> On-Premise Platform

On-Premise Platform

The Protectimus On-Premise Two-Factor Authentication Platform can be installed on your private servers or in your private cloud.
  • Private server installation requirements: Java (JDK version 8); PostgreSQL DBMS, version 10 or later.
  • Private cloud installation requirements: CPU: 2 cores, memory: 8 GB; OS: Linux; cloud disk: 100 GB; load balancer.
To ensure uninterrupted operation of your multi-factor authentication server, deploy it to a cluster of several servers (we recommend using at least three nodes). Use a load balancer to distribute the load among them. To install the Protectimus On-Premise Platform, you can use the installer for Windows or create a Docker Image.

1. Protectimus Platform Installation Using a Docker Image

  1. To start installing the Protectimus On-Premise Platform, first of all, download and install docker and docker-compose:
 
  1. Then clone the git repository: https://github.com/protectimus/platform-linux.git
 
  1. Go to the platform-linux directory and run:
docker-compose up -d
 
  1. You can monitor the process of platform deployment using the command:
docker-compose logs -f
 
  1. After the deployment process is complete, the platform will be available at: https://localhost:8443

2. Protectimus Platform Installation on Windows

  1. Download and run the Protectimus Platform installer. Check the Platform box and click Next. If you are going to use DSPA or RADIUS integrations, and/or OTP delivery via chat-bots in messaging apps Telegram, Facebook Messenger, or Viber, also check the appropriate boxes.
How to install the Protectimus On-Premise Two-Factor AUthentication Platform on Windows - step 1
  1. Before deploying the Protectimus Platform, Java must be installed on your server. Click the Install button to check for Java. If it’s not installed yet, the latest JDK version will be installed automatically.
How to install the Protectimus On-Premise Two-Factor AUthentication Platform on Windows - step 2
  1. Also, database management system PostgreSQL (version 9.2 and above) must be installed on your server. Click the Install button to check for PostgreSQL. If it’s not installed yet, the latest PostgreSQL version will be installed automatically.
ATTENTION: You will need to set a superuser name and password during installation. You’ll need this password to login to PostgreSQL later.
How to install the Protectimus On-Premise Two-Factor AUthentication Platform on Windows - step 3 How to install the Protectimus On-Premise Two-Factor AUthentication Platform on Windows - step 4 How to install the Protectimus On-Premise Two-Factor AUthentication Platform on Windows - step 5 How to install the Protectimus On-Premise Two-Factor AUthentication Platform on Windows - step 6 How to install the Protectimus On-Premise Two-Factor AUthentication Platform on Windows - step 7
Please, remember your superuser name (postgres) and the password you’ll add on this step. This name and password will be required to login to PostgreSQL later.
How to install the Protectimus On-Premise Two-Factor AUthentication Platform on Windows - step 8
  1. Login to PostgreSQL Database. Enter the superuser name and password you specified during the PostgreSQL installation and click LogIn. Then click Next to continue the installation.
How to install the Protectimus On-Premise Two-Factor AUthentication Platform on Windows - step 9
  1. Create and Select the database you will use for Protectimus On-Premise Platform.
  • Create a new database. Enter the desired database name and click Create.
  • Check whether it is created or not using the button List.
  • Click the Select button, choose the database you’ve just created, and click Next.
How to install the Protectimus On-Premise Two-Factor AUthentication Platform on Windows - step 10
  1. Initiate the database. Click Init to execute SQL scripts and initiate your database. This may take some time.
How to install the Protectimus On-Premise Two-Factor Authentication Platform on Windows - step 11
  1. Select the folder to install the Protectimus Platform and click Install.
How to install the Protectimus On-Premise Two-Factor AUthentication Platform on Windows - step 12 The server will be started on port 8080, and the platform will be available from the address http://localhost:8080. It will be opened automatically after the installation. After launching the platform, you’ll need to register in the system.

3. How to Pay and Activate the License

After testing the Protectimus Platform successfully, you’ll need to get a license. To do so, go to http://platform_path/licensing, select the option you require and get the license key. Using the key you received, you can pay for and download your license online, at https://service.protectimus.com/platform/licensing. If you require an alternate payment method, contact Protectimus customer support. After receiving the license file, download it to the server and provide the path to the license file in the licence.file.path parameter, in the file named protectimus.platform.properties.

4. How to Get Registered in Protectimus System

The installer will automatically open the registration form at http://localhost:8080. Please, create an account and log in to configure the necessary settings. How to get registered in Protectimus system when you install Protectimus 2FA platform

5. How to Enable Users Synchronization With Your User Directory

  1. Login to your Protectimus account, and click: Users – Synchronization – Add LDAP user provider
How to enable Protectimus on-premise platform users synchronization with your user directory - step 1
  1. Fill in the details about your user directory.
How to enable Protectimus on-premise platform users synchronization with your user directory - step 2 Basic settings:
Field Value Note
Urls URL to connect to your LDAP server Example: ldaps://dc1.domain.local:636
For DSPA, you need to use the LDAP connection, and you also need to import the SSL certificate.
A standard way:
keytool -import -alias ___ -file '___.cer' -keystore 'C:\Program Files\Java\jre___\lib\security\cacerts' -storepass changeit
Base DN Full DN of the directory in which your users are stored Example:
DC=domain,DC=local
User DN DN or userPrincipalName of the administrator or user who has access to user information Example:
CN=Administrator, CN=Users, DC=demo, DC=domain, DC=local
[email protected]
For DSPA, the user must have rights to change passwords
Password The password of the specified user
Filter A filter to be applied during synchronization Use this filter to select only the users you want to synchronize Example:
(memberOf=CN=DSPA Group, DC=domain, DC=local)
To import users from a specific group
(mail=*)
To import only those users who have the mail attribute specified
 
  1. After successfully adding the user provider, you need to synchronize the users in Protectimus system with your user directory. This can be done in three ways:
  • Using the ‘Synchronize now’ button to synchronize all the users at once.
How to enable Protectimus on-premise platform users synchronization with your user directory - step 3
  • Using the “synchronize individuals” feature to synchronize only the selected users from your user directory.
How to enable Protectimus on-premise platform users synchronization with your user directory - step 4
  • Enabling automatic user synchronization, to do this activate the “Enabled” option at the top of the page.

How to enable Protectimus on-premise platform users synchronization with your user directory - step 5

 

6. SSL configuration

By default, a self-signed SSL certificate is used for the SSL connections with the Protectimus On-Premise Platform. If you would like to import your own trusted SSL certificate, follow the instructions below. To import the SSL certificate, you will need the SSL certificate itself, the certificate’s private key, and the keytool and openssl utilities.
  1. Import the certificate as trusted into the keystore:
keytool -keystore ___.jks -import -alias ___ -file ___.crt -trustcacerts

Example:
keytool -keystore publicStore.jks -import -alias protectimus -file protectimus.crt -trustcacerts
 
  1. Convert the certificate to PKCS12 format:
openssl pkcs12 -inkey ___.key -in ___.crt -export -out certificate.pkcs12

Example:
openssl pkcs12 -inkey privateKey.key -in protectimus_2020-2022.crt -export -out certificate.pkcs12
 
  1. Import the certificate to the keystore:
keytool -importkeystore -srckeystore certificate.pkcs12 -srcstoretype PKCS12 -destkeystore ___.jks

Example:
keytool -importkeystore -srckeystore certificate.pkcs12 -srcstoretype PKCS12 -destkeystore publicStore.jks
 

7. How To Integrate and Configure the Protectimus On-Premise Platform

Integrate the Protectimus On-Premise Platform with the system you plan to protect with two-factor authentication and configure the necessary settings. To do this, download the instructions for the integration component you require on the Integrations page.
Last updated on 2021-11-25