Configuring OneSpan Authentication Server (basic installation)
When the required components have been installed, the Configuration Wizard is started to complete the initial configuration.
Before you begin
- Ensure that you have successfully installed OneSpan Authentication Server (see Installing OneSpan Authentication Server (basic installation)).
- If you want to license OneSpan Authentication Server during initial configuration, obtain and prepare an appropriate license file (see Finalizing pre-installation). Alternatively, you can apply a valid license file after installation via the Administration Web Interface.
On some versions of Windows, the Configuration Wizard requires an administrative logon to the OneSpan Authentication Server host. Therefore you may be prompted to do one of the following:
- Confirm that the application should be run as an administrator.
- Enter valid administrator credentials for the OneSpan Authentication Server host.
The purpose of either prompt is to elevate your privileges to those required by the application you are attempting to run. If you cannot elevate your privileges, the application will run in a non-elevated state, which will likely result in unexpected behavior.
Configuring OneSpan Authentication Server (basic installation)
The OneSpan Authentication Server Setup Utility automatically launches the Configuration Wizard after installing all the necessary components in basic mode. In this mode, the Configuration Wizard uses default values for most settings.
To configure OneSpan Authentication Server (basic installation)
-
In the Start page of the Configuration Wizard, click Next.
-
Select an IP address to use for OneSpan Authentication Server.
-
Configure OneSpan Authentication Server to use a valid license.
If you need a new license, you must first download it from the OneSpan Customer Portal. If you have not already done that you can do it now by going to the specified website, or by clicking Request a License Key. You can click Copy URL to Clipboard to copy the URL to the clipboard; doing so allows you to download the license manually.
Copy URL to Clipboard is useful for servers that do not have a web browser installed, or if you wish to register for a license after the installation instead.
If you already have a license key file, load it by navigating to the file using …. You can continue without loading a license key file, but you must load one before you can start to use OneSpan Authentication Server.
-
Configure the server functionality.
On the Server Functionality page, enable the server functionalities as needed. By default, all options permitted by any license loaded previously will be enabled.
-
Configure partitioning for the audit database tables.
This step is available only if you are using the embedded database (MariaDB).
If you enable partitioning, audit data is split up into smaller subsets (partitions), instead of having all audit data in one big table. Each partition contains the data for one day. This can improve database performance for queries and delete operations.
-
Configure the login details for the first administrator account.
The first administrator account will have a full set of administrative privileges.
Type a user ID and a password twice to prevent typing errors.
The password for this account must comply with the default password rules:
- At least 7 characters long
- Contains at least 1 lowercase character
- Contains at least 1 uppercase character
- Contains at least 1 numeric character
For more information, refer to the OneSpan Authentication Server Administrator Guide.
-
Configure the server SSL certificates.
Type a private key password and the algorithm to be used for the server SSL certificate. This will create separate SSL certificates and certificate authority files for:
- SOAP communicator
- SEAL communicator
- RADIUS communicator
- MDC server
- Live audit connection
For more information about creating SSL certificates, refer to the OneSpan Authentication Server Administrator Guide.
The password for the SSL certificates must comply with the default password rules:
- At least 16 characters long
- Contains at least 1 lowercase character
- Contains at least 1 uppercase character
- Contains at least 1 numeric character
For more information about password rules, refer to the OneSpan Authentication Server Administrator Guide.
-
Configure the RADIUS topology.
-
Specify the RADIUS topology.
- Select No RADIUS configuration required if you do not need to integrate OneSpan Authentication Server with a RADIUS infrastructure.
- Select IDENTIKEY Authentication Server as a standalone RADIUS server to use OneSpan Authentication Server as a stand-alone server and retrieve RADIUS attributes from the user accounts, if required. This requires configuration settings for the RADIUS client.
- Select IDENTIKEY Authentication Server in front of RADIUS server to use OneSpan Authentication Server as an intermediary server and forward requests to a RADIUS server for back-end authentication. This requires configuration settings for the RADIUS client and the RADIUS server.
-
If required, specify the connection details of the RADIUS client.
This option is only available if you selected IDENTIKEY Authentication Server as a standalone RADIUS server or IDENTIKEY Authentication Server in front of RADIUS server.
Enter connection details as required to create a client record for the RADIUS client:
- Location. The IP address of the standalone RADIUS client.
- Shared Secret. The password to authenticate the RADIUS client.
- Confirm Shared Secret. The password confirmation to prevent typing errors.
-
If required, specify the configuration settings of the RADIUS server.
This option is only available if you selected IDENTIKEY Authentication Server in front of RADIUS server.
Enter the RADIUS server settings as required to create a RADIUS back-end server record:
- Authentication IP Address. The IP address on which the RADIUS server receives authentication requests.
- Authentication Port. The UDP port on which the RADIUS server receives authentication requests.
- Accounting IP Address. The IP address on which the RADIUS server receives accounting requests.
- Accounting Port. The UDP port on which the RADIUS server receives accounting requests.
- Shared Secret. The password to authenticate the RADIUS server.
- Confirm Shared Secret. The password confirmation to prevent typing errors.
-
-
Review the configured settings and select Next to start the initial configuration.
In most cases, a warning will appear, informing you that some ports will need to be enabled in order for OneSpan Authentication Server to function.
Click Yes to automatically enable the required ports. For more information about incoming and outgoing ports used by OneSpan Authentication Server, see Open port numbers on firewall.
The installation utility finishes the initial configuration, i.e. it:
- Applies the configuration settings to OneSpan Authentication Server.
- Configures the Administration Web Interface to connect to the installed OneSpan Authentication Server with a generated self-signed server certificate.
A summary of all operations will be displayed, including any error that occurred.
-
Click Finish to close the Configuration Wizard.
You are now returned to the OneSpan Authentication Server Setup Utility.
- Click Next.
-
(OPTIONAL) Import authenticator records from the corresponding record file.
To import a DPX file:
- Use Browse to navigate to the DPX file.
- Provide the following information:
- Transport key: This key is supplied by OneSpan to accompany the DPX file. For demo authenticators, this is 11111111111111111111111111111111.
- User ID and Password: The login credentials to OneSpan Authentication Server.
- Server IP: The IP address of OneSpan Authentication Server.
- Click Import to install the DPX file.
- Click Finish to complete and exit the setup program.
Next steps
- If required, verify and perform any post-installation tasks necessary to complete the installation (see Post-installation tasks and considerations).