Password Manager allows you to install the legacy Self-Service, Password Manager Self-Service, and Helpdesk sites on a standalone server. For example, you can use this installation scenario to deploy Password Manager in a perimeter network (DMZ).
When deploying Password Manager in a perimeter network, it is recommended to install the Password Manager Service and the sites in a corporate network at first (that is, use the Full Installation option in the Password Manager setup), and then install only the legacy Self-Service or the Password Manager Self-Service Site in the perimeter network.
When you use this installation scenario, only one port should be open in the firewall between the corporate network and the perimeter network (by default, port number 8081 is used).
To install Legacy Self-Service, Password Manager Self-Service, and Helpdesk sites on a standalone server
-
Depending on the hardware, run Password Manager x64 from the installation media autorun window.
-
Read the license agreement, select I accept the terms in the license agreement, then click Next.
-
On the User Information page, specify the following options, and then click Next:
-
Full name: Enter your name.
-
Organization: Enter the name of your organization.
-
Licenses: Click this button and specify the path to the license file.
NOTE: A license file is a file with the .asc extension that you have obtained from your One Identity representative.
-
-
On the Custom Setup page, select the Legacy Self-Service Site, Password Manager Self-Service Site, and/or Helpdesk Site features, then click Next.
-
On the Specify Web Site and Application Pool Identity page, select the website name and specify the name, and password for the account to be used as application pool identity, then click Next. For more information on the requirements for the application pool identity, see Configuring Password Manager Service Account and Application Pool Identity.
-
Click Install.
-
When installation is complete, click Finish.
After you installed the Self-Service and Helpdesk sites on a standalone server, you need to initialize the sites to start using them.
To initialize the Legacy Self-Service Site and the Password Manager Self-Service Site
-
Open the Legacy Self-Service Site by entering the following address: http(s)://<ComputerName>/PMUser, where <ComputerName> is the name of the computer on which Self-Service Site is installed.
For the Password Manager Self-Service Site, enter the following address: http(s)://<ComputerName>/PMSelfService.
The Self-Service Site Initialization page will be displayed automatically.
-
In the Computer name or IP address text box, specify the Password Manager Service host name or IP address.
-
In the Port number text box, specify the port number that the Self-Service Site will use to connect to the Password Manager Service.
-
From the Certificate name drop-down list, select the name of the certificate to be used by this site. By default, Password Manager uses a built-in certificate issued by Password Manager. You can specify a custom certificate for authentication and traffic encryption between the Password Manager Service and the websites (Self-Service and Helpdesk). For more information on using custom certificates, see Specifying Custom Certificates for Authentication and Traffic Encryption Between Password Manager Service and Web Sites.
NOTE: Before selecting a custom certificate on the Self-Service Site, specify a custom certificate on the Administration Site.
-
Click Save.
To initialize the Helpdesk Site
-
Open the Helpdesk Site by entering the following address: http(s)://<ComputerName>/PMHelpdesk, where <ComputerName> is the name of the computer on which Helpdesk Site is installed. The Helpdesk Site Initialization page will be displayed automatically.
-
In the Computer name or IP address text box, specify the Password Manager Service host name or IP address.
-
In the Port number text box, specify the port number that the Helpdesk Site will use to connect to the Password Manager Service.
-
From the Certificate name drop-down list, select the name of the certificate to be used by this site. By default, Password Manager uses a built-in certificate issued by One Identity. You can specify a custom certificate for authentication and traffic encryption between the Password Manager Service and the websites (Self-Service and Helpdesk). For more information on using custom certificates, see Specifying Custom Certificates for Authentication and Traffic Encryption Between Password Manager Service and Web Sites.
NOTE: Before selecting a custom certificate on the Helpdesk Site, specify a custom certificate on the Administration Site.
-
Click Save.
NOTE: After the initialization of Helpdesk and Self-Service Site, WcfServiceRealms.xml file is created. WcfServiceRealms.xml file has records of all the instances of Password Manager Services installed. WcfServiceRealms.xml file is used to help the user to use one of the realm instances from the list, in case of unavailability of services in the primary instance of Password Manager Service. For more information, see FailSafe support in Password Manager