Creating a customer account
-
To create a customer account, click here.
-
On the Select data center page, identify the data center you want to use
and click Go.
NOTE
Specops Authentication is hosted in
multiple data centers. There are currently two data centers
available: EU (Europe) and NA (North America).
WARNING
Ensure that you select the data center you would like your account
to be created in. You cannot change data centers after your account
has been created.
-
In the field, enter the name of your organization.
-
In the Your organization's domain name field, enter a domain name.
-
In the field, enter a name. Ideally, this should be the name of the person
setting up the account.
-
In the field, enter the email address associated with the primary contact
- Enter a checkmark for every product you have licensed.
- Enter a checkmark for any additional packages you have licensed.
-
Agree to the Terms of Service by inserting a checkmark.
-
Click Continue.
page
-
On the page, you must create your first . This is
required in order to perform the rest of the installation.
-
In the Cloud account email address
field, enter the email address that you want to associate with this
. A suffix will be added to the email address, to
differentiate this from an on-premises account with
the same email address/UPN.
-
The Full cloud account name
field is read-only. The full name is automatically
generated from the email address/UPN that you have specified in the Cloud account email address
field.
- Click Continue.
-
A code will be sent to the email address you provided. Input the code
into the Code field and click Confirm
Mobile Code page
-
To register your mobile phone with your , enter your mobile
phone number with the correct country code and click Send. You
will receive a code on your mobile phone, enter it on the screen to
authenticate.
Password page
-
On the password page, enter and confirm the
password you would like to use for this and click
OK. This
is the password you will sign in with for your going
forward.
NOTE
The policy for this password cannot be altered.
Authentication Web
-
You will be signed in to the Admin section of
Specops Authentication Web. Here you will be
able to create a new Gatekeeper. A Gatekeeper is required to sign in
with Active Directory accounts.
-
Click the Create new Gatekeeper
button. On the download page, you will see the self-extracting
installation package and activation code. Click
copy next to the
Activation Code to store it in the clipboard. If you are not currently
on the server the Gatekeeper will be installed on, make a note of the
activation code.
-
Click
Download next to
. The package
contains the installation files for the Gatekeeper and your
configuration information. By default, the package will be downloaded to
your Downloads folder.
-
Ensure that you have a server ready for installing the package.
-
Take note of the activation code displayed on the page, as you will
be prompted for it during installation.
-
Copy the installation package to your server if it's not already there,
and run the installation file on your server.
Installing the Administration Tools
The Administration Tools are used to install and configure the server
component, also known as the Gatekeeper. The installation process should
be performed on the same server that will be used to run the Gatekeeper.
-
In the Specops Authentication Setup
launcher (sterted by double-clicking the installer package), click Install the Admin Tools.
-
Once the Admin Tools have been installed, click
Start Admin Tools.
Installing the Gatekeeper
- Click Install Gatekeeper.
-
You will be asked to only proceed if you have the activation code from
the Gatekeeper download page on the
Specops Authentication Web. Click
Next.
- Select the Active Directory domain controller to connect.
-
If you do not have permissions to install
Specops Authentication at the domain level,
you will be presented with the option to configure the Gatekeeper for
an organizational unit where you are an administrator. Limit the
delegation root, and settings objects location, and click Next.
-
Select the Active Directory Scope where permissions should be created, by highlighting the scope in the AD tree,
and clicking Add Selected. Multiple locations can be selected for multiple
scopes of management. The Active Directory scope determines which
users can use the
Specops Authentication Service. If you don’t
want administrators, and managers to be within the scope of management
but want them to still manage the system or authenticate users, put a checkmark next to
Allow admins and managers to be outside of the selected scope.
- Click Next.
-
The Gatekeeper will run as a windows service. Select the account
context the Gatekeeper service should run as. You can choose between Managed Service Account, Group Managed Service Account and Custom Domain Account.
- Default is Managed Service Account and recommended for most organizations
- If Custom Domain Account is selected, enter the account name and password of the user account the Gatekeeper service will run as.
- Using Group Managed Service Account has additional requirements, see Group Managed Service Account here.
- Click Next.
-
Next you will be presented with and overview of the Security Groups associated with Specops Authentication. As a default, the following security groups will be created. You can either keep the
default group names, or enter a new name:
- Admin Group: Users that are members of this group will be
portal administrators. The current user will be automatically
added to this group.
- User Admin Group: Users that are members of this group will
be able to access the user management features on the
Specops Authentication Web. The current
user will be automatically added to this group.
- Gatekeepers Group: Service accounts that are members of
this group will have permission to read user information. The
account running the Gatekeeper will be added to the Gatekeepers
security group.
NOTE
In this step you can also add members to security groups by clicking the Edit members link for the security group, then clicking Add member. Note also that this is only available when performing a clean install of the Gatekeeper.
- Click Next.
- If domain administrators are included in the scope for this installation, Administrator Enrollment will have to be configured. If you wish to allow domain admins to enroll, enter a checkmar in the appropriate box. Click Next.
-
If your organization is using a forward proxy server to route internet
traffic externally, you will be prompted to configure the proxy server
to allow the Gatekeeper to reach the internet. Otherwise, the
installation wizard will skip this step.
-
Enter the activation code from the Gatekeeper download page on the
Specops Authentication Web, and
click Activate.
-
You will receive a message that the Gatekeeper has been configured and
activated successfully.
- Click Finish.
-
Verify that the Cloud connection status in the Communication Settings section states
Connected.
Domain Verification
In order to enable email notifications, you have to verify all the domains associated with this account. Read more about Domain Verification.
Installing the Specops Client
The Specops Client is installed with an MSI-based installer. Note that upgrading the Specops Client will overwrite the installed Client.
If installed, the Specops Client can be found in “Add/Remove Programs” or “Programs and Features” from within the Windows Control Panel. Versions and releases may vary.
NOTE
Older versions of the Specops Client can be identified as “Specops uReset Client” or “Specops Password Client.”
The Specops Client can be used across the following Specops Software products:
- Specops Password Reset
- Specops Password Policy
- Specops uReset
Upgrading the Specops Client
Organizations using Specops Password Policy only, need to deploy the Specops Client MSI. The CefSharp Runtime MSI is not required for this scenario.
Organizations using Specops uReset or Specops Password Reset, need to deploy the CefSharp Runtime MSI in addition to the Specops Client MSI. The CefSharp Runtime MSI is required by the Secured Browser used for resetting passwords.
Since the Specops Client uses a specific version of the CefSharp Runtime MSI, it is important to deploy the latest CefSharp Runtime MSI at the same time or before deploying the Specops Client MSI.
While the Specops Client MSI only can be installed with exactly 1 version, multiple versions of the CefSharp Runtime MSI can be installed at the same time. The purpose with this is to simplify deployment in a larger organization.
The recommended flow for upgrading the Specops Client is:
- Deploy the latest CefSharp Runtime MSI, if it's not already deployed
- Deploy the latest Specops Client MSI
- Undeploy any previous versions of the CefSharp Runtime MSI, if necessary
NOTE
When using Specops Client in conjunction with a password reset tool:
The latest CefSharp browser runtime version is required if Specops uReset/Specops Password Reset is used (Specops Password Policy only customers don't need the CefSharp browser runtime). It is recommended to deploy the CefSharp browser runtime before the Specops Client itself.
Installation/upgrade behavior for CefSharp browser runtime has been changed. Installing a newer CefSharp runtime will no longer replace the older installed runtime. Instead, multiple CefSharp browser versions can co-exist. The intention is to be able to do a rollout in an organization, where the new CefSharp browser first is deployed. Once deployed, the Specops Client can be upgraded. This will make it easier to make sure that the Specops Client works on all computers during an upgrade, regardless of whether the latest CefSharp browser runtime has been deployed yet or not.
The Specops Client needs to be installed on the organization’s client computers, either by installing manually or by deploying using a deployment tool.
Downloading the Specops Client
Download the MSI from the download page directly. Users installing Specops Password Policy can also access the download page via the Password Policy installer's Download Client Installation Files section.
Deploying the Specops Client
To deploy the Specops Client to all users, use GPSI, Specops Deploy/App, or any other deployment tool. Specops Client supports silent install when deploying using a deployment tool. The client MSI can be deployed silently using standard MSI switches (e.g. /qn). There are no Specops command line parameters for the MSI installation.
Manually Installing or upgrading the Specops Client
- Open the Specops Client Setup wizard you just downloaded (.msi file)
- In the wizard, click Next.
- Accept the License Agreement by checking the checkbox, and click Next.
- Select the location where the Client should be installed (default path is
C:\Program Files\Specopssoft\Specops Client\
), then click Next.
- Click Install.
- Once the installation has completed, click Finish.
Configuring the Specops Client
The Specops Client can be configured using the administrative template in the Group Policy Management Console. For more information on its configuration, please refer to the Specops Client page.