Skip to content

Cloud Onboarding

Sign-up process

Go to the following site and fill in the following details

  • StoreName
  • Company
  • Contact Details

Store URL

The URL for your store will be https://portal.zervicepoint.com/StoreName

Authentication

You can either use AD FS or AzureAD for logon authentication to your store

AD FS

If you want to use AD FS, you need to supply the following information

  • AD FS Hostname
  • AD FS Thumbprint
  • StoreAdministratorEmail

Azure AD

If you want to use AzureAD, you need to supply the following information

  • TenantId
  • StoreAdministratorEmail

How to setup Azure login

I want to integrate with my on-premise environment

If yes, you should look at what you need to do to setup

  • ClientWebService
  • ProvisioningSystem

List of Prerequisits for Zervicepoint Cloud Server

  • CPU: 4-Core 2.66 GHz
  • RAM: 16 GB
  • HDD: 10 GB free space
    • RAID Level 1 or Level 10 drive

Operating systems

  • Windows Server 2016
    • Standard or Datacenter
  • Windows Server 2019
    • Standard or Datacenter
  • Windows Server 2022 (Recommended)
    • Standard or Datacenter

Supported languages

  • English (en-US)
  • Swedish (sv-SE)

Service Accounts

for Client Web Service
  • A domain account (i.e svc-zp-cws)
  • Permissions
    • Log on as service on the application server
    • Full control permissions to client web service data signing certificate
for Provisioning System service
  • A domain account (i.e svc-zp-ps)
  • Permissions
    • Local Administrator

DNS record

  • A DNS host (A/AAAA) record that points to the application server, i.e. cws.yourdomain.com

Web certificate

Client web service communication certificate (SSL/TLS certificate)

  • Used by Client Web Service for encrypting communication (https)
  • Should have same common name as the DNS record for the application server

This certificate must be installed in the Local Machine personal folder on the application server prior to the installation.

AD FS relying party trust

Active Directory Federation Service should run atleast version 2.0 or later

Enable Windows Mixed Endpoint (/adfs/services/trust/13/windowsmixed)

Relying party trust

WS-Federation Passive Endpoint

https://portal.zervicepoint.com/

https://portal.zervicepoint.com:20000/

Identifiers

https://portal.zervicepoint.com/

https://portal.zervicepoint.com:20000/

https://portal.zervicepoint.com:9900/ProcessSystem/

Required claims (LDAP)

Attribute Claim
SAM-Account-Name Name ID
E-mail-Addresses E-Mail
Display-Name Name
Token-Groups Unqualified names Group

Network

Allow following network traffic

Protocol Origin Destination Port
TCP Application server portal.zervicepoint.com 443, 9900, 20000, 30000
TCP Client Application server 443
TCP Client portal.zervicepoint.com 443, 20000

Verify that the customer clients and servers are able to access the Zervicepoint cloud environment

  • The server has internet access
  • The ports above has been configured
  • No proxy is blocking the clients and servers from reaching Zervicepoint cloud environment

Client web service

Self-signed certificate

Create certificate for client web service

  • Start Powershell as Administrator
  • Replace [StoreName] with your store name
  • Run the following command
New-SelfSignedCertificate -Type Custom -Provider "Microsoft Enhanced RSA and AES Cryptographic Provider" -Subject "CN=Client Web Service Data Signing – [StoreName]" -CertStoreLocation "cert:\LocalMachine\My" -NotAfter (Get-Date).AddYears(5)

A new self-signed certificate will be created in Local Machine / Personal / Certificates

Export the certificate

  • Open a management console (mmc) and add the Certificates snap-in (LocalMachine)
  • Go to the Personal store and locate the new certificate (Client Web Service Data Signing – [StoreName])
    • Right click the certificate
    • “All Tasks”
    • Choose Export
    • Do not export the private key
    • DER
    • Supply filename (it will be a .cer file)

Give permissions to certificate private keys

  • Open a management console (mmc) and add the Certificates snap-in (LocalMachine)
  • Go to the Personal store and locate the new certificate (Client Web Service Data Signing – [StoreName])
    • Right click the certificate
    • “All Tasks”
    • Manage Private Keys…
    • Click Add…
    • Select service account for client web service
    • Click OK
    • Click OK again to close the dialog

Configure

Log in to the portal, open Administration, click edit store and then the tab Worker Authentication and add

  1. Client web service url https://<cws.yourdomain.com>:443/ProviderService.svc/CallProvider
  2. Fill out Provisioning Account (accountname for ProvisioningSystem), i.e. svc-zp-ps
  3. In the Data signing certificate field click the upload arrow
  4. Locate the certificate you created and exported in the previous steps and click Open
  5. Click Save

Navigate back to Worker Authentication tab, in the Token signing certificate section

  1. Click the Download icon in order to download the certificate and save it to disk
  2. Locate the certificarte, right click and choose Install Certificate
  3. Click Open
  4. In the Certificate Import Wizard, choose Local Machine as Store Location
  5. Click Next
  6. Choose Place all certificates in the following store
  7. Click Browse…
  8. Choose Personal and click OK
  9. Click Next and then Finish

Software requirements

Following Windows features should be activated on the server:

This is for Server 2016. Run the command below in Powershell with Administrative rights

Add-WindowsFeature -Name @(
    'Net-Framework-45-Core',
    'Web-Server',
    'Web-Log-Libraries',
    'Web-Request-Monitor',
    'Web-Net-Ext45',
    'Web-Windows-Auth',
    'Web-Asp-Net45',
    'Web-ISAPI-Ext',
    'Web-ISAPI-Filter',
    'Net-WCF-HTTP-Activation45',
    'Web-Mgmt-Console'
)

Install Zervicepoint Client Web service and Provisioning system

  1. Run ZervicePointSetup.exe
  2. Click Next
  3. Choose the following Features:
    • Provisioning system
    • Client webservice
    • Powershell maintenance module
  4. Click Next
  5. Choose website certificate for client web service url
  6. Enter client web service token signing and data signing thumbprint, you can copy these from “On Premises”-tab in Edit Store under Zervicepoint Administration
  7. Click Next
  8. Enter “portal.zervicepoint.com” as hostname
  9. Enter your provisioning system service account name in “Service account”
  10. Enter password for service account
  11. Enter your AD FS host name
  12. Enter store name, remember that it is case sensitive
  13. Enter 443 as client web service port
  14. Click Next
  15. In the API Url, change “Store” to your store name
  16. Click Next
  17. Click Install

Test CWS and Provisioning Inventory

Now we have installed everything and configured the certificates. Now there is just one small step left. Start by installing the Active Directory plugin Download media here https://zipper.atlassian.net/wiki/spaces/ZKB/pages/178782363/Download+-+Active+Directory+Plugin

Installation instructions:

  1. Extract files from archive
  2. Run ZervicePoint.Extensions.ActiveDirectory.exe
  3. Click Install

Installation directory will be:

C:\Program Files\Zipper\ZervicePoint\Provider extensions\Activity.ActiveDirectory We will use the Active Directory plugin and test 2 things

  • That the data-sources finds information
  • That the activities and data-sources are inventoried

You need to do a couple of things first

Check that providers.xml has the correct configuration for Domain Controller (a reliable domain controller in your domain) and searchbase (point in Active Directory from where you want general search to start). They are necessary for verifying this test.

C:\Program Files\Zipper\ZervicePoint\ProvisioningSystem\activedirectory.provisioningsystem.providers.xml

After editing, open Powershell with Administrator rights and restart ProvisioningSystem by using the following command.

Restart-Service -Name ProvisioningSystem -Verbose

Test Providers

  • Go to Admin Web.
  • Click ”Providers” in the left menu.
  • Search for “MS Active Directory”.

Can you see lots of activities? Then you’re OK.

Check that providers.xml has the correct configuration for Domain Controller and searchbase. They are necessary for verifying this test.

C:\Program Files\Zipper\ZervicePoint\ClientWebService\activedirectory.clientwebservice.providers.xml

After editing, open Powershell with Administrator rights and restart ProvisioningSystemInventory by running the following command.

Restart-Service -Name ProvisioningSystemInventory -Verbose

Test Data sources

  • Go to Admin Web.
  • Click ”Data sources” in the left menu.
  • Search for “MS Active Directory”.

Can you see lots of data sources? Then you’re OK.

Test Client Web Service

Create a simple service (if you don’t know how to do this, just scroll down a bit). Add drop-down to search for a user. Do you get results when searching? Then Client Web Service is working. Thumbs up!!

How to create a service for testing CWS

  • Go to Admin-web
  • Click Services
  • Choose ”Add Service” and click “New blank process”
  • Add Identifier “TestCWS”
  • Add Name “Test CWS”
  • Click Create
  • Click “Form Editor”
  • Click on the form element Drop down list

  • Click “Edit” on the Drop down list, should look like this

  • Click Close

  • Scroll down and click “Save and Publish” at the bottom of the page

  • Go to the User Web

  • Search for your service “Test CWS”
  • Search for a user in the Drop Down list Select User
  • Can you find it?

The user you search for needs to be located in Active Directory and in the search base for the domain