Algunos de los contenidos técnicos de este sitio web solo están disponibles en inglés.

IIS website configuration

SSL/HTTPS setup instructions

  1. At this point Salto IDM will be installed and accessible via the port configured during the installation.

    • By default, the installer uses port 81 and HTTP.
    • The port and protocol can be changed using the steps below, and depending on your requirements and infrastructure additional steps might be necessary.
    • It is highly recommended to configure an HTTPS binding and remove the default HTTP.

  2. To change your website bindings to use HTTPS, first open Internet Information Services (IIS) Manager.

  3. In the left menu, click on the computer name, and then in the IIS section click on Server Certificates.

    Installer IIS Home

  4. Use the Actions menu on the right to add the website certificate you want to use with Salto IDM.

    • You can import your website certificate here if you have the necessary .pfx file.
      • Make sure that the imported certificate is issued by a trusted authority and that the name matches the host name you will use.
      • Using this method will allow you to have a secure website and avoid browser errors.
      • You will have to manually update your certificate when it expires.
    • Or you can create a self-signed certificate using PowerShell.
      • Using the Create Self-Signed Certificate option from IIS can generate errors when using modern browsers (for example, ERR_SSL_KEY_USAGE_INCOMPATIBLE), so open PowerShell as Administrator and run New-SelfSignedCertificate -Subject subdomain.domain.com.
      • Using this step will help you configure HTTPS, but you will receive browser errors, and your website will be marked as non-secure.
      • This method is only recommended for testing or demo environments, not for production.
    • Optionally you can create a certificate using Let's Encrypt.
      • This is the recommended method as it uses a fully trusted certificate that automatically renews.
      • The only requirement is that the Salto IDM website must be accessible from the internet, so this is not possible with fully on-premises installations.
      • You should create an HTTPS binding with a DNS record pointing to your server public IP (explained below).
      • If you want to use this method, first configure HTTPS using a self-signed certificate, and then follow this Installation Manual to install the Let's Encrypt certificate.

  5. Once the certificate is installed on the server, use the left menu to expand the submenu under the computer name, expand Sites, and select the website you created for Salto IDM.

    Installer IIS Computer Name

  6. In the Actions menu on the right, click on Bindings… and the following window will open.

    Installer IIS Bindings

  7. Click on Add… to create a new HTTPS binding using the following parameters:

    • Use HTTPS for Type.
    • IP address and Port can be left unchanged.
    • Add the host name you want to use to browse to Salto IDM (for example, saltoidm.yourcompany.com).
    • The checkboxes can be left unchanged.
    • Select the previously imported or created SSL certificate from the dropdown.

    Installer IIS Bindings 443

  8. Click OK.

  9. It is recommended that you remove the default HTTP binding by selecting it and clicking Remove.

  10. Click Close. Salto IDM should now be accessible using the hostname, protocol, and port you configured (for example, https://saltoidm.com).

    • When using HTTP and port 80, or HTTPS and port 443 you do not have to add the port to the browser URL.
    • When using non-default ports you need to write the port in the URL.
    • http://saltoidm.com:80 is the same as http://saltoidm.com.
    • https://saltoidm.com:443 is the same as https://saltoidm.com.

Optional: Configure host name for internet or intranet access

When you want to use the previously created host name via the internet or inside a local network (for example, for production environments), you must add a DNS record to your domain that points to your server IP so that the website can be reached and the SSL certificate can be validated.

  1. Using your domain name provider (contact your IT department if needed), add a new A-Record to your domain, pointing to the public or private IP of the web server that hosts Salto IDM.

    • If you configured a subdomain when setting up the host name in IIS, make sure to specify this as well when creating the DNS record.
    • Publicly accessible DNS records might take some time to propagate (up to 48 hours depending on your provider).

    Installer IIS Arecord

  2. Make sure that there are firewall rules configured to access your web server either from the public internet or inside your corporate network.

    • This can be both at hardware level (for example, a physical firewall to the network where the server is hosted) and at software level (for example, using Windows Firewall to allow web traffic on that port).

  3. After the DNS records propagate, you should be able to browse Salto IDM using the provided domain name from any PC.

    • When configured to be accessible over the internet, Salto IDM can be browsed from any device with internet access.
    • Access can be restricted to certain IPs or IP ranges only (see Salto IDM -- Product Configuration guide for further reference).
    • This is the best scenario for use cases where users need to interact with the system from their own devices or from any location (for example, visitors who must fill in their details from home, or employees that are not always on a corporate network).
    • When the DNS records are under a corporate network, Salto IDM can only be reachable if the device is connected to the intranet (for example, via VPN or corporate Wi-Fi).
    • This scenario is most compatible with use cases when it is not necessary to expose the application to the public, or when certain features are not required (for example, when employees with intranet access are the only ones that need access to Salto IDM, or when visitors use the kiosk to register instead of their own devices).

Optional: Configure host name for local access

When you want to use the previously created host name on your own PC or server (for example, for testing or demo environments), add a record to the hosts file on that computer, which will allow you to use that host name on your browser to access Salto IDM.

  1. Open Notepad as Administrator.

    Installer IIS Notepad

  2. Open file (Ctrl + O).

  3. Browse to the folder C:/Windows/System32/drivers/etc.

  4. Select All Files (bottom right).

  5. Open the file hosts to edit it.

    Installer IIS Hosts

  6. Add a rule at the bottom of the file with the name of your website (for example, 127.0.0.1 yourcompany.saltoidm.com).

    Installer IIS Hosts File

  7. Close Notepad and save the file when asked.

  8. After the hosts file is saved, you should be able to browse Salto IDM using the provided domain name from this PC.

    • When using this setup, no other devices will be able to reach the host name you configured.
    • This is mainly used for demo or testing purposes when no other users need to browse Salto IDM.

Salto Systems, S. L. utiliza dispositivos de almacenamiento y recuperación de datos de terceros para permitir una navegación más segura y comprender mejor cómo interactúan los usuarios con el sitio web con el fin de mejorar nuestros servicios. Puedes aceptar todas las cookies haciendo clic en el botón "Aceptar cookies" o rechazar su uso pulsando en el botón "Rechazar cookies". Para más información, visita nuestra Política de cookies