Set Up miniOrange On-Premise IAM Server Using AWS Marketplace AMI

This guide outlines the steps to deploy the miniOrange IAM On-Premise Server using either the BYOL or Contract AMI from the AWS Marketplace. It walks you through the launching AMI, configuring the server and database, setting up the initial admin account, and logging into the miniOrange admin dashboard to complete the setup of miniOrange on-premise identity platform on AWS.

Get Free Installation Help

miniOrange offers free help through a consultation call with our System Engineers to set up our on-premise server.

For this, you need to just send us an email at idpsupport@xecurify.com to book a slot and we'll help you in no time.

Follow the step-by-step guide given below for On-Premise IDP AMI from AWS Marketplace

Buy your own license (BYOL)
Contract AMI

1. Setup Postgres user and create database

Run the below commands to change Postgres Linux user Password

sudo passwd postgres

Enter a new password when prompted. This will be the password for the postgres Linux user.

miniorange onpremise AWS Linux user password change

Switch the current Linux user to postgres. To do so execute the following command.

su – postgres

Once logged in as postgres user . Enter the following command to access postgres interactive terminal.

psql -U postgres

Note:

This user is distinct from the Postgres Linux user. The Linux user is used to access the database, and the Postgres database user is used to perform administrative tasks on the databases. The postgres database user password will be used to connect to the database in the future steps. In the next step we setup the password for postgres database user.

Change the postgres database user password. To do this enter the following query in the Postgres interactive terminal.

ALTER USER postgres WITH PASSWORD '<postgres_dbuser_password>';

miniorange onpremise AWS create db password

Replace the postgres_dbuser_password with the password of your choice. This is the password that will be required to connect to the database when configuring miniOrange IdP.

Create your Database. Execute the following command in the Postgres interactive terminal to create your database.

CREATE DATABASE '<postgres_db_name>'

Replace the <postgres_db_name> with the name of your choice. This will be the name of your database. This will be required to connect to the database when configuring miniOrange IdP.
You can use \l to view all the databases.
Once you have finished using the shell, you can exit with /q

miniorange onpremise AWS create database

2. Run miniOrange On-Premise IdP and connect it to the Postgres database

Go to your browser and hit the following url: <your aws dns>:8080/. This will open up the Choose a Database Configuration Page on your browser.
Select External Database. This will open up a database setup form. Fill in the following information:

Select Database	Select PostgreSQL
Database Host	Type in “127.0.0.1”. This is because the PostgreSQL server is deployed locally
Database Port	User the value “5432”. This is the port used by Postgres.
Database Name	Name of the Database that we create earlier. The value you used to replace <postgres_db_name>
Database Username	User the value "postgres"
Database Password	Use the password that we set for Postgres database user. The value you used to replace <postgres_dbuser_password>

miniorange onpremise AWS database configuration

After configuring the above information click on Proceed.

3. Setup miniOrange On-Premise IdP Administrator Account

After configuring the database successfully you should be redirected to Setup Admin Account Page on your Browser.
Well Done! You have successfully set up miniOrange On-Premise IdP with PostgreSQL as a backend using the AWS Image.

miniorange onpremise aws setup admin account

You have successfully setup the miniOrange Administrator Account.

4. Log into miniOrange On-Premise IdP using Administrator Account

After creating an account, you will be redirected to the login page (see image above). Please enter the details that you used while setting up the Admin account to log in to your miniOrange dashboard.
Configure the details asked on this page and click on the Create Account button to continue.

1. Access the AWS Marketplace Listing

Go to the AWS marketplace listing.
Click on View Purchase Options.

2. Launch miniOrange IDP AMI

Navigate to the pricing details.

Select your desired contract duration.
Choose any of the 3 license plans.
Enter the number of user licenses you wish to purchase. The displayed price is per user for the selected contract duration.
Important: Keep auto-renewal enabled to ensure uninterrupted service after your contract expires.
Enter the number of user licenses you wish to purchase. The displayed price indicates per user pricing for the selected contract duration.

Pricing details section with license plan and license options

Once you’ve verified your license details, click Subscribe. It may take a few moments to create your contract license.
After the subscription is complete, you’ll see an option to Launch miniOrange IDP AMI. Click it to launch your instance.

3. Verify Reachability

Confirm that http://<public-ip-of-machine>:8080 is reachable.

4. Create IAM Policy For IDP AMI in AWS

Go to the AWS Console >> IAM >> Policies.
Click on Create policy and paste the following JSON:

                
                    {
                    "Version": "2012-10-17",
                    "Statement": [
                      {
                        "Sid": "VisualEditor0",
                        "Effect": "Allow",
                        "Action": "license-manager:*",
                        "Resource": "*"
                      }
                    ]
                }

5. Create IAM Role For IDP AMI

Go to the AWS Console >> IAM >> Roles.
Click on Create role.
Choose Custom Trust and enter the JSON below.
Click Next and select the policy you created in the previous step.
Review the role details and then create the role.

                

                {
                    "Version": "2012-10-17",
                    "Statement": [

                    {
                        "Effect": "Allow",
                        "Principal": {
                            "Service": "ec2.amazonaws.com"
                        },
                        "Action": "sts:AssumeRole"

                    }
                ]
            }

6. Modify IAM Role for miniOrange IDP EC2 Instance

Go to the AWS console >> EC2 Instances.
Search for your miniOrange EC2 machine using its public IP address and click on it.
Click on Actions >> Security >> Modify IAM Role.
Choose the role you created in the earlier step and click Update IAM role.

7. SSH into the Machine and Run Command

SSH into your machine.
Run the following command:

sudo chown -R mo-idp:mo-idp /opt/mo-idp-server-ami-4.10.1/moas

8. Access miniOrange IDP DB Setup Page

Go to http://<public-ip-of-machine>:8080. You will be prompted for the database setup page.

9. Configure and Setup Database

To Configure database :

By default, miniOrange AMI has a PostgreSQL database on the same machine. For that You need to create a database and set a new password for the postgres user.

Run the following commands:

sudo -u postgres psql
ALTER USER postgres WITH PASSWORD <enter-password>

If you have a database on a separate machine then make sure that the db is set up and the port is open for the IDP machine.

To Setup Database :

Go to http://<public-ip-of-machine>:8080
Enter the database details on the setup page.
Once completed, you will be prompted to set up an admin account.
After the admin account is set up, you will see the IAM admin dashboard.

10. Setup miniOrange services

Follow the instructions here from 3rd step: Starting Accessory Services to setup services.

Contents