Skip to content

System Settings

Before you begin

To complete the EPM system settings you will need to have the following available:

Prerequisite Description
Licencing A valid license file will be required during the system configuration step. If you do not have a license file contact Osirium.
Domain Controller Details The following information about the the Domain Controller that will be used by EPM will be required:
  • FQDN
  • Domain Controller address
  • Service account name and password
  • EPM Server name
    Licence Group An user group that contains all users that will be using the Osirium EPM Client is required.

    The number of users within this group must not exceed the licence limit purchased.
    If the number of users within this group exceeds the licence limit then no users will be able to use the EPM Client until the user number is within the licence limit.
    Administrators Group An administrators group that contains a list of users who will be responsible for administering EPM. Users in this group can log onto the EPM Management Interface.
    TLS Certificate Trusted certificate valid within your organisation will be required.

    Initial setup

    1. Open a browser window and navigate to the static IP address you configured on the EPM Server [https://EPM Server IP Address].

      EPM browser login window

    2. Assign a password for the admin account, and then click NEXT STEP.

    3. Select the On-premises Active Directory (AD) or Hybrid On-premises/Azure AD, and then click CONFIRM.

      On-premises Active Directory (AD)

    4. Enter the local admin password assigned, and then click LOGIN. You will be logged into the EPM Management Interface

      Management Interface

    Osirium EPM licence REQUIRED

    Before you can apply any system settings, you must upload a valid EPM licence.

    1. On the Server page click on UPLOAD LICENCE.

      Licence section

    2. Select the licence file and click OPEN. The licence file is uploaded.

    Active Directory settings

    1. Select Active Directory in the Configuration menu.

    2. Enter the details of the Active Directory that the EPM Server will be joined to and the name of the service account that will be used.

      Active Directory

      Field Description
      Fully Qualified Domain Name (FQDN) Enter the complete address of your domain that will be used by EPM e.g. company.net.
      Domain Controller Address Enter the name of your Domain Controller e.g. dc01.company.net.

      IP address can not be used.
      Service account Enter the service account username and password that will be used by the EPM Server to communicate with the Domain Controller. This account should have the required privileges, see Prerequisites.
      EPM Server Name Enter the name you want to give to your EPM Server.
      Licence group (REQUIRED) Enter the Active Directory group to be used.
      Administrators group (RECOMMENDED) Enter the Active Directory administrators group.

    Upload a trusted certificate (REQUIRED)

    By default, Osirium EPM provides a generic self-signed certificate which should be replaced with a signed certificate to secure connections to the EPM Server.

    Certificates are used to protect the data being sent between the local workstation and the EPM Server, by encrypting the data before it is sent and then decrypting the data when it reaches its destination.

    For details on the types of signed certificates that can be used in Osirium EPM click here.

    Alternatively, if you want to generate a CSR and key, then click here.

    1. Select TLS Certificate in the Configuration menu.

    2. Click UPLOAD TLS CERTIFICATE.

    3. Within the Upload TLS Certificate window, select the option for the certificate format you are uploading.

      Upload TLS Certificate

    4. Select the file, and then click OPEN.

    5. Click UPLOAD.

    Generate Certificate Signing Request (CSR)

    If you don't have an applicable TLS certificate then you can generate and download a CSR and private key here. The CSR and private key can then be validated against your Certificate Authority (CA) and produce a TLS certificate to be uploaded onto the EPM Server.

    To generate a PKCS #10 CSR

    1. Open the Configuration menu and select TLS Certificates.

      TLS Certificate page

    2. If your CSR requires specific fields to be able to validate in your domain, then they can be entered in the Advanced section of the TLS Certificates page.

      CSR Advanced options

    3. Click GENERATE CSR AND KEY. This will create and download a .key and .csr file.

    4. Transfer the CSR file to your certificate authority and run the following command within a Powershell terminal:

      certreq -f -submit -q -config - [CSR_FILE] [CERT_OUT] [CERT_CHAIN_OUT]

    5. Navigate back to the TLS Certificates page, and upload the TLS certificate (CERT_CHAIN_OUT file).

    Next steps

    The next step is to setup policies on the EPM Server and manage the roll out of the EPM Client.