Versions Compared

Old Version 7

changes.mady.by.user Vladislav Fomichev

Saved on

compared with

New Version Current

changes.mady.by.user Vladislav Fomichev

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.


Note

If you want to customize the settings for this component, you need to install the Standard Authentication component.


Indeed AM Phone Management Server is an IIS-based web application. This component offers a lightweight API for adding, changing, and deleting phone numbers in the SQL database.


Info

If you want to add, change, and delete phone numbers in the SQL database, please install the Indeed AM Storage SMS OTP Provider. 


Info

Файлы для EAPhone Management Server расположеныFiles of  EAPhone Management Server reside inindeed AM\Indeed AM Phone Management Server\Distrib\

  • Distrib\EA.PhoneManagementServer.deploy.cmd - Cmd файл необходимый для установки компонента is the Cmd file required to install the component.
  • Scripts\ - Power Shell скрипты с примером вызова каждого метода APIscripts with an example of calling each API method.
  • WebDeploy_amd64_en-US.msi - Пакет для установки компонента WebDeploy версии  Package for installing the WebDeploy component, version 10.0.1973.


How to install the component 

Info

You need a pre-installed WebDeploy (version 10.0.1973 or higher) to install the component.

  1. Use an administrator account to launch the command line. 
  2. Go to the Distrib folder of the EAPhoneServer component. 

  3. Execute the command to initiate installation. 

    Code Block
    EA.PhoneManagementServer.deploy.cmd /Y


  4. Once the component has been successfully installed, the IIS Manager will display the EAPhoneServer web application.

How to uninstall the EAPhoneServer component

  1. Stop the IIS server running the EAPhoneServer component. 
  2. Open the folder C:\inetpub\wwwroot
  3. Delete the EAPhoneServer folder and all its contents. 
  4. Delete the EAPhoneServer application in the IIS Manager.

How to set up the component

  1. Open the EAPhoneServer component in the IIS Manager. 
  2. Click Authentication and enable the Standard Authentication option. Make sure to disable all other authentication methods. 

  3. Open the Authorization Rules. Change the existing rule or add a new one. In the settings, specify the user or user group who will be able to call the API methods.

    Note

    We recommend customization to ensure secure access to the EAPhoneServer component.


    Info

    When you select a user group, please indicate a relevant value of the Name attribute for this group. When you select a user, please indicate a relevant value of the sAMAccountName or userPrincipalName attribute.


How to set up your user policy 

Info

You need to set up a policy for assigning appropriate privileges to service users. 

  1. Open the Admin Console and the general system policy that applies to all target users. 
  2. Go to the Administrators tab and assign administrator rights to a service user who has access to the Indeed AM EaPhone Server. 

How to set up the configuration file

Info

If you want to save changes in the app configuration file, please use an administrator account to open the editor. 

  1. Open the Web.config component configuration file (C: \inetpub\wwwroot\EAPhoneServer\Web.config). 

  2. In the appSettings tag, configure the settings as follows:


    Info

    API requests will be sent on behalf of the given user.


    1. The string where the key parameter is username: in the value parameter, insert the username in the UPN format for the user designated to work with this component. 

      Code Block
      <add key="username" value="eaphone@indeed.local" />


    2. The string where the key parameter is password: in the value parameter, insert the user password.

      Code Block
      <add key="password" value="Q1q2E3e4" />


    3. In the string where the key parameter is lognames, configure the format for logging usernames. Supported formats:


      Info

      If you need to specify multiple formats, you can add values separated by commas.


      • Id − a user ID in the Indeed AM system in the rootUserCatalogProviderId_Guid format. 
      • Name − name attribute value in the Active Directory. 
      • CanonicalName − a username in the Canonical-Name format (myserver.demo.local/users/UserName). 
      • PrincipalNameuserPrincipalName attribute value in the Active Directory. 
      • SamCompatibleName − a username in the domainName\UserName format. 
      • DistinguishedNamedistinguishedName attribute value in the Active Directory. 
      • SidobjectSid attribute value in the Active Directory. 
      • Email − the mail attribute value in the Active Directory or the value indicated in the server configuration file. 

      • Phone − the telephoneNumber attribute value in the Active Directory or the value specified in the server configuration file. 

        Code Block
        <add key="lognames" value="PrincipalName,Sid" />


  3. Insert the URL for log server connections. How to edit the logServer tag 
    1. URL − URL for log server connections in the following format: http(s)://full_dns_server_name/ls/api format. 
    2. CertificateThumbprint − if the private key is stored in the registry and the certificate is stored on the computer. 
    3. CertificateFilePath − if the key pair is stored in a PFX file. 

    4. CertificateFilePassword − password for the PFX file.

      Code Block
      <logServer Url="http://dc2.new.loc/ls/api/" CertificateThumbprint="" CertificateFilePath="" CertificateFilePassword="" />


  4. Create a folder for storing the local event cache. The default path is D: \Temp\IndeedIdServerEventLog\EaPhoneEventCache. Create a default folder or specify another local path. Grant full access to the destination folder for the IIS_IUSRS user. 

    Code Block
    <logServerClient AppId="ea" Component="server" EventCacheDirectory="C:\inetpub\wwwroot\EAPhoneServer\EventCache" LogServerTargetConfigFile="" />


  5. In the connectionString parameter, specify the full URL of the available Indeed AM server or load balancer as follows:

    Code Block
    http/https://<full DNS of the available Indeed AM server or load balancer as follows>/easerver/


    Code Block
    <add name="EAWebAPIURL" connectionString="http://dc2.new.loc/easerver/" />


  6. How to encrypt and decrypt parameters in the appSettings tag.

    Info

    We recommend this customization for security reasons.


    1. To encrypt a parameter, use an administrator account and run the following command in the command line:

      Code Block
      C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_regiis.exe -pe "appSettings" -app "/EAPhoneServer" -prov "DataProtectionConfigurationProvider"

    2. To decrypt a parameter, use an administrator account and run the following command in the command line:

      Code Block
      C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_regiis.exe -pd "appSettings" -app "/EAPhoneServer"

UI component access 

Please follow these steps if you want to access the UI component:

  1. Open the URL: http(s)://<Full DNS name of the server containing the EAPhoneServer component> /EAPhoneServer/swagger. 
  2. Log in as a user who is a part of a group specified in the Authorization Rules. To log in, enter the username in the UPN format.

Overview of the API component methods


Info

The input data is transmitted in JSON format. To call the API method, you can use the URL in the following format:

Code Block
http/https://<Full DNS name of the server containing the EAPhoneServer component>/EAPhoneServer/<API method>



Registration 

To register a phone number, use a POST request to the API method: /api/IID/CreatePhone.

  1. Input data: 
    1. Username − a username in the UPN format for which a phone number is added. 
    2. Phone − a user's phone number to be registered in the system. 
  2. Output data: HTTP response with the HTTP status code. 
  3. Example: 
    1. URLhttp://AmIndeed.demo.local/EAPhoneServer/api/IID/CreatePhone
    2. Data − ‘{"Username": "User@demo.local", "Phone": "123456"}’. 

Generated events

Info

The PrincipalName and Sid name formats are used in the example.

Successful registration 

Upon successful registration of the provider, an event with a unique ID − 1088 will be generated. The event body includes the following parameters:

  • Description - The phone number has been successfully registered.
  • User − a new user that has been registered. You can set the username format in the configuration file (the lognames parameter). 
  • Initiator − a user who was designated as an EAPhoneServer component administrator in the configuration file. You can set the username format in the configuration file (the lognames parameter). 
  • API user − a user who has completed Basic Authentication before the API method was used. The name will be displayed in the same format as it appears in the authentication form. 
  • Phone − a user's phone number to be registered. 

Registration errors 

If an error occurs during provider registration, an event with a unique ID − 2073 will be generated. The event body includes the following parameters:

  • Description - The phone number registration failed.
  • User - a new user that has been registered. You can set the username format in the configuration file (the lognames parameter). 
  • API user − a user who has completed Basic Authentication before the API method was used. The name will be displayed in the same format as it appears in the authentication form. 
  • Error Description a more detailed description of the error that occurred.
  • Error initiator − a user who has caused the error. 

  • Phone - a user's phone number to be registered. 

    Note

    In the event of a login error or access error (403), this parameter will display the service user data.

Change

To change a phone number, use a POST request to the API method: /api/IID/UpdatePhone.

  1. Input data: 
    1. Username − a username in the UPN format for which a phone number is changed. 
    2. Phone − a user's phone number to be registered in the system. 
  2. Output data: HTTP response with the HTTP status code. 
  3. Example: 
    1. URLhttp://AmIndeed.demo.local/EAPhoneServer/api/IID/UpdatePhone
    2. Data − ‘{ "Username": "User@demo.local",  "Phone": "654321"}’. 

Generated events


Info

The Id, Name, PrincipalName name formats are used in the example.

Successful change

Upon successful registration of the provider, an event with a unique ID − 1089 will be generated. The event body includes the following parameters:

  • Description - The phone number has been successfully updated.
  • User − a new user that has been registered. You can set the username format in the configuration file (the lognames parameter). 
  • Initiator − a user who was designated as an EAPhoneServer component administrator in the configuration file. You can set the username format in the configuration file (the lognames parameter). 
  • API user − a user who has completed Basic Authentication before the API method was used. The name will be displayed in the same format as it appears in the authentication form. 
  • Phone − a user's phone number to be registered. 


Change error 

If an error occurs during provider registration, an event with a unique ID − 2074 will be generated. The event body includes the following parameters:

  • Description - The phone number updating failed.
  • User - a new user that has been registered. You can set the username format in the configuration file (the lognames parameter). 
  • API user − a user who has completed Basic Authentication before the API method was used. The name will be displayed in the same format as it appears in the authentication form. 
  • Error Description a more detailed description of the error that occurred.
  • Error initiator − a user who has caused the error. 

  • Phone - a user's phone number to be change. 

    Note

    In the event of a login error or access error (403), this parameter will display the service user data.



Deleting

To change a phone number, use a POST request to the API method: /api/IID/DeletePhone

  1. Input data: 
    1. Username − a username in the UPN format for which a phone number is deleted. 
  2. Output data: HTTP response with the HTTP status code. 
  3. Example: 
    1. URLhttp://AmIndeed.demo.local/EAPhoneServer/api/IID/DeletePhone 
    2. Data − ‘{ "Username": "User@demo.local"}’. 

Generated events

Info

The DistinguishedNameSamCompatibleName. name formats are used in the example.

Successful deleting

Upon successful deleting of the provider, an event with a unique ID − 1090 will be generated. The event body includes the following parameters:

  • Description - The phone number has been successfully updated.
  • User − a new user that has been registered. You can set the username format in the configuration file (the lognames parameter). 
  • Initiator − a user who was designated as an EAPhoneServer component administrator in the configuration file. You can set the username format in the configuration file (the lognames parameter). 
  • API user − a user who has completed Basic Authentication before the API method was used. The name will be displayed in the same format as it appears in the authentication form. 
  • Phone − a user's phone number to be registered. 

Delete error

If an error occurs during provider delete, an event with a unique ID − 2075 will be generated. The event body includes the following parameters:

  • Description - The phone number removing failed.
  • User - a user that has been remove. You can set the username format in the configuration file (the lognames parameter). 
  • API user − a user who has completed Basic Authentication before the API method was used. The name will be displayed in the same format as it appears in the authentication form. 
  • Error Description a more detailed description of the error that occurred.

  • Error initiator − a user who has caused the error. 

    Note

    In the event of a login error or access error (403), this parameter will display the service user data.