Prerequisites
Before you start, make sure that you have access to Kaspersky Industrial CyberSecurity for Networks version 3.1 or later.
Stages
Enabling Identity and Access Manager (also referred to as IAM) proceeds in stages:
Make sure that ports 3333, 4004, and 4444 are opened on the device where Kaspersky Security Center Web Console is installed. These ports are needed for using OAuth 2.0. If you want, you can change the default port numbers in the Kaspersky Security Center Web Console settings window.
Besides the ports 3333, 4004, and 4444, Kaspersky Security Center Web Console also uses ports 4445, 2444, and 2445 for various purposes.
During the Kaspersky Security Center Web Console installation, specify that you want to install Identity and Access Manager. If you did not do so, run the Kaspersky Security Center Web Console setup wizard again.
In the Kaspersky Security Center Web Console settings window, make sure that the Identity and Access Manager (IAM) toggle button is enabled. Also, specify DNS name of the device where Kaspersky Security Center Web Console is installed: the client applications will connect to this device.
In the Kaspersky Security Center Web Console settings window, specify lifetime of tokens and authorization timeout that Identity and Access Manager will use. You can use the default values, or you can specify your own values according to your needs.
If you prefer to use the certificates generated by the Administration Server, then in the Kaspersky Security Center Web Console settings window, download the root certificates for the ports used by IAM and distribute them to the Kaspersky Security Center Web Console users' workstations. Otherwise, the users' browsers will display error messages when trying to connect to Kaspersky Security Center Web Console.
When IAM is installed, Kaspersky Security Center Web Console displays a message saying that an Industrial CyberSecurity for Networks Server (or multiple Servers) and one or more Kaspersky Industrial CyberSecurity for Networks web interfaces are waiting to be registered. Click this message to register your Kaspersky Industrial CyberSecurity for Networks Server (or multiple Servers) and web interface (or multiple web interfaces).
Results
After you complete this scenario, you will be able to use SSO and IAM for Kaspersky Industrial CyberSecurity for Networks and Kaspersky Security Center Web Console.
Page top