↵
Before you begin
what you will need from identité®
1. Access to installation files
For downloading install script and dependencies, go to Configuration files .
2. Docker hub credentials
Please use the following docker hub credentials:
Login: secure
Password: PUrb6LQWbE5p
3. Product license(s)
For registering and using NoPass™, request the NoPass™ Server license.
For registering Keycloak and/or your login portal, request the Keycloak and/or Login Portal license.
NoPass™ urls
Your selection of NoPass™ product schemas determines which URLs from your Domain zone you will need to allocate.
Together these URLs are used by Identité® to generate your NoPass™ license.
This license will be used later in the process to register services with NoPass™.
required
- NoPass™ Server URL (Ex. Nopass.<your_domain>.com).
This URL is used for registering your specific NoPass™ products.
INTEGRATION SPECIFIC OPTIONS
- NoPass™ Consumer "Web Portal" (Ex. Login.<your_domain>.com).
This will be the user login portal for your instance of NoPass™. - NoPass™ Employee SSO "SAML/OIDC" (Ex. Sso.<your_domain>.com).
This will be the admin user login portal for Keycloak IdP. -
NoPass™ Employee MFA "RADIUS" and NoPass™ Desktop Unlock.
Employee MFA and Desktop Unlock use the Required NoPass™ Server URL above.
DNS
Create a new DNS record, pointing to the public address of the server. You should create a DNS record for every one of your service URLs that were chosen at the start.
| your.domain.name | record type | value | TTL |
| nopass | A/AAAA | your server ip-address | 14400 |
License Request
Send a license request to salesengineering@identite.us.
Make sure your request contains the following information: service type, portal domain name, service domain name. In the table below, see the example request information depending on a certain NoPass™ product.
| Request info | NoPass™ Consumer | NoPass™ SDK | NoPass™ Employee MFA | NoPass™ Employee SSO | NoPass™ Desktop Unlock |
| Service type | Portal service | SDK | RADIUS service | Identity provider | Desktop Unlock |
| Portal domain name | <portal.example.com>:port | <portal.example.com>:port | RADIUS:local | https://{keycloakurl}/auth/realms/{realm} | - |
| Service domain name | nopass.<example.com>:port | nopass.<example.com>:port | radiusservice.<example.com>:port | nopass.<example.com>:port | nopass.<example.com>:port |
| Android app package name | N/A | + | N/A | N/A | |
| iOS app bundle ID | N/A | + | N/A | N/A | N/A |
SSL CERTIFICATES
You need an SSL key pair private and public key to establish an encrypted connection via https. They should cover the nopass.your.domain.name address. Certificates should be issued from publicly recognized Certificate Authority - Self Signed Certificates will not work. Wildcard certificates are fine.
Create or obtain SSL certificates from your domain provider.
An SSL certificate signed by Public Certification Authorities (NOT a self-signed certificate).
- The purpose of SSL and certificates is encryption and identification to ensure that the communication exchange between the two parties is secure and trustworthy.
- SSL certificate for domain validation. You must use certificates signed by Public Certification Authorities.
Ensure you have included the intermediate and root CAs in the public part of the certificate.
DO NOT SUPPORT a self-signed certificate.If you are experiencing any issues or have any questions about the documentation, please contact support at support@identite.us.
active directory integration (if applicable)
LDAP User Federation allows importing users from an LDAP-compatible directory (like Active Directory) which is already available in your company. When a user authenticates, the password they enter is sent to the LDAP server to be validated which means that passwords are NOT imported / stored in Keycloak.
Prerequisites
1. Internal domain name or domain controller IP address.
2. User account with read permission in On-Prem AD that will be added to Keycloak config.
3. AD admin account.
Jumpbox (if applicable)
In some cases, a JumpBox is required to install and configure the product.
Prerequisites
1. Virtual machine with currently supported Windows Server / Desktop and installed PowerShell.
2. JumpBox VM can connect to all virtual machines on which we shall set up the NoPass™ components.
3. JumpBox VM must be able to download files from the Internet or local network.
4. The following utilities must be installed on JumpBox VM:
- Windows RSAT with Active Directory components (for integration with Active Directory)
- MobaXterm (preferable) or PowerShell and WinSCP
User accounts
To set up the NoPass™ components, the following user accounts are required:
- The NoPass™ database user account and password with permission to create the database (the database will be created automatically).
- The Keycloak database user account and password with owner permission for the Keycloak database (if you use the external database server, create an empty database for Keycloak there).
- The Keycloak server admin account and password.
Firebase private key generation
Firebase projects support Google service accounts, which you can use to call Firebase server APIs from NoPass server. For on-premises deploy of the NoPass app, use credentials obtained via this service account to authorize server requests.
To authenticate a service account and authorize it to access Firebase services, you must generate a Firebase credential config as described in Firebase documentation.
Additional prerequisites
You must have a mobile device (Android / iOS) with the latest version of the NoPass™ application where we shall set up authentication for the NoPass™ server administrator account.