Installation requirements

The installation program requires that you make the following setups and configurations.

Create service account

A service account must be created so that the Net iD Portal system can communicate with other required services. Required privileges for this account will be described in each section.

  1. Open Active Directury Users and Computers and create a new service user account, for example nip-svc.

Domain controllers

The service account needs to have rights to read from the active directory (AD). Existing domain will be used and no schema updates are necessary.

This is normally the default setting.

Create DNS record

A DNS record must be created for Net iD Portal. For example, portal.customer.inc or something corresponding to your organization’s naming standards.

  1. Open DNS Manager.

  2. In the navigation panel, expand <Your DNS server name>  Forward Lookup Zones.

  3. Right-click your name server and click New Host (A or AAAA)…​ to create a new host.

  4. Enter the following information:

    • Name

    • IP address

  5. Click Add Host.

Public SSL certificate (Optional)

If your organization are going to install Net iD Access Server you need to have either a 3rd party wildcard certificate or a 3rd party certificate corresponding to your DNS name above.

Internet Information Services (IIS)

A new IIS should be installed on the domain. The following roles and features needs to be installed. The service account needs be granted the right “logon as a service” on the local host.

  1. Click Start on the taskbar, and start Server Manager.

  2. Click Add roles and features.

  3. In the Add Roles and Features Wizard, click Next until the Server Roles page appears.

  4. In the list under Roles, click Web Server (IIS), and then click Web Server.

  5. Select the following check boxes:

    • Common HTTP Features

      • Default Document

      • Directory Browsing

      • HTTP Errors

      • Static content

    • Health and Diagnostics

      • HTTP Logging

    • Performance

      • Static Content Compression

    • Security

      • Request Filtering

    • Application Development

      • .NET Extensibility 4.7

      • ASP.NET 4.7

      • ISAPI Extensions

      • ISAPI Filters

  6. Click Next, and when finished click Install.

Certificate authority (CA) rights

The service account must have the following certification authority privileges.

  1. Click Start on the taskbar, and start Certification Authority.

  2. In the CA management console, right-click the CA and click Properties.

  3. On the Security tab click Add…​ to open the dialog Select Users, Computers, Service Accounts, or Groups.

  4. Under Enter the object names to select (examples), type the name of the user (service account) to add, and then click Check Names.

  5. In the new dialog, click the user to add, and then click OK.

  6. Click OK.

  7. In the Properties dialog under Permissions for <user>, select the following check boxes:

    • Read

    • Issue and Manage Certificates

    • Request Certificates

  8. Click OK.