This article explains how to install and configure Panel Service including adding settings for auto-update. The article may be used for both on-premise and SaaS installations, although the final section applies to SaaS only.
Initial Setup
1. Go to the Identity Panel web application / Settings / Install Service
2. Ensure an API Key is defined. If not, create it by pressing the Create API Key button. After an API key has been created it may be cycled by pressing Reset API Key. Resetting an API Key requires the value to be updated in ALL copies of Panel Service for that instance.
3. Fill out the server name and service account details that will be used to install Panel Service
4. Click the "Download Installer" button, then copy the msiexec command that has been generated near the top of the page.
5. Open an administrative command prompt. Navigate to the same directory as the downloaded installer, and run the command copied from the Install Service page.
6. Click Next and accept the license. On the Panel Service Settings page, most values will be pre-populated. Add the service account password, click Next.
NOTE: Whether you need to enter a DOMAIN\service account name or just an account name depends on whether you are using on-premise or SaaS, and on whether you are launching using the msiexec command. Use the msiexec command generated by Identity Panel to avoid confusion.
7. (Optional, but strongly recommended) Fill in the SMTP settings for Panel Check. If using an internal open SMTP relay choose a different FROM address for your DEV/QA/PROD environments so that it will immediately obvious where a health issue originates.
8. Install the Service and CLI component, optionally install the Panel Check component
Post-Install
1. Go to windows services, and verify that SoftwareIDM Panel Service exists, and has startup type automatic. Click on the Logon tab, and re-enter the service account password. This step is not always required, but UAC prevents assignment of LOGON AS SERVICE right often enough, that skipping this step is not recommended.
2. Open Task Scheduler, and verify a task called PanelCheck exists, that it is enabled, that it is set to run every 15 minutes indefinitely, and that it is set to run as the Panel Service account with highest privileges.
If the task does not already exist, create it, with the trigger action
C:\Program Files\SoftwareIDM\PanelTools\PanelTool.exe --panelcheck
3. Open a new command prompt running as the panel service account. Type paneltool and hit <enter>
4. After completing the login process start SoftwareIDM Panel Service
SaaS Login
1. To initiate the web service connection you will need to perform one of the three connection options. Choose Number 2 to setup SCRAM-SHA512 Login
2. Go back to the Install Service page in Identity Panel, and make sure you enter the server name, domain, and account name as they appear in the Panel Tools instructional prompt
3. Press the Create or Reset Application password button and copy the value that appears in the popup window. You may want to paste it into a notepad to make sure you have the whole password and nothing but the password. The password value is base64 character encoded, so it should end with "==". IMPORTANT: If you hit the reset button for an existing Panel Service, the previous password will be removed and you will need to re-run the registration process.
4. Paste the password into the command prompt running PanelTool and hit enter. The application should login, and you should see the Panel Tools menu.
Configure Permissions for Panel Check and Auto-Update
1. Make the Panel Service account a local administrator (server 2016) or use subinacl to grant full control over Panel Service (Server 2012 R2 or Server 2008 R2).
subinacl.exe /service SoftwareIDM.PanelService /grant=uklab\paneltools=F
2. Grant full control access to the Panel service account on the C:\Program Files\SoftwareIDM\PanelTools folder
3. Optional: Create a schedule to upgrade Panel Service with a separate step for each instance of Panel Service.
The schedule should be marked to run in Exclusive mode.
Comments
0 comments
Article is closed for comments.