Getting Started with PINsafe
This guide assumes that there is a Swivel server installed and running. This document deals with the options available in detail, a Quick Start Guide is available here: How to initially configure PINsafe
This section follows the steps required to get a basic Swivel installation up and running.
There are three fundamental settings that need to be completed to get a Swivel server up and running.
To see a video of these steps refer to the getting started video
- The PINsafe Database
- The Database mode of operation
- Any associated user repositories
Note: If the Timezone is to be set, do this before Swivel configuration, as changing it later will invalidate the users stored PIN numbers. Restart the database i.e. for internal restart Swivel or MySQL for appliances after setting the Timezone.
Contents
Initial Login
Upon install, the Swivel server comes with a shipping database; this is a single user read-only database that has the user account:
Username: admin
PIN: 1234
Whilst this option is selected as the database it will only be possible to login to the admin console using these details.
So to login: Enter the default username of admin, then click on Start Session, Swivel has a default PIN of 1234. Extract the One Time Code, and enter it into the OTC box, from the example below the OTC is 3527. Now you will be able to Login.
Setting the Swivel Database
Swivel needs a database to store Swivel account information. This can be an internal or an external database.
On install the Swivel server comes with a shipping database; this is a single user read-only database that has the user account:
Username: admin
PIN: 1234
Whilst this option is selected as the database it will only be possible to login to the admin console using these details.
Therefore to log in for the first time, enter admin in the username field, click on start session, then enter the first four digits of the TURing image into the OTC field, then click log-in. (The password field should be blank)
The first stage in getting started with Swivel is to configure the database that you wish to use to store Swivel account details. This can either be the internal database that comes with Swivel or it can be a separate external database. Swivel supports a range of SQL/JDBC databases: consult with your reseller or with Swivel for more details.
Note: It is recommended to start with the Internal database, and then come back to set an External database and external data source if required
In deciding what database to use you need to evaluate the relative merits of the two approaches.
Factor | Internal Database | External Database |
Simplicity | Very simple, single-click deployment. | Requires some database set-up and configuration |
Flexibility | No Flexibility | Flexible solution allowing multiple Swivel and Multiple Database servers as required |
Performance | Local database means good performance. | Performance needs to be considered but Swivel is not a particularly database intensive application |
Availability | Availability determined by the server it is deployed on.
Difficult to back-up database, therefore not easy to support site resilience |
Available can be improved by using database clustering technologies.
External database easier to back-up and replicate |
Security | Internal and encrypted | All sensitive data is encrypted. Encrypted database drivers can also be used. |
It is assumed that an external database will be more appropriate to larger, multi-site installations and the internal database for use for single site installations.
For initial proof of concepts and evaluations, the internal database should be used.
Username Case Sensitivity
You can select whether usernames are case sensitive or not. You may need to set usernames to be case insensitive if that is what the users are familiar with. When user names are not case sensitive a user with a username of Chris can authenticate a Chris, chris,chrIS etc.
NOTE: Case sensitivity is also affected by settings in your database, if you use an external database. If you require case-sensitive passwords, you also need to ensure that your database is set to be case sensitive.
Setting the Internal Database
To use Swivel’s internal database go to the Database menu, select Internal from the drop down menu, then click apply. There may be a slight delay as Swivel creates the tables in the database. Once you have selected a database other than the Shipping Database, then you must create a new admin account before logging out of the admin console. To do this complete the following steps.
Setting the Database Mode
Swivel supports two different database modes; synchronized and slave. Synchronized will mean that the Swivel server will synchronize with a user repository (e.g. Active Directory) in order to create (or delete) accounts from the Swivel server. A Swivel server running in slave mode will not create or remove accounts from the database but act as an authentication server for all the accounts that exist in the database. A slave Swivel server relies on another Swivel server to add and remove accounts.
To create a new admin account, Synchronized mode must be selected
Configuring Synchronized Mode
To use this mode go to the Mode->General screen and select Synchronized and then click apply
The next stage is to configure the repository.
Configuring the user repositories
Swivel supports multiple user repositories. The initial repository is the internal XML repository, which can be edited within the Swivel Administration Console. Additional repositories can be defined, using Active Directory or LDAP directory servers.
If you are using a user repository it is important that you create an Administrator user to prevent you being locked out of the admin console. If you are unfamiliar with Swivel, it is recommended that you use the internal XML repository initially.
Using the XML Repository
To use the XML repository, you need to go to the Repository->Servers screen and add it. You need to give the XML repository a name. Repository names need to be unique within a Swivel installation, therefore if you have two Swivel servers connected to the same database, they cannot both have an XML repository called LOCAL.
It is recommended that the name of the XML repository reflects the server name of the Swivel server. E.g. Swivel_Primary_XML
The XML repository is also a special case because you can add/edit users for this repository from the Swivel user administration screen.
Go to Repository->Servers to confirm that and enter a name for the XML repository
Go to Repository->Groups to configure the repository groups. Initially, two groups are defined – PINsafeUsers and PINsafeAdministrators. Make sure that each group definition for this repository is the same as the group name:
Go to user administration screen and select SYNC
The XML repository is shipped with an existing user of admin, with a PIN of 1234, so you will see this account appear on the list of users.
It is recommended that you open a new browser window, navigate to the admin console and log on using this new account before you exit the existing admin console session.
You can create new Admin level accounts by selecting ADD USER on the User Administration screen and creating a new user that is a member of the PINsafe Administrators group. You can then synchronise PINsafe with the repository to create the PINsafe account. Remember to reset the PIN of the new Admin user that you have created.
License Key
Swivel comes with a 5 user evaluation license. To operate a live Swivel server you need a valid license key obtained from your reseller or from Swivel Secure. Once you have this license key enter this key on the Server -> License screen. For more details on how to enter a license key, see our Installing a license key guide.
The license will be for a fixed number of users; i.e. accounts on the Swivel server. If you need additional users and therefore additional licenses, you can purchase a new license key for the new total of licenses required. The new license key is a replacement for the existing one and therefore you simply need to overwrite the license key.
With the repository and database configured and the license installed you are now have a working Swivel server that you can start to integrate with your IT infrastructure.