executes the Powershell script that applies all necessary Windows Features. Afterward it resets the policy for Powershell to restricted again.

    If the bat file is not allowed to be executed - do this step manually by running this in Powershell:

    $ Set-ExecutionPolicy unrestricted

    Then execute the Install-WindowsFeatures.ps1 script manually.

    When the Windows Features are done, execute this in Powershell to restore policy:

    $ Set-ExecutionPolicy restricted

  2. Open folder Prerequisites > ID Server&Gateway and install the .Net Desktop Runtime and .Net Hosting Bundle.

  3. Open folder Prerequisites > ID Server and install the Rewrite module.

Prerequisites are now completed.

  1. Run the Pointsharp 9.0.exe file and follow instructions to complete the installation.

Installation guides for previous versions

Pointsharp ID 8.1

  1. Run the Pointsharp.exe file.

  2. Click Next.

  3. The installer will download and process all necessary prerequisites if Internet access is available. (You will need to pre-install the software listed in the release notes if you don’t have Internet access.)
    When all prerequisites are installed, check the Terms in the license agreement and click Accept.

  4. Default installation path is C:\Program Files\Pointsharp\. If this needs to be changed, click the Installation Folder tab and select a new installation path.
    Continue with the Products tab and select the following options:

    1. Pointsharp ID

    2. Admin Portal

    3. User Portal

  5. Click Install.

  6. Click Browse and locate the Pointsharp license file.

  7. Click Next.

  8. Choose a valid server certificate for the PSID server. If not available, skip this part and configure this later directly in IIS Manager.

  9. Click Install.

Installation of Pointsharp ID Server, including Admin Portal and User Portal, is now completed.