RapidIdentity Product Guide

Appliance CLI Configuration

  1. The RapidIdentity Appliance Configuration Main Menu screen displays. Navigate to and select System to verify and customize network settings and other options.

    Configuration_Main_Menu.png

  2. Configure and validate each of the Network settings by navigating to the System > Network > Network Settings.  

    Network_Settings_Menu.jpg

    1. In the Basic Network Settings menu, configure the connection settings for the network. From here, you can edit a connection, add a connection, or set the system's hostname settings.

      Basic_Network_Settings_Menu.jpg

    2. The Interfaces menu, there are options to fine-tune settings related to how the server connects. Choose the default network interface as listed (these are named by the installation software), or the local interface (listed as lo). Then you can drill further into the settings to alter more granular network settings.

      Select_Network_Interface.jpg

    3. Ensure the Hostname is configured. Use the arrow key to navigate to Hostname and click Enter to edit if needed.

      Hostname.jpg

    4. The DNS Servers menu shows local options and provides the opportunity to make DNS changes.

      DNS_Servers_Menu.jpg

    5. The Hosts File option allows a name to be attached to the IP address. Click for more information on configuring networking with network scripts.

      LocalHost_file.jpg

  3. After the Network settings are configured, exit the window and press the Escape key to return to the Main Menu.

  4. If this appliance is to be in a production environment, navigate to System > Security and select Change Password. The config password has already been changed, but the sftp account password needs to be changed in order to perform file transfers. Ensure this password in a secure location so that it is not lost or forgotten.

    Change_SFTP_password.jpg

  5. If using VMWare, navigate to Tools > VMWare Open VM Tools and select to install. This menu option will only show up if you are using VMWare to configure VMs.

    Tools_-_VMWare.png

  6. If a new database is necessary for this installation, select Local Database from the Main Menu.

    Local_Database_None.jpg

    Choose from between PostgreSQL or MySQL.

    Local_Database.png

    Note

    The rest of the procedure will be identical regardless of which database type has been chosen. After any change, you will receive a notification that The change will not take effect until RapidIdentity has been restarted.

  7. Drill down through Server Status and choose Install MySQL Server or Install PostgreSQL Server (depending on the choice made in the previous step) and then Yes to confirm. When the installation is complete, RapidIdentity will need to be restarted. Click Yes when prompted.

    Restart_RI.jpg

  8. After RapidIdentity restarts, an info window displays.

    Server_Status.png

  9. Use Menu Item 5 on the Local Database screen, Client, to access a command-line SQL client for interacting with the local database.

    Client_Menu.jpg

  10. A separate audit database can be configured, but by default the main database is used.

  11. After the database is configured, RapidIdentity will restart.

  12. Press Enter twice to start RapidIdentity and then press OK to confirm.

At this stage, the CLI configuration for RapidIdentity is complete unless the environment does not have an existing directory service. If that is the case, follow these steps to install OpenLDAP. The installation of Microsoft Active Directory is beyond the scope of this guide.

Install OpenLDAP

  1. Navigate to the Main Menu and select Local LDAP Server

    Local_LDAP_Server.png

  2. Select OpenLDAP and then Server Status. Install OpenLDAP.  

    Install_Open_LDAP.png

  3. When the installation is complete, a message will display regarding accounts that have been created during install. The passwords for these accounts should be changed as soon as possible.

    LDAP_Change_Passwords.jpg

    This can be done directly from the next screen. Simply select each option and enter a new password, confirming as required.

    Change_Passwords_Post-LDAP.jpg

  4. When this sequence is complete, exit the RapidIdentity Appliance Configuration Menu.

Repeat this sequence for each appliance. After the appliances are installed, extend the schema and install the password filter if using Active Directory.

Otherwise, skip to the Initial Appliance Configuration sequence.

sftp Functionality in RapidIdentity

In the 2020 RapidIdentity Appliance, a new functionality was introduced: an sftp account that can be used for services and troubleshooting. The purpose of this account is to enable files to be uploaded to and downloaded from the appliance (e.g., RapidIdentity logs).

Note

This functionality is primarily intended for Support Services, but also empowers administrators to have control over who has access to the system at any given time.

For example, a temporary password can be created for use with Identity Automation Support, and reverted once the engagement with Support has ended.

Since the only account you can log into as an out-of-the-box deployment is config and its shell is set to be the CLI Menu, Identity Automation has included another account called sftp which allows only SFTP access to the appliance. On a fresh install, the password for this account will need to be set using the System > Security > Change sftp Password option in the CLI menu.

Once a password has been set, you can connect to the appliance with an SFTP client. The account is jailed (chroot) to /var/sftp and only has permissions to the /var/sftp/files directory. To upload files to the server, you can connect with SFTP and upload to the /var/sftp/files folder, then use the Technician Mode to perform tasks on the system with those files. To download files from the appliance, use Technician Mode to copy or move files into the /var/sftp/files folder and then download them with an SFTP client.

In this section: