Enabling Identity and Access Manager: scenario

Prerequisites

Before you start, make sure that you have access to Kaspersky Industrial CyberSecurity for Networks version 3.1 or later.

Stages

Enabling Identity and Access Manager (also referred to as IAM) proceeds in stages:

  1. Checking the necessary ports

    Make sure that ports 3333, 4004, and 4444 are opened on the device where Kaspersky Security Center Web Console is installed. These ports are needed for using OAuth 2.0. If you want, you can change the default port numbers in the Kaspersky Security Center Web Console settings window.

    Besides the ports 3333, 4004, and 4444, Kaspersky Security Center Web Console also uses ports 4445, 2444, and 2445 for various purposes.

  2. Installing Identity and Access Manager

    During the Kaspersky Security Center Web Console installation, specify that you want to install Identity and Access Manager. If you did not do so, run the Kaspersky Security Center Web Console setup wizard again.

  3. Configuring Identity and Access Manager

    In the Kaspersky Security Center Web Console settings window, make sure that the Identity and Access Manager (IAM) toggle button is enabled. Also, specify DNS name of the device where Kaspersky Security Center Web Console is installed: the client applications will connect to this device.

  4. Specifying the token settings

    In the Kaspersky Security Center Web Console settings window, specify lifetime of tokens and authorization timeout that Identity and Access Manager will use. You can use the default values, or you can specify your own values according to your needs.

  5. Granting certificates

    If you prefer to use the certificates generated by the Administration Server, then in the Kaspersky Security Center Web Console settings window, download the root certificates for the ports used by IAM and distribute them to the Kaspersky Security Center Web Console users' workstations. Otherwise, the users' browsers will display error messages when trying to connect to Kaspersky Security Center Web Console.

  6. Registering the Kaspersky Industrial CyberSecurity for Networks Servers and Kaspersky Industrial CyberSecurity for Networks web interfaces

    When IAM is installed, Kaspersky Security Center Web Console displays a message saying that an Industrial CyberSecurity for Networks Server (or multiple Servers) and one or more Kaspersky Industrial CyberSecurity for Networks web interfaces are waiting to be registered. Click this message to register your Kaspersky Industrial CyberSecurity for Networks Server (or multiple Servers) and web interface (or multiple web interfaces).

Results

After you complete this scenario, you will be able to use SSO and IAM for Kaspersky Industrial CyberSecurity for Networks and Kaspersky Security Center Web Console.

Page top