Installation
Pre-installation tasks
Install the server certificate or verify that the certificate is present. (The certificate must have the Fully Qualified Domain Name as the subject field.)
User and Admin Groups should be created on the AD and users added.
Installation
Run the installation file (setup.exe).
Post Installation
Execute the PowerShell script (C:\Program Files (x86)\HealthCast\SSO Audit Monitor\Config\SsoAuditMonitorSetup.ps1) on the server that will be hosting the SSO Audit Monitor application. This must be run as an administrator. (The PowerShell script sets up the administration tools using the FQDN from the Certificate subject field. It also opens ports 5000 on the server firewall to allow access.)
Locate the Audit Database for your installation of ExactAccess on the SQL server and note the name:
Before executing the provided SQL script (C:\Program Files (x86)\HealthCast\SSO Audit Monitor\Config\CreateDb.sql), change the name of the database in the first line to the name of your Audit database. (The line you will be changing is “USE [AUDIT]” – change the word “AUDIT” to the name of your actual Audit Database, whatever you configured it to be.)
Using the SQL Server Manager, grant permissions to the AD user account selected (ExactAccess Active Directory user account) or the account created for the Environment Prerequisites.
Select the Security Folder right click>New>Login
Fill in the Login Name. It will be the Active directory user requested in the Environment Prerequisites or the account created for the Environment Prerequisites.
Select User Mapping. Select the Audit Database and the roles will be db_datareader db_datawriter. (If using Windows Authentication the db_owner permission should be set with the ExactACCESS configuration. The account will not require the additional permissions.)
Using File Explorer, browse to C:\Program Files (x86)\HealthCast\SSO Audit Monitor
Locate the appsettings.json
Open with a text editor.
Change the Server=servername
Change the Database=databasename
Save the changes and close.
In Services, set the Log On As to the AD user who has permission to access the SQL database.
Start the service.
Configuration
Admin and User Groups
The Admin and User Groups refer to domain security groups, each having specific permissions within Audit Monitor. Only one domain security group may be defined for either the Users Group or the Admins Group.
Any member of the Users Group may log in and run reports.
Any member of the Admins Group may log in and run reports, as well as access the Settings page.
The Settings Page
The Settings page allows you to configure Audit Monitor settings. currently, the only two settings that can be configured are the Users Group and the Admins Group.
When Audit Monitor is installed, it sets the default Users Group to Domain Users, and the default Admins Group to Domain Admins.
To change either the Admins Group or User Group:
Log in to Audit Monitor as a user who is a member of the Admins Group Active Directory (AD) security group (e.g., Domain Admins)
Click the Settings link.
Change the Users Group to a different AD security group.
Change the Admins Group to the desired AD security group.
Click Save.
Alternative Method
After installation, if you need to change the Admins or Users group and you are not a member of Domain Admins (and therefore do not have access to the Settings page in Audit Monitor), you can still change the setting as long as you have access to the Audit SQL database.
Log in to the SQL Server that hosts the Audit database using a tool such as SQL Management Studio.
Select the Settings table.
Right-click the Settings table and select Edit Top 200 Rows.
This will open up a window that shows the two Audit Monitor Roles settings.
You may change the Value setting to the desired AD security group for either
AdminRole
orUserRole
.After making this change, the HCI SSO Audit Monitor Service must be restarted in order for the changes to take effect.