1. Installation setup

System requirements

Please check the following requirements before installing Visual Guard Identity Server.

Visual Guard 2024.0

Private mode Communication

  • Windows Server 2022 Build 20348 or later.

Installation Steps

Step 1: Download Visual Guard Identity Server setup and follow the installation wizard


Step 2: Enter the required information, Site, Application pool and click Next


Step 3: Installation process will begin


Step 4: Once installation is complete, you will be notified with a message confirming the successful setup. Please click “Close” to exit the setup.


1.1 How to migrate from VGServer ?

The VGServer has been replace by Visual-Guard Identity Server.

VG Identity Server works with the bearer Token, the VGToken, which is contained inside of the claims.

We need to authenticate from VG Identity Server

The API has been updated.
Please refer to the following list to find out how to update the API:

  • /Security/Principal/GetIdentity replace by /api/Principal/GetIdentity
  • /Security/GetRoles replace by /api/Principal/GetCurrentRoles
  • /Security/IsInRoleByName/ replace by /api/Principal/IsInRoleByName
  • /Security/HasPermissionByName/ replace by /Security/HasPermissionById/
  • /Security/GetPermissions replace by /api/Principal/GetCurrentPermissions

2. Repository configuration

Step 1: The Visual Guard identity server needs a connection to the VGRepository


Step 2: Select your repository type (SQL Server or Oracle) from the dropdown and click on Next


Step 3: Set the information of your repository as required and click on “Test Connection” to test the connection to the repository.

Once your connection is valid you will receive a connection successful message, click Ok and then Next.


Step 4: Set your VG identity server Url to configure successfully


Step 5: Once the configuration is successful you can click on Finish and you can start using the repository


3. Using an existing configuration

You can reuse an existing configuration

Click on the button “Configure Identity Server”
Select one identity Server configuration need to be use
We need to restart Identity Server to apply the new configuration
Waiting the restart of Identity Server
The Visual-Guard Identity server is ready to use

4. MFA Enrollment

In Visual Guard, MFA enrollment within the identity server framework enhances security by requiring users to provide multiple forms of verification before access is granted. This process involves users setting up additional authentication methods through the Visual Guard Magic link beyond their standard login credentials. Visual Guard’s approach streamlines the setup and management of these extra security layers, ensuring robust protection of sensitive information and systems against unauthorized access, all while maintaining a user-friendly enrollment experience. The member would receive an SMS or link through thier email or phone to get authenticated.

Below are the steps to enroll the MFA

Step1: Login the to the identity serve with your credentials and sign in.


Step 2: Please select the verification method you prefer to select first


Step 3: Register your email ID for the verification


Step 4: Once your email ID is registered, you will receive an email with a verification code to authenticate the email ID


Step 5: Once your email ID is verified, you will receive a enrollment successful message. You may go back to the application or choose to enroll your mobile number as well as a authentication factor.


Step 6: To enroll your mobile number you can enter your number and click and send SMS


Step 7: Once you register you mobile number, a secure code will be sent via SMS to authenticate the number


Step 8: Once the mobile number is verified you will receive a authentication successful message


Step 9: Once you have enrolled yourself you may go back to the application and login.

This image has an empty alt attribute; its file name is image-18-1024x500.png


5. Settings

5.1 User Interface

Customize logo

If you want to customize the logo, you can easily customize it as shown below.

Steps:

  • Login to the Visual-guard Identity Server
  • You can go to the settings -> UserInterface Page.
  • Goto the ‘Company Logo’ tab.
  • Specify the logo.

Change the website text

If you want to customize the login page for specific application, you can use some pre-defined visual-guard variables as shown below.

Pre-defined Visual-guard variables

  • [ApplicationId] – Gets the application Id.
  • [ApplicationName] – Gets the application Name
  • [ApplicationDescription]- Gets the application Description

Steps:

  • Login to the Visual-guard Identity Server with master admin rights
  • You can go to the settings -> UserInterface Page.
  • Goto the WebSite Text tab.
  • Provide the text to be displayed along with the pre-defined variables as shown below.

Result:

After applying the changes, when login form will be displayed, it will contain the application name and application id information via pre-defined variables as shown below.

5.2 Configure Server

Here are the settings for the server parameters and options that dictate how the identity server operates and interacts with other components.

  1. Primary Information: You can provide the basic information of your Identity Server

2. Edit Signing Certificate: You can manage the signing certificate and click on Validate Certificate below when you update the certificate

3. Is Clustered: You can configure whether identity server is clustered or not, you need to provide the Issuer Uri for the clustered Uri

4. Allow auto restart when required: You can choose if you want the server to restart automatically and you can also set up the time to check at every x minutes for the restart

5. Is Grpc Private Service Enabled: You can choose if you want to enable Grpc, if yes then you need to provide the Grpc port and whether the Grpc web is enabled or not as it makes the private service compatible with http 1.1.

6. Authentication Preferences: You can provide the default domain for windows authentication on IdentitySever, the authentication mode and whether the windows authentication and automatic windows aunthentication is enabled or not

7. Other Information: You can choose if the you want to overwrite Identity Server once it is deployed

8. Click on Switch Configuration if you want o select another identity server configuration, Click on Save button, when you want your changes to be saved, and make sure to restart Identity Server to reflect your new changes.You can restart the Identity Server by clicking on Restart button

5.3 Local Settings

Here you can set Visual Guard’s Identity Server Url for confirguration, mention the Url and click on Save.

6. Advanced Settings

You can configure some properties manually.

inside of the appSettings.json, you can configure the Level of trace, etc…

You can check the Server URL here.

6.1 How to set up Windows Authentication?

Visual Guard offers two modes of Windows authentication:
Windows SSO (Single Sign On) and Mix-Mode Authentication (Windows + another type of authentication).

Requirement

    • The VG Identity Server needs to be installed on a Windows Server

    • The Windows Server needs to be in the domain

    • The Windows Server needs to have IIS

Activate Windows Authentication in the VG Repository

First, you need to check if Windows is activated in the repository

    • Open VG WinConsole

    • Select and open your VGRepository

  • In the VGRepository settings, check that Windows Authentication is enabled in the supported authentication modes section.
Active Windows authentication


Activate Windows Authentication in VG Identity Server

IIS needs to have Windows Authentification activated

    • Select VG Identity Server app

    • Go to authentication module

    • Enable Anonymous and Windows authentification

Activate Anonymous and Windows authentification


Which Windows authentication mode should be selected?

Visual Guard offers two modes of Windows Authentication:

The first mode is Mixed Mode authentication that allows you to authenticate users with their Windows and another type of authentification

The second one is Windows SSO (Single Sign On), the user don’t need to do any things, Visual Guard authenticate the user directly without any action.


How to configure for the Mixed Mode Authentication?

To activate this mode, you need to open the VG Identity Server folder:

    • Open appsettings.json file for VisualGuard Identity Server

    • Set IsWindowsAuthenticationEnabled = true

    • Set IsAutomaticWindowsAuthenticationEnabled = false

    • Save the file and restart the VGIdentityServer

Sample

{
  "VGIdentityServerConfiguration": {
    "ServerId": "a31a70b4-9a09-445e-82c9-c6262eaa58f5",
    "WebUserInterfaceId": "03d1acad-61bf-4b62-82f4-3fe5eb0bb554",
    "IsWindowsAuthenticationEnabled": true,
    "IsAutomaticWindowsAuthenticationEnabled": false,
    "TraceLevel": "Verbose",
    "ServerUrl": "http://localhost:5000",
    "UseDefaultIdentityServerWhenServerIdEmpty": false,
    "CheckIfRestartRequiredAtEveryMinutes": "1",
    "AllowAutoRestart": "true"
  }  
}

VG Identity Server Sample login form

Mixed mode authentification user view

Windows Authentification


How to configure Windows SSO?

The Windows SSO (Single Sign-On) allows to authenticate users without any action on their part.

To activate this mode, you need to open the VG Identity Server folder.

    • Open appsettings.json file for VisualGuard Identity Server

    • Set IsWindowsAuthenticationEnabled = true

    • Set IsAutomaticWindowsAuthenticationEnabled = true

    • Save the file and restart the VGIdentityServer.

Sample code

{
  "VGIdentityServerConfiguration": {
    "ServerId": "a31a70b4-9a09-445e-82c9-c6262eaa58f5",
    "WebUserInterfaceId": "03d1acad-61bf-4b62-82f4-3fe5eb0bb554",
    "IsWindowsAuthenticationEnabled": true,
    "IsAutomaticWindowsAuthenticationEnabled": true,
    "TraceLevel": "Verbose",
    "ServerUrl": "http://localhost:5000",
    "UseDefaultIdentityServerWhenServerIdEmpty": false,
    "CheckIfRestartRequiredAtEveryMinutes": "1",
    "AllowAutoRestart": "true"
  }
}

From now on, when a user accesses the page, he will be automatically authenticated with his Windows account, without displaying a login screen.

6.2 How to activate new private communication ?

6.3 How to deactivate Windows SSO ?

VGIdentityServer Feature Guide: Configurable Windows SSO Authentication

This guide provides detailed instructions on how to utilize specific settings for automatic Windows SSO authentication in VGIdentityServer. These settings allow developers to choose between automatic Windows authentication and manual authentication.

Server Configuration Example:


Server URL: https://vgidentityserver.mycompany.local


IdentityServer Settings:

Windows Authentication Enabled: true
Automatic Windows Authentication Enabled: true



Accessing the Identity Server UI:

Using Current Windows Account (AutoWindowsSSO)

URL: https://vgidentityserver.mycompany.local/Account/Login

  • If the current Windows account user has the necessary rights, the system will automatically sign you in.
  • If the user lacks the required rights, you’ll be redirected to the login page with a “not authorized to login” message. Here, you can log in using different credentials.

Without Using Current Windows Account (Manual Authentication)

  • URL with parameter: https://vgidentityserver.mycompany.local/Account/Login?autowindowssso=false
  • The system will prompt you for credentials to authenticate.

Requesting Tokens or Authorization Codes via Browser (AutoWindowsSSO)

  • Example URL: https://vgidentityserver.mycompany.local/connect/authorize?response_type=code&client_id=172b5450-6954-4bf5-982f-9af688f1aa58_WebApp
    • &redirect_uri=http://localhost:5002/signin-oidc&scope=openid+profile+VGActivityDate+VGApplications+VGDeveloper+VGIsApproved+VGIsLocked+
    • VGPermissions+VGProfile+VGRoles+VGToken+offline_access+IdentityServerApi
  • If the current Windows account user has rights, a code will be provided in the response.
  • Without the necessary rights, you’ll be redirected to the login page with a “not authorized to login” message.


Requesting Tokens or Authorization Codes Without Current Windows Account

  • URL with parameter:
  • https://vgidentityserver.mycompany.local/connect/authorize?autowindowssso=false&response_type=code&client_id=172b5450-6954-4bf5-982f-9af688f1aa58_WebApp&redirect_uri=http://localhost:5002/signinoidc
    • &scope=openid+profile+VGActivityDate+VGApplications+VGDeveloper+VGIsApproved+VGIsLocked+
    • VGPermissions+VGProfile+VGRoles+VGToken+offline_access+IdentityServerApi
  • The system will prompt you for credentials to authenticate.

7. Tracing

To enable different levels of tracing, choose the appropriate options in the appsettings.json file (visual reference provided below).


You can check the logs and traces files as shown below.


8. Archive

Welcome to the Visual-Guard Archive section. This part of our documentation is dedicated to providing easy and organized access to previous versions of Visual-Guard, allowing users and developers to find information, guides, and references for past versions of our product.

Why an Archive?

As Visual-Guard continues to evolve, maintaining a record of previous versions is crucial for several reasons:

  • Historical Support: Enables users to consult the documentation of previous versions to solve specific issues or understand the evolution of the product.
  • Migration Assistance: Aids users in the migration process by providing detailed information on the differences and enhancements between versions.
  • Compatibility: Ensures that users working on existing projects can access relevant information for their version of Visual-Guard.

How to Use the Archive

The Archive is organized by version, with each section dedicated to a specific version of Visual-Guard. Below are links to the archived versions:

Visual-Guard 2020.X

This section contains all documentation related to Visual-Guard 2020, including user guides, release notes, and API references.

Previous Versions

For versions prior to Visual-Guard 2020, please click here.

Upgrading to VG 2024

If you’re ready to migrate to the latest version, VG 2024, check out our migration guide for a smooth transition. Our latest version offers significant improvements in performance, security, and features.

8.1 VG2020.X

Welcome to the Visual-Guard 2020 Archive. This section is dedicated to preserving the comprehensive documentation, guides, and reference materials for Visual-Guard version 2020.3. As you navigate through this archive, you will find valuable resources designed to support users and developers who continue to work with or maintain systems using this specific version of Visual-Guard.

Features and Documentation

Visual-Guard 2020 introduced a range of features and improvements that have been foundational to subsequent versions. In this archive, you can explore:

  • User Guides: Detailed instructions on how to utilize the features introduced in VG 2020, ensuring you can make the most out of your existing projects.
  • Release Notes: A chronological list of updates, bug fixes, and enhancements made throughout the lifecycle of VG 2020.
  • API References: Comprehensive documentation of the APIs available in VG 2020, providing essential information for developers integrating Visual-Guard into their applications.

Support and Resources

While VG 2020 is no longer the latest version, we understand the importance of supporting our users through transition periods and beyond. If you’re working on migrating to VG 2024 or need assistance with VG 2020, the following resources are available:

  • Migration Guide: Step-by-step instructions to help you transition from VG 2020 to VG 2024 smoothly and efficiently.
  • Technical Support: Our dedicated support team is available to assist with any questions or issues you may encounter with VG 2020.

Moving Forward

We encourage users of VG 2020 to consider upgrading to Visual-Guard 2024 to take advantage of the latest features, security enhancements, and performance improvements. Visit our Upgrade Guide for more information on making the transition.

Thank you for your continued support and commitment to Visual-Guard. We’re here to assist you in every step of your journey with our product.

8.1.1 Installation setup

System requirements

Please check the following requirements before installing Visual Guard Identity Server.

Visual Guard 2020.2

  • OS: Windows Server 2012, 2016, 2019, 2022
  • Hard Drive: 512 GB to 1 TB – Fast drive recommended, ideally SSD
  • CPU:  4 core min – 3 Ghz or higher
  • RAM: 8 GB 
  • SQL Server for the VG Repository : Standard Edition or higher
  • .Net Core 2.1
  • .Net Core hosting bundle 2.1

Private mode Communication

  • Windows Server 2022 Build 20348 or later.

Installation

Download Visual Guard Identity Server setup and follow the installation wizard.

8.1.2 Repository configuration

The Visual Guard identity server needs a connection to the VGRepository


Configuration of the Visual Guard repository
Select your repository type (SQL Server or Oracle)
Set the information of your repository
Test your connection to the Visual Guard Repository
The connection to the VG Repository is successful.
Save the configuration of the VGRepository

Configure Visual Guard Identity Server

8.2 Configuring VG Identity Server Instance

Configure a new Visual-Guard Identity Server instance

  • Note : this requires a certificate

Select “re-use a existing configuration” or “create a new configuration”

The certificate validity is verified.

  • Identity server name: name of the server
  • Description : enter a description for this new configuration
  • Select a certificate (Certificate with private key required)
  • Check this box to overwrite the configuration when deploying it in another repository
We need to restart the server to apply this new configuration
Waiting for the Server to restart
The Visual Guard Identity Server is now ready to use