To access web or client applications through Indeed PAM, you will need to install additional components:
- IndeedID Admin Pack
- IndeedID ESSO Agent
- The extension for Microsoft Internet Explorer or Google Chrome browsers
Setting extension for Google Chrome
After installing IndeedID ESSO Agent, Google Chrome will automatically add an extension when the browser starts.
Configuring an extension for Internet Explorer through group policies
After installing IndeedID ESSO Agent, Internet Explorer will automatically add the extension, but it will be turned off. To automatically enable and configure the extension you will need:
- Run the Group Policy Management snap-in, select the domain, then open the context menu of Group Policy Objects item and click New or use an existing group policy object.
- Switch to Group Policy Objects, open the context menu of an object and click Edit
Switch to Computer Configuration\Policies\Administrative Templates\Windows Components\Internet Explorer\Security Features\Add-on Management
- Open the Add-on List parameter, set the switch to Enabled and click Show in the Options section
- Specify the extension ID {D1080A9B-B3D0-443C-AE86-1A2B295A53A2} in the Value name field. Enter 1 in the Value field and save the changes
- Switch to Computer configuration\Policies\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page
- Open the Site to Zone Assignment List parameter, set the switch to Enabled and click Show in the Options section
- In the Value name field, enter the URL of the host on which the web application is located, in the Value field enter 2 and save the changes
- Switch to Computer configuration\Policies\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Advanced Page
- Open the Allow third-party browser extensions parameter, set the switch to Enabled and save the changes
- Open the Turn on Enhanced Protected Mode parameter, set the switch to Disabled and save the changes
- Close the Group Policy Management Editor
- Open the context menu of domain or unit, click Link an Existing GPO, select a group policy object and configure it to work with Indeed Identity PAM Gateway server
- Log in to Indeed Identity PAM Gateway server and run Server Manager
- Switch to Local Server item and open Internet Explorer Enhanced Security Configuration option
- Set the switch to Off for Administrators and Users groups