Setting Up the Hyland IdP Server - Identity and Access Management Services - 3.0 - 3.0 - Other - external

Identity and Access Management Services

Platform
Other
Product
Identity and Access Management Services
Release
3.0
License

After preparing the environment for initialization you must set up the Hyland IdP server by completing the base configuration for it.

Note:

It is assumed that the environment has already been prepared for setting up the Hyland IdP server. If you have not yet prepared the environment, first complete the instructions under Preparing the Environment for Initialization.

Configuration can be complete using the graphical initialization client. This section includes the instructions to use the initialization client.

Tip:

The same actions can also be completed using a command-line utility. See Setting Up the Hyland IdP Server From the Command Line.

To set up the base configuration for the Hyland IdP server:

  1. Launch the Hyland IdP server by using a localhost URL to the Hyland IdP server application in IIS.

    For example, in a default installation, the Hyland IdP server is installed to IIS as the identityprovider application, so the URL is localhost/identityprovider

    The Hyland IdP initialization page is displayed.

  2. Under IdP Base Data, enter the following values in the fields provided.

    Field

    Value

    Public Origin

    The root URL of the server in IIS hosting the Hyland IdP server. Do not include the virtual directory of the Hyland IdP server in the Public Origin value.

    For example, if the URL of the Hyland IdP server is https://server.domain.com/identityprovider, then the Public Origin value is https://server.domain.com

    Note:

    The Hyland IdP server must be configured for secure connections (HTTPS).

    Issuer

    The URL of the Hyland IdP server. This value must match the casing of the application name in IIS.

    For example, if the public origin of the Hyland IdP server is https://server.domain.com and the default application name was used, then the Issuer value is https://server.domain.com/identityprovider

    Note:

    The Hyland IdP server must be configured for secure connections (HTTPS).

    Signing Certificate

    The RSA certificate being used for encryption, which can be found in the IIS bindings or in the Windows Certificate Store. The certificate must include digital signatures key usage and be placed in the personal store of the local machine.

    Select the certificate from the drop-down list.

    Note:

    The IIS_IUSRS account must have Read access to the private key of the signing certificate. For details on configuring certificate permissions, see the documentation provided by Microsoft for the Certificate Manager tool.

  3. Under Default tenant Information, enter the following values in the fields provided.

    Field

    Value

    Tenant Name

    The name of the tenant used by the Hyland IdP server.

    Note:

    If your solution uses the Hyland SCIM server, the Tenant Name must match exactly the Name of the datasource configured for the connection string on the Hyland SCIM server. For example, if the SCIM datasource name is MyDBTenant then the tenant Name must also be MyDBTenant.

    SCIM Url

    If your solution uses the Hyland SCIM server, enter the URL of the SCIM server endpoint on the Hyland API Server.

    Note:

    The SCIM Url only needs to be configured for OnBase environments. It can be left empty for other environments.

    The SCIM endpoint is the API Server URL with /onbase/SCIM appended to it. For example, if the root URL of the Hyland API Server is https://server.domain.com and the default application name was used, then the Scim Url value is https://server.domain.com/ApiServer/onbase/SCIM

    Note:

    Make sure the use of HTTP or HTTPS matches the configuration of your domain in IIS. The Hyland IdP server must be configured for secure connections (HTTPS).

    Administrative Users

    The user names of those authorized to make configuration changes in the IdP Administration Client.

    Note:

    You must configure at least one user in the Administrative Users field or at least one user group in the Administrative Groups field for each tenant. See the description of the Administrative Groups field in this table for more information on configuring an administrative group.

    User names must be entered as a comma-separated list. For example, if you are entering the user names of manager, user1, and user2, this must be entered as manager, user1, user2

    Administrative Groups

    The user group names of those authorized to make configuration changes in the IdP Administration Client.

    Note:

    You must configure at least one user in the Administrative Users field or at least one user group in the Administrative Groups field for each tenant. See the description of the Administrative Users field in this table for more information on configuring an administrative user.

    User group names must be entered as a comma-separated list. For example, if you are entering the user group names of idpmanagers, ISmanagers, and DeptManagers, this must be entered as idpmanagers, ISmanagers, DeptManagers

  4. Click Initialize Configuration at the bottom of the page. The values entered are saved to the configuration files for the Hyland IdP server.
  5. Next, complete the instructions under Creating and Configuring the Operational Database.