Skip to content

System settings

Before you begin

To complete the EPM system configuration requirements you will need to have the following available:

Prerequisite Description
Osirium EPM Licence A valid license file will be required for upload. If you don't have a licence then you will need to contact Osirium.
Microsoft Entra ID details The following information will be required from the Microsoft Azure portal :
  • Azure tenant ID
  • Azure client ID
    TLS Certificate A valid TLS certificate from your EPM Server App registration > Certificates & secrets from the Azure portal.
    FQDN of EPM Server Will be required if you are going to generate a CSR. See Generate Certificate Signing Request.
    Licence Group An user group that contains all users that will be using the Osirium EPM Client is required.

    The number of users within this group must not exceed the licence limit purchased.
    If the number of users within this group exceeds the licence limit then no users will be able to use the EPM Client until the user number is within the licence limit.
    Administrators Group An administrators group that contains a list of users who will be responsible for administering EPM. Users in this group can log onto the EPM Management Interface.

    Initial setup

    1. Open a browser window and navigate to the FQDN address of the EPM Server [https://EPM Server FQDN] configured in Microsoft Azure.

      EPM browser login window

    2. Assign a password for the admin account, click NEXT STEP.

    3. Select Azure Active Directory (Azure AD) domain type, and then click CONFIRM.

      Azure Active Directory

    4. Enter the local admin password assigned, click LOGIN. You will be logged into the EPM Management Interface.

      Management Interface

    Osirium EPM licence REQUIRED

    Before you can apply any system settings, you must upload a valid EPM licence.

    1. On the Server page click on UPLOAD LICENCE.

      Licence section

    2. Select the licence file and click OPEN. The licence file is uploaded.

    Upload a trusted certificate (REQUIRED)

    By default, Osirium EPM provides a generic self-signed certificate which should be replaced with a signed certificate to secure connections to the EPM Server.

    Certificates are used to protect the data being sent between the local workstation and the EPM Server, by encrypting the data before it is sent and then decrypting the data when it reaches its destination.

    For details on the types of signed certificates that can be used in Osirium EPM click here.

    Alternatively, if you want to generate a CSR and key, then click here.

    1. Within the Azure portal, download a valid certificate that is available from your EPM Server App registration > Certificates & secrets list.

    2. Within Upload the certificate file.

      Upload TLS Certificate

    3. Select the file, and then click OPEN.

    4. Click UPLOAD.

    Generate Certificate Signing Request (CSR)

    If you don't have an applicable TLS certificate then you can generate and download a CSR and private key here. The CSR and private key can then be validated against your Certificate Authority (CA) and produce a TLS certificate to be uploaded onto the EPM Server.

    To generate a PKCS #10 CSR

    1. Open the Configuration menu and select TLS Certificates.

      TLS Certificate page

    2. Enter the FQDN of the EPM Server.

    3. If your CSR requires specific fields to be able to validate in your domain, then they can be entered in the Advanced section.

      CSR Advanced options

    4. Click GENERATE CSR AND KEY. This will create and download a .key and .csr file.

    5. Transfer the CSR file to your certificate authority and run the following command within a Powershell terminal:

      certreq -f -submit -q -config - [CSR_FILE] [CERT_OUT] [CERT_CHAIN_OUT]

    6. Navigate back to the TLS Certificates page, and upload the TLS certificate (CERT_CHAIN_OUT file).

    Azure Active Directory

    1. Select Azure Active Directory in the Configuration menu.

    2. Enter the details of the Azure Active Directory that EPM Server will be joined to.

      Azure Active Directory

      Field Description
      Azure tenant ID Enter the Directory (tenant) ID which can be copied from you App registration.
      Azure client ID Enter the Application (client) ID which can be copied from you App registration.

      App Registration Application and Directory IDs

    3. Within the Licence Group section, enter the name of the user group to be used.

    4. Within the Administrators Group section we recommend you enter the name of an administrators group.

    Your EPM Server is now ready.

    Next steps

    The next step is to setup policies on the EPM Server and manage the roll out of the EPM Client.