Getting Started with Your IDS Solution
To begin, ensure that your IDS solution is powered on. Depending on your setup, this may be: A physical IDS appliance, IDS Windows program, or an IDS Virtual Machine (VM) running in a hypervisor.
If you are using a virtual machine and DHCP is enabled, find the VM’s IP address in your hypervisor’s network settings or console. If DHCP is not available, please refer to Deploy A Virtual IDS Appliance, Appendix A in Support Section 3.7 for manual IP address configuration.
Once you have your server’s IP address, open a web browser and go to https://<ip-address>:8443
Once connected, follow the on-screen prompts to complete the initial setup.
Next, click the SETTINGS tab in the horizontal, top menu bar. In the left panel, you will see a list of customizable sections for configuration.
3.3.2 License Installation
A valid, up-to-date license is required to enable all features of the IDS and any connected devices. Please follow the licensing installation instructions at support section 3.8. If you require assistance, please send your request to licensing@princetonidentity.com. A representative with respond promptly.
3.3.3 Settings
1. Getting Started: As seen above, your server’s default name is “Identity Server.” You can change the name to something that that will be easier for you to remember and find.
2. Appearance: The Princeton Identity logo appears by default on your Home Page and Login Page. You can replace it with your own logo, in JPEG or PNG format. Files in PNG may look strange on the upload screen but will appear properly on the Home Page and Login Page.
3. Authentication: Your server may apply built-in authentication by default. If desired, chose another authentication method or combination of methods by clicking on “configure authentication.”
4. Backup: You must set up a passphrase in order to schedule backups.
Passphrases rely on length and unpredictability for security. Remember your passphrase!
Once you have established a passphrase, you can also set your preferences for backup type, frequency, and storage location.
When you wish to restore your data from a backup, click on Restore from Backup and provide your passphrase when prompted. Be sure to select whether the restoration should replace current data or append it.
5. Biometrics:
Your Identity Server may be configured to use iris matching, face matching, or both. Your server comes with the iris biometric engine already installed and licensed. However, activating and licensing the face matching engine for the first time takes a bit of effort. (The license is included, but must be requested from licensing@princetonidentity.com.
Detailed instructions on how to configure IDS Face Matching is in Support Section 3.10, Configure Face Matching.
6. Certificates: See your current certificate details (subject, issuer, expiration time/date, signature method) and upload new certificates as necessary.
7. Cipher Suites: View, enable, and disable cipher suites to define how encryption, authentication, and integrity verification are performed between client and server.
8. Card Formats: Add, remove, and assign default Wiegand and OSDP card formats.
When entering additional formats, indicate your preferences for the various customization options.
9. Data Retention: Your server’s retention policy does not apply to enrollment data – only to “encounter” data. Enrollment data is retained until actively removed.
Configure your system’s encounter retention policy by defining the listed parameters. Encounters will be deleted automatically once they exceed these parameters.
10. Device Authorization: The Device Authorization feature enables you to generate a unique QR code. The code can be saved as an image on a phone, which can then be scanned to connect an EyeAllow or Access200 to an IDS without logging into its webpage. Upon generating it, the device password will default to the standard one, but can be set to one of your choice upon activation of the code. You can set authorization details based on a (customizable) device name, code time limit, & times it can be redeemed.
Below is a screenshot of an EyeAllow or Access200 home screen (not connected to an IDS) where you'd scan the QR code:
11. Email Configuration & Notifications: Your Identity Server has the ability to support remote enrollment, in addition to notifying you of varying statuses as outlined in the article. In this process, designated individuals – typically in HR – enter new user profiles into the identity server database and send these individuals a temporary credential to use the first time they interact with a reader.
The fields in this configuration area refer to the SMTP server – not the IDS Server – and pertain to the individual who will be responsible for managing remote enrollment.
12. Licensing: If you are attempting to activate or update an IDS license for an existing installation, this is where you input the key and token. Complete directions are provided in the licensing installation instructions at the beginning of support section 3. If you require assistance, please send your request to licensing@princetonidentity.com. A representative with respond promptly.
Once activated, valid licenses will appear like this:
13. Multiple Approvals: For security and compliance, your organization may require (or prefer) multiple administrators to approve new enrollees before credentials are issued. Your system is set as single approval by default; you can change it to multiple approvals here.
14. Network: Network details are displayed and configurable We recommend configuring your server for DHCP instead of a fixed IP address. Changing network settings may disconnect your browser from the server. If using a VM, setting a fixed IP will change the server’s entire IP address.
15. Preferences: Four sections are displayed:
- Biographics: Selected fields will appear on the user profile pages, and may be displayed in a prominent banner in the encounter log.
- Fusion: Indicates the weighted algorithm for biometric matching.
- Application Log Level: By clicking on DEBUG, your server will report more detailed data related to each event.
- Application Time Out: When no activity occurs within the chosen timeframe, you will be required to log back in to resume using the application.
- Disable Tamper Alerts: In certain situations, such as initial install or maintenance, you now have the ability to disable device tamper alerts. This will not only disable them on the Device page, but the associated email notification as well.