System settings
Before you begin
To complete the EPM system configuration requirements you will need to have the following available:
Prerequisite | Description |
---|---|
Osirium EPM Licence | A valid license file will be required for upload. If you don't have a licence then you will need to contact Osirium. |
Microsoft Entra ID details | The following information will be required from the Microsoft Azure portal :
|
TLS Certificate | A valid TLS certificate from your EPM Server App registration > Certificates & secrets from the Azure portal. |
FQDN of EPM Server | Will be required if you are going to generate a CSR. See Generate Certificate Signing Request. |
Licence Group | An user group that contains all users that will be using the Osirium EPM Client is required. The number of users within this group must not exceed the licence limit purchased. If the number of users within this group exceeds the licence limit then no users will be able to use the EPM Client until the user number is within the licence limit. |
Administrators Group | An administrators group that contains a list of users who will be responsible for administering EPM. Users in this group can log onto the EPM Management Interface. |
Initial setup
-
Open a browser window and navigate to the FQDN address of the EPM Server [https://EPM Server FQDN] configured in Microsoft Azure.
-
Assign a password for the admin account, click
NEXT STEP
. -
Select Azure Active Directory (Azure AD) domain type, and then click
CONFIRM
. -
Enter the local admin password assigned, click
LOGIN
. You will be logged into the EPM Management Interface.
Osirium EPM licence REQUIRED
Before you can apply any system settings, you must upload a valid EPM licence.
-
On the Server page click on
UPLOAD LICENCE
. -
Select the licence file and click
OPEN
. The licence file is uploaded.
Upload a trusted certificate (REQUIRED)
By default, Osirium EPM provides a generic self-signed certificate which should be replaced with a signed certificate to secure connections to the EPM Server.
Certificates are used to protect the data being sent between the local workstation and the EPM Server, by encrypting the data before it is sent and then decrypting the data when it reaches its destination.
For details on the types of signed certificates that can be used in Osirium EPM click here.
Alternatively, if you want to generate a CSR and key, then click here.
-
Within the Azure portal, download a valid certificate that is available from your EPM Server App registration > Certificates & secrets list.
-
Within Upload the certificate file.
-
Select the file, and then click
OPEN
. -
Click
UPLOAD
.
Generate Certificate Signing Request (CSR)
If you don't have an applicable TLS certificate then you can generate and download a CSR and private key here. The CSR and private key can then be validated against your Certificate Authority (CA) and produce a TLS certificate to be uploaded onto the EPM Server.
To generate a PKCS #10 CSR
-
Open the Configuration menu and select TLS Certificates.
-
Enter the FQDN of the EPM Server.
-
If your CSR requires specific fields to be able to validate in your domain, then they can be entered in the Advanced section.
-
Click
GENERATE CSR AND KEY
. This will create and download a .key and .csr file. -
Transfer the CSR file to your certificate authority and run the following command within a Powershell terminal:
certreq -f -submit -q -config - [CSR_FILE] [CERT_OUT] [CERT_CHAIN_OUT]
-
Navigate back to the TLS Certificates page, and upload the TLS certificate (
CERT_CHAIN_OUT
file).
Azure Active Directory
-
Select Azure Active Directory in the Configuration menu.
-
Enter the details of the Azure Active Directory that EPM Server will be joined to.
Field Description Azure tenant ID Enter the Directory (tenant) ID which can be copied from you App registration. Azure client ID Enter the Application (client) ID which can be copied from you App registration. -
Within the Licence Group section, enter the name of the user group to be used.
-
Within the Administrators Group section we recommend you enter the name of an administrators group.
Your EPM Server is now ready.
Next steps
The next step is to setup policies on the EPM Server and manage the roll out of the EPM Client.