Skip to content

Installing the OctoSAM Web UI

The Web UI module offers a browser-based user interface for OctoSAM Inventory, OctoSAM License and OctoSAM Monitor.

Info

Before you install the Web nodule, make sure that at least one full housekeeping cycle has been performed by the import service.

IIS Application Pool account

Create a Windows service account that has database read/write access to the central OctoSAM Inventory database. You can use the service account created for the Import Service, but note that the Import Service needs schema modification and bulk import rights while the IIS Application Pool account needs only read/write rights.

The service account also needs read/write permissions to the configured log directories.

Set the .NET CLR Setting of the Application Pool to No Managed Code

Administrators group

Designate an Active Directory group that contains your OctoSAM Web administrator accounts.

Create an IIS application

We recommend that you put the application in a sub-path of your IIS Webserver, do not place it in the server root. Configure the IIS application for Integrated Windows Authentication, do not enable Impersonation.

Warning

The OctoSAM Web Module depends on Integrated Windows Authentication, other types of authentication are currently not supported and may not be enabled.

Configure the IIS Application to point to the Server\OctoWeb directory. With standard configuration that would be D:\OctoSAM\Server\OctoWeb.

Configure RBAC replication in the import service

The OctoSAM Web Module depends on user information replicated by the Import Service. See the appsettings.json sample configuration file for details.

Note that you can currently use only a single domain for RBAC.

Configuration files

The application uses the appsettings.json configuration file.

Info

In most cases you should not have to modify config files within the OctoWeb folder. If you do, keep in mind that new versions of the software may overwrite this file, and you may have to re-apply your changes.

Bootstrap RBAC authorization

Designate an Active Directory Group for your OctoSAM Web administrators and make sure that that group gets replicated to your database by the OctoSAM Import Service.

Setting up RBAC requires that at least one full housekeeping was performed on the database. Make sure the Import Service is running or perform manual housekeeping by running 

OctoUtil housekeeping

Edit the global appsettings.json file and in the "OctoWeb" section, add the current user in the SubstituteUsers section. Substitute your user (usually the OctoSAM Service Account) with the user 'built-in'. built-in is a special user for the application itself that has full admin rights.

"OctoWeb": {
    //
    "SubstituteUsers": {
      "mydomain/myuser": "built-in" 
    },
  }

Recycle the IIS Application Pool that you configured for the Web Module.

You can now log on to the OctoSAM Web interface with full administrator rights. Notice the substitute user warning in the header region of the application.

Now you can select the Admin / Roles Menu and add the designated Active Directory Group(s) for the Administrator Role.

Add Service Account to Administrators role

It's OK to add the Service Account directly to the Administrators Role. This is an exception to the rule that roles should always be assigned to groups only.

Remove the SubstituteUsers configuration after you have completed the configuration of the Administrators role.

Recycle the IIS Application Pool.

You should now be able to log in to the application to configure additional Roles.

Configure the application address

Configure the address under which the Application is visible to clients on the Admin - Settings Page. The URL configured here should match the configured SSL certificate.

Configure multiple instances of the web module on the same server

If you want to run multiple Instances of the Web Module on the same server - for example, to connect to different databases - you can override the OCTOSAM_CONFIGURATION_FOLDER environment variable within IIS. The recommended way to do this is per Application Pool, this also allows you to run the Web Module under different Accounts.

The example will configure the Application Pool "MyPool" to use application settings from D:\OctoSAM\Config\MyConfig\appsettings.json

appcmd.exe can be found in c:/windows/system32/inetsrv if it's not in the PATH. This example requires IIS 10 (Windows Server 2016 or newer).

appcmd stop apppool /apppool.name:MyPool

appcmd.exe set config -section:system.applicationHost/applicationPools /+"[name='MyPool'].environmentVariables.[name='OCTOSAM_CONFIGURATION_FOLDER',value='D:\OctoSAM\Config\MyConfig']" /commit:apphost

appcmd start apppool /apppool.name:MyPool