The content below is intended for IT administrators and can be used to install and evaluate Specops uReset. For more information about the components and concepts used below, see the Overview.
Your organization’s environment must meet the following requirements:
For the Gatekeeper component:
- .NET Framework 4.7 or later
- Windows Server 2012 R2 or later
For the Client component:
- Windows 7 or later
- .NET Framework 3.5 SP1 or later
Create a customer account
- To create a customer account, click here.
- On the Select data center page, identify the data center you want to use and click Go.
- Note: Specops Authentication is hosted in multiple data centers. There are currently two data centers available: EU (Europe) and NA (North America).
- WARNING: Ensure that you select the data center you would like your account to be created in. You cannot change data centers after your account has been created.
- In the Your organization’s name field, enter the name of your organization.
- In the Your organization’s domain name field, enter a domain name.
- In the Primary Contact Name field, enter a name. Ideally, this should be the name of the person setting up the account.
- In the Primary Contact Email field, enter the email address associated with the primary contact
- Click Continue.
- On the Cloud account user page, you must create your first Cloud account. This Cloud account is required in order to perform the rest of the installation.
- In the Account email address field, enter the email address that you want to associate with this Cloud account. A suffix will be added to the email address, to differentiate this Cloud account from an on-premises account with the same email address/UPN.
- The Full Cloud account name field is read-only. The full Cloud account name is automatically generated from the email address/UPN that you have specified in the Account email address field.
- On the Cloud account password page, enter and confirm the password you would like to use for this Cloud account and click OK. This is the password you will sign in with for your Cloud account going forward.
- Note: The policy for this password cannot be altered.
- To register your mobile phone with your Cloud account, enter your mobile phone number. When you receive the code on your mobile phone, enter it on the screen to authenticate.
- You will be signed in to the Admin section of Specops Authentication Web. Here you will be able to create a new Gatekeeper. A Gatekeeper is required to sign in with Active Directory accounts.
- Click the Create new Gatekeeper button. On the download page, you will see the self-extracting installation package and activation code. The package contains the installation files for the Gatekeeper and your configuration information.
- Click Download next to Default self-extracting installation package.
- Ensure that you have a server ready for installing the package.
- Take note of the activation code displayed on the page, as you will be prompted for it during installation.
- Copy and run the installation file on your server.
The Administration Tools are used to install and configure the server component, also known as the Gatekeeper. The installation process should be performed on the same server that will be used to run the Gatekeeper.
- In the Specops Authentication Setup launcher, click Install the Admin Tools.
- Once the Admin Tools have been installed, click Start Admin Tools.
- Click Install Gatekeeper.
- You will be asked to only proceed if you have the activation code from the Gatekeeper download page on the Specops Authentication web. Click Next.
- If you do not have permissions to install Specops Authentication at the domain level, you will be presented with the option to configure the Gatekeeper for an organizational unit where you are an administrator. Limit the delegation root, and settings objects location, and click Next.
- Select the Active Directory Scope where permissions should be created, and click Add. Multiple locations can be selected for multiple scopes of management. The Active Directory scope determines which users can use the Specops Authentication Service. If you don’t want administrators, and managers to be within the scope of management but want them to still manage the system or authenticate users, click Allow admins and managers to be outside of the selected scope.
- Click Next.
- The Gatekeeper will run as a windows service. Select the account context the Gatekeeper service should run as.
- If Custom Domain Account is selected, enter the account name and password of the user account the Gatekeeper service will run as.
- Click Next.
- If your organization is using a forward proxy server to route internet traffic externally, you will be prompted to configure the proxy server to allow the Gatekeeper to reach the internet. Otherwise, the installation wizard will skip this step.
- The following security groups will be created. You can either keep the default group names, or enter a new name:
- Admin Group: Users that are members of this group will be portal administrators. The current user will be automatically added to this group.
- User Admin Group: Users that are members of this group will be able to access the user management features on the Specops Authentication web. The current user will be automatically added to this group.
- Gatekeepers Group: Service accounts that are members of this group will have permission to read user information. The account running the Gatekeeper will be added to the Gatekeepers security group.
- Click Next.
- Enter the activation code from the Gatekeeper download page on the Specops Authentication web, and click Activate.
- You will receive a message that the Gatekeeper has been configured and activated successfully.
- Click Finish.
- Verify that the Cloud connection status states Connected.