To make your Visual KPI websites, data and the Visual KPI Designer secure, you first need to enable security. Visual KPI supports any security model that uses IIS, such as VPN, RSA, other two-factor authentication methods, and more.
Using the Visual KPI Server Manager, you can save hours of time setting up authentication to websites. Visual KPI Server Manager integrates with IIS.
Use IIS and the Visual KPI Server Manager to enable security. Follow the general steps below to set up security. Use the links to get more detailed instructions.
1. Decouple parent inheritance in IIS
Because you may need to enable security differently at all three levels, you must first decouple the parent directory of a Visual KPI website from the children, so that the child elements do not inherit from the parent element. Learn more
Note: After enabling security in the Visual KPI website, make sure the Interface and WebService are not propagated with the same security as the website unless you’ve chosen to set up security the same at all three levels.
2. Enable security in IIS Manager
For every Visual KPI website, use IIS Manager to turn OFF anonymous access on the Visual KPI website and WebServices (hosts Visual KPI Designer). Learn more
In IIS Manager, change the following settings for Sites, Interfaces, and Webservices. Click the top-level in the parent directory to set authentication.
Enable Security for Visual KPI Sites
You’ll likely want to lock down security on the website, allowing access only to authenticated users.
Click Site>Authentication:
- Anonymous Authentication: Disabled
- Windows Authentication: Enabled
Enable Security for Interfaces
Generally, the public will not have access to the Interface. You can set permissions to Anonymous using Windows authentication.
Click Interfaces>Authentication:
- Anonymous Authentication: Enabled
- Windows Authentication: Enabled
Enable Security for Visual KPI Designer
There are two ways to manage security for the Visual KPI Designer:
- Leave access open (Anonymous) and only give the Visual KPI Designer software to those who need access.
- Lock security only enabling access to approved users.
To secure access, click Webservices>Authentication:
- Anonymous Authentication: Disabled
- Windows Authentication: Enabled
3. Determine who gets access to websites
Once you set security in IIS, you must determine who gets access. You’ll need to set authentication for the entire website, for example. This doesn’t refer to rights assignment-who gets to see what-but rather who gets access at all. Learn more
- Create users and local groups with Visual KPI Server Manager.
- Add Active Directory Groups in IIS.
- Map user permissions.
4. Set up rights assignment
Once users get access to the website, what can they see? This is where you’ll set up rights assignment or object-level inheritance for users or user groups in the Visual KPI Designer. Learn more
Access Denial Messages
Any user without granted access to Visual KPI sites or virtual directories will see the following messages.
- Visual KPI sites: a simple 403 error page
- Visual KPI Designer: a modal dialog box telling the user they are forbidden to access the necessary Web services
Learn more about Visual KPI Security, and see the security Quickstart with an overview of all steps.
See the complete guide from Microsoft for configuring security in IIS Manager.