Table of contents

1. Deployment Guide

To get started with your Mividas product installation, start by following these steps:

  1. VM deployment – The first thing you need to do is to add the Mividas virtual machine to your network. Read more about VM deployment.
  2. Mividas Installer onboarding – Once the virtual machine is in place, the next step is to onboard the Mividas Installer. Read more about Mividas Installer onboarding.
  3. Install Mividas products – After you have finished adding the Mividas VM and onboarded the Mividas Installer, you are now ready to install the different products that are available for your license key. Please see the next chapter for specific Mividas products installation.

Mividas product installation

When the Mividas virtual machine and Mividas Installer is up and running you are now ready to continue installing products from the Mividas product suite.

1.1. VM deployment

The first step in getting started with installing Mividas various products is to add the Mividas Installer virtual machine to your server network.

Where this server should be set up depends on your particular network environment. For examples and more detailed network schemas, please see the documentation Network schematics.

Before you start, you should review the Server specifications for the Mividas virtual machine. Also, please review the Network port requirements before you continue.

Find our deployment guide below, which can also be downloaded as a PDF by clicking here.

Download the Mividas Installer VM

Start by downloading our Installer VM, which is available generic OVA format that works in both VMWare ESXi-based environments (VMware 6.5 and later is supported), or KVM for linux-based virtualization. The latest version can always be found at https://www.mividas.com/downloads/.

The image is based on Debian 11 using Linux kernel v5.10.

Initial VM deployment and network settings

When you first start up the virtual machine, you will immediately be presented with a list of choices that you can easily navigate using the arrow keys. The first section is for your network settings:

  • Refresh status
    Run this to see the current status of the machine, such as which IP number has been assigned via DHCP, as well as disk space and usage, which can both be helpful during installation.
  • Change hostname for server
    Here you can set the hostname for the server that will primarily be used for internal documentation. This will also help when monitoring entries in different types of event logs.
  • Change IP-settings on first/second NIC
    Choose this option to switch between using DHCP or to manually entering IP numbers and other network settings such as gateway and DNS servers. The first NIC should be the one using the standard gateway, the second NIC (optional) for internal network access using static routes where applicable
  • Set DNS-servers
    This option allows you to specify a standalone DNS server to apply to the server. Even if DHCP is used, an override DNS or similar setup might be used, which you then can specify here.
  • Set NTP-servers
    You can also manually specify which NTP servers to use. This can, for example, be useful for a more secure network with a dedicated internal server which you can then enter an IP number or hostname for. Bear in mind that if a hostname is specified, it requires an available working DNS server.
  • Set HTTP-proxy
    Use this option if you lock outgoing HTTP(s) request in your network. Allows all requests to go through your local proxy where you can verify the traffic and lock down addresses that are not allowed.
  • Set static routes
    This option is available for you who have several different nets in your network. Then you can easily make sure that all traffic goes through the default gateway, but that e.g. 10.0.0.0/24 should instead go through a router that has ip-number 192.168.1.100.

Some choices may require a restart to take effect. You can choose to either restart after each step or, if you prefer, you can complete all settings and then restart at the end of your setup.

When you are satisfied with your network settings, select ‘Continue’ at the bottom of the list. This takes you to the next section on security settings displayed on the next page.

Server security settings

After selecting ’Continue’ from the network settings section will bring you to the security settings for your server.

  • Set password for admin system account
    Here you can create a system user who can then log in to the linux console to, for example, troubleshoot or change specific settings.
  • Disable SSH-login using password
    Choose this option to disable login via SSH with a password. SSH is enabled with the help of SSH keys by default, and not by using a password.

    Without this option it can be difficult to log in as an admin user, as your SSH key is not stored. It is easy to temporarily activate SSH login using a password, add your SSH key and then deactivate this option for increased security.
  • Disable further changes using boot console-wizard
    If you select this option you will no longer be able to access the security section. This means, for example, that for security reasons you can no longer add admin users without first logging in.

When you have chosen your options in this section, select ‘Continue’ at the bottom of the list to proceed. As long as you have not selected ‘Disable further changes using boot console-wizard’, you can always return to these security choices later on to make additional changes.

Mividas VM deployment now completed

Selecting ‘Continue’ from the security settings section means you now have completed setting up the new server. If you have made changes to any of the sections that require a restart, you can now restart the machine before proceeding to the next step.

You will now see the status view of the Mividas Installer VM, including if the Mividas Installer is running and filesystem information. The following options are available:

  • Refresh status
    This will update the current status view.
  • Network settings
    Brings up the network settings described in more detail above.
  • Security settings
    Brings up the security settings view described in more detail above.
  • Login shell
    Will let you login to the VM terminal shell.
  • Upgrade installer
    Even when it is possible to update the Mividas Installer from the web interface, there is also the choice directly from the terminal if, for example, Mividas Installer can not be reached via the browser. Note that this option does not work in offline environments.
  • Hard drive cleanup
    This option lets you cleanup data from your VM including debug logs/raw call data, old versions and unused images.

On the status view you should also see the IP number that applies to the machine. You are now ready to start adding products from the Mividas product suite.

To proceed, write down the URL of the Mividas Installer displayed in the command line and enter the URL in your web browser to start the Mividas Installer. You may now continue with the Mividas Installer documentation.

1.1.1. Server specifications

Before you begin installing the Mividas Installer VM, please review the server specifications and prerequisites below.

Server specifications

Recommended system requirements for production use, single server/VM:

Normal traffic installationHigh traffic installation (*)
<1000 concurrent call participants
<1000 managed endpoints/devices
1000-2000 concurrent call participants
1000-2000 managed endpoints/devices
4x vCPU
8Gb Ram
100Gb storage, SSD/SAN is recommended (**)
1-2 NIC, preferrably behind firewall/reverse proxy
8x vCPU
16Gb Ram
200GB storage, SSD/SAN based (**)
1-2 NIC, behind firewall/reverse proxy

(*) For larger installations, contact Mividas for a customized deployment.

(**) In Mividas Rooms installations, you need to take the disk space of firmware files into consideration. Each firmware version may require 1-2 GB of additional storage space.

We recommend using thick disk provisioning for your virtual machine, thin disk provisioning will also most likely work but use with caution.

Prerequisites 

  1. One hostname and SSL-certificate for each one of activated functions:
    1. Core/Rooms management interface
    2. Mividas Portal and Outlook Add-in
    3. Optional – Rooms separate hostname for video endpoint API requests (for access control)
  2. Open ports in firewall according to the Network port requirements

Optional:

  1. LDAP authentication
    1. Service account with read access
    2. LDAP filter for Core/Rooms users
      1. Group name for admin permissions (optional)
      2. Group name for superuser permission (optional)
    3. LDAP filter for Mividas Portal users
      1. Group name for admin permissions (optional)
  2. Mividas Portal – SAML SSO authentication
    1. Entity ID with https:// followed by portal hostname

1.1.2. Network schematics

Mividas can be deployed in your network in a number of different ways that suit your organization. Below you will get a visual representation of common network schemas.

For port requirements please see the Network port requirements documentation and for deployment, more information is found in the VM deployment documentation.

Network schematics

You can download a collection of all schematics in PDF format by clicking here. Or find each schematic separate in the list below:

  • Core + Rooms + Meeting Portal — Single VM
    Single VM and simple deployment – flat network and internal use only. Download it as a PDF or click the image to zoom in:
  • Core — Single VM, internal use only
    Download it as a PDF or click the image to zoom in:
  • Core — Single VM and isolated network for MCUs
    Download it as a PDF or click the image to zoom in:
  • Core + Meeting Portal — Single VM and load balancer for external clients
    Single VM and access control using a load balancer for external clients. Download it as a PDF or click the image to zoom in:
  • Core + Meeting Portal — Single VM and load balancer for all clients
    Single VM and access control using a load balancer for all clients. Download it as a PDF or click the image to zoom in:
  • Core + Meeting Portal + Connect — Single VM and load balancer for external clients
    Single VM and access control using a load balancer for external clients. Download it as a PDF or click the image to zoom in:
  • Core + Meeting Portal + Connect — Single VM and load balancer for all clients
    Single VM and access control using a load balancer for all clients. Download it as a PDF or click the image to zoom in:
  • Core + Meeting Portal — Split VM
    Split VM for increased isolation. Download it as a PDF or click the image to zoom in:
  • Core + Meeting Portal + Connect — Split VM
    Split VM for increased isolation. Download it as a PDF or click the image to zoom in:
  • Rooms — Single VM and load balancer for external clients
    Access control using a load balancer for external clients. Download it as a PDF or click the image to zoom in:
  • Rooms — Single VM and load balancer for all clients
    Access control using a load balancer for all clients. Download it as a PDF or click the image to zoom in:
  • Rooms — Single VM and satellite endpoints
    Access control using a load balancer for external clients. Download it as a PDF or click the image to zoom in:
  • Core + Rooms + Meeting Portal — Full network and service isolation
    One VM for Core / Rooms and one VM for Meeting portal. Network isolation for all services. Download it as a PDF or click the image to zoom in:
  • Core + Rooms + Meeting Portal — Service Providers
    One VM for Core / Rooms and 1+ VM for Meeting portal(s) with dedicated auth/branding. Optional DMZ network for end-user Meeting Portal. Download it as a PDF or click the image to zoom in:
  • Core + Rooms + Meeting Portal + Connect — Service Providers
    One VM for Core / Rooms and 1+ VM for Meeting portal(s) with dedicated auth/branding. Optional DMZ network for end-user Meeting Portal. Download it as a PDF or click the image to zoom in:
  • Core + Rooms + Meeting Portal — Service Providers with full isolation
    One VM for Core / Rooms, and 1+ VM for Meeting portal(s) with dedicated auth/branding. Network isolation for all services. Download it as a PDF or click the image to zoom in:

1.1.3. Network port requirements

Below you will find all the network port requirements and visual schematics for your Mividas installation. These will differ slightly depending on which Mividas products are included in your installation.

Too read more about possible component isolation and network topology alternatives, see Network Schematics

Network ports

Please see details about different services and port configurations below. Download the network port requirements as a PDF by clicking here.

Public servicesIncoming (TCP)
Web UI, feedback events, CMS CDR events, Pexip Eventsink events, API requests443 (multiple hostnames)
Browser redirect to HTTPS. Feedback events and passive provisioning for endpoints without TLS support. 80 (optional)
Rooms Mail invite events25 or 587 (optional, configurable)
Rooms Proxy client2222 (optional, configurable)
Internal/operational servicesIncoming (TCP)
Installer web UI8999 (may be filtered in firewall, for system administrators only)
Low level troubleshooting22 (may be filtered in firewall, for system administrators only)
Outbound connectionsOutbound port
Package/software download, OS updates80, 443, 53 (TCP/UDP) public internet
API requests to CMS, VCS, Pexip443 (configurable)
LDAP389 / 636 (configurable)
Mail notifications, invites25/587 (configurable)
External streaming/recording providers443 (optional)
SAML login authorization443 (optional, configurable)
SMS provider eg. MoSMS, Sendinblue, Twilio or GatewaySMS 443 (optional)
Electronic ID provider eg. Swedish BankID443 (optional)

TLS Ciphers

Enabled SSL ciphers can be configured using the Installer > Server settings > SSL Settings > SSL mode setting.

Only modern/secure ciphers enables the following ciphers (minimum TLS 1.2):

  • TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
  • TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
  • TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384
  • TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
  • TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305
  • TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305

Better compatibility setting allows connections from older video conference systems without support for TLS 1.2 but should not be used because of the security implications.

Visual guides of network port schematics

Find a visual representation of network ports below for different types of installations. You can download a collection of all schematics in PDF format by clicking here.

Mividas Core

Download it as a PDF or click the image to zoom in:

Mividas Rooms

Download it as a PDF or click the images to zoom in:

Active connection through LAN/DMZ with Mividas Proxy (Optional)

Mividas Core + Mividas Rooms

Download it as a PDF or click the image to zoom in:

Mividas Core + Mividas Rooms + Mividas Connect

Download it as a PDF or click the image to zoom in:

1.1.4. Reverse proxy / load balancer

Mividas can be deployed in your network in a number of different ways that suit your organization. See the deployment guide for more information.

To help filtering traffic for different services in different network zones, Mividas Core and Rooms allow using different domain names and/or URL-prefixes for different types of services.

URL prefix guide – most often opened up beyond LAN/DMZ

If you have enabled Mividas Core scheduling API and Separate domain name for Rooms Endpoint event requests in the Installer, these services are already filtered for their respective domain name. Otherwise, the main management hostname should allow all traffic for regular users, and the following URL-prefixes may be filtered for external systems and external edge nodes.

Mividas Core(the main hostname allow access to all services, also if dedicated service hostnames are used)
/cdr/Call detail records and external policy requests from CMS and Pexip Infinity nodes
/json-api/v1/Management API (note, almost everything can be changed using this API. You may add only specific API endpoints to your load balancer configuration)
Mividas Core Scheduling API(may use a dedicated domain name)
/api/v1/Meeting scheduling API
Mividas Rooms(may use dedicated domain name)
/tms/

/ep/
HTTP Feedback events, passive provisioning from Cisco video conferencing systems
/site_media/media/firmware/

/tms/firmware/download/

/ep/firmware/download/
Firmware files for Cisco video conferencing systems
/epm/proxy/Mividas Proxy client handshake
Mividas Core Meeting Portal
/outlook/v1/Outlook addin + scheduling API requests
/saml/SAML2 SSO-authentication

Example – Reverse proxy for satellite offices, with local firmware cache

Prerequisites:

  • Split DNS for the remote office with the domain names of the Core/Rooms-server overridden to the LB/RP
  • Valid SSL certificates
  • Replace 123.123.123.123 with the real IP of the server, and replace mividas.example.org with the fqdn for Mividas Core/Rooms installation
  • If using “Separate domain name for Rooms Endpoint event requests” in your installation, replace endpoints.example.org with the configured fqdn. Otherwise remove the last server{}-block
  • Example to start using docker, with the file below named mividas.conf and certificates in a directory named “ssl”:
docker run --rm -p 80:80 -p 443:443 -v `pwd`/mividas.conf:/etc/nginx/conf.d/default.conf -v `pwd`/ssl/:/etc/nginx/ssl/:ro nginx

mividas.conf:

proxy_cache_path /var/cache/nginx keys_zone=mividas_static:100m inactive=10h max_size=30g;
limit_conn_zone $server_name zone=firmware:1m;

upstream mividasvm {
	server 123.123.123.123:443;
}

server {
	listen 80;
	server_name mividas.example.org;
	server_name endpoints.example.org;
	location / {
		rewrite ^/?(.*) https://$http_host/$1;
	}
}

server {
	listen 443 ssl http2;
	server_name mividas.example.org;

	ssl_certificate /etc/nginx/ssl/mividas.example.org.fullchain.crt;
	ssl_certificate_key /etc/nginx/ssl/mividas.example.org.key;

	# set_real_ip_from 234.234.234.234;  # Uncomment this to pass client IP from upstream proxies

	proxy_set_header Host mividas.example.org;
	proxy_set_header X-Real-IP $remote_addr;
	proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
	proxy_pass_request_headers on;
	underscores_in_headers on;

	proxy_http_version 1.0;
	proxy_ssl_session_reuse on;

	# Add your access rules here (ip/geoip etc)

	location / {
		proxy_pass https://mividasvm;
	}
	location ~ ^(/site_media/media/firmware/|/(tms|ep)/firmware/download/) {
		proxy_cache mividas_static;
		proxy_cache_valid 200 7d;
		proxy_cache_revalidate on;

		proxy_cache_lock on;
		proxy_cache_lock_age 60s;
		proxy_buffering off;

		limit_conn firmware 10;

		proxy_pass https://mividasvm;
	}
	location /site_media/ {
		proxy_cache mividas_static;
		proxy_cache_valid 200 60s;
		proxy_cache_revalidate on;

		proxy_cache_lock on;
		proxy_cache_lock_age 60s;
		proxy_buffering off;

		proxy_pass https://mividasvm;
	}

}

# Only needed if using "Separate domain name for Rooms Endpoint event requests" in your installation:

server {
	listen 443 ssl http2;
	server_name endpoints.example.org;

	ssl_certificate /etc/nginx/ssl/endpoints.example.org.fullchain.crt;
	ssl_certificate_key /etc/nginx/ssl/endpoints.example.org.key;

	# set_real_ip_from 234.234.234.234;  # Uncomment this to pass client IP from upstream proxies

	proxy_set_header Host $http_host;
	proxy_set_header X-Real-IP $remote_addr;
	proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
	proxy_pass_request_headers on;
	underscores_in_headers on;

	proxy_http_version 1.0;
	proxy_ssl_session_reuse on;

	# Add your access rules here (ip/geoip etc)

	location / {
		proxy_pass https://mividasvm;
	}
	location ~ ^(/site_media/media/firmware/|/(tms|ep)/firmware/download/) {
		proxy_cache mividas_static;
		proxy_cache_valid 200 7d;
		proxy_cache_revalidate on;

		proxy_cache_lock on;
		proxy_cache_lock_age 60s;
		proxy_buffering off;

		limit_conn firmware 10;

		proxy_pass https://mividasvm;
	}
}

Mividas Rooms Proxy-client TCP port forward. Add this outside of the http-configuration, e.g. in /etc/nginx.conf or by creating a file in /etc/nginx/mods-enabled/mividas_proxy.conf


# Mividas Rooms Proxy client (optional). Replace 2222 with your configured port number
stream {
    server {
        listen               2222;
        
	# Add your access rules here (ip/geoip etc)

        proxy_pass           123.123.123.123:2222;
    }
}

1.2. Mividas Installer

Mividas Installer is our product for configuring and deploying products that are available for your specific license key. Here you will also specify default settings to simplify the installation of our various products, which we will go through in this section.

We assume that you have already followed and completed the set up of the Mividas virtual machine in your server network. If not, please see the VM deployment documentation before proceeding.

Set a new password

After completing the set up of Mividas virtual machine, you will have access to both IP number and URL via the machine’s command line.

You can now from a computer with access to the server’s network navigate via your browser to the displayed URL, which takes you to the Mividas Installer interface.

Note that browsing to the machine hostname will require correct records in your DNS. The installer can also be reach by IP address in the format https://<IP address>:8999.

If this is the first time you are visiting Mividas Installer via the browser, the first thing you will need to do is choose a password for your installation. The password you choose will be the one used for all future access to Mividas Installer, so it is important that you save this. Simply enter your desired password and click “Create password” to proceed.

Activate your license key

After you have entered the password and are now logged in to Mividas Installer, the next step is to activate your license key.

Here we will go through how to proceed if your server has access to the internet. If your server does not have internet access, please see the Mividas Installer in offline environment documentation.

If you have not entered a license key, the first thing you encounter on the Mividas Installer start page is a notice stating that you do not currently have an active license key. Then start by clicking on “Set license key” in the notice to proceed.

In the next step, enter the license key you received from your distributor. The check box “Ignore verification errors and save anyway” is primarily used in environments where Mividas virtual machine does not have access to the Internet, you can read more about this in the section Mividas Installer in offline environment.

In cases where the virtual machine has access to the internet, the checkbox should be left unchecked to validate the license and get a list of licensed components. Fill in your license key in the text box and click on “Submit” to proceed.

Active license

You can see an overview and status of your current license key by navigating to “Settings” at the top of the page and then clicking on the “Active license” tab. Here you can see which products the license key applies to, and at what time the license key expires for each product.

Change license key

Change your license key by navigating to “Settings” via the top menu of the page followed by going to the “Change license key” tab. Here you simply enter your new license key in the text field and hit “Submit” to proceed.

1.2.1. Server settings

Once you have entered a valid license key, you will be redirected to the general settings. To simplify the workflow, these settings will later be used as the default settings for all the Mividas products that you later choose to install.

You can always go back and change these default settings by navigating to Settings which is always displayed at the page top navigation.

General server settings

The first thing you will need to fill in is general settings regarding your server.

  • Server is running on SSD / SAN instead of hard drive
    This setting is for database management which will be optimized based on the selection you make here.
  • Allow sending traceback of unhandled errors to Mividas
    With this choice, you allow Mividas products to send traceback of unhandled errors back to Mividas for troubleshooting.
  • Timezone and default language
    Finally, you choose which time zone and language to set as default for your upcoming product installations.

Network settings

  • Internal IP address of server
    This IP number should be the same as for the virtual machine you set up for the Mividas Installer. The IP number will be automatically filled in with the same value as on the server.
  • Internal hostname of server
    Enter the hostname to use for your server, preferably the same hostname as the one you entered when you set up Mividas virtual machine (read VM deployment for more information).
  • Trusted HTTP load balancer / reverse proxy IPS
    It is common to have a firewall or load balancer that first receives calls and then forwards them to the server. By filling in the IP address, the load balancer here should e.g. the actual IP numbers from the calls to appear in logs instead of the IP number of the load balancer.
  • DNS Overrides

SSL settings

The next section that you need to fill in is SSL settings, here you can upload the various certificates that should be used by default when someone connects to the server.

Mividas Installer also has tools for creating certificates that are mainly used for testing or while waiting for the valid certificates. You can read more about this under Certificate management.

Default outgoing email settings (SMTP)

Here you enter information for your outgoing SMTP server that will be used, for example, when sending invitation messages. These settings are optional and will be automatically filled in when installing future products, which will otherwise be left blank.

  • Display-name of sender
    Enter the name that should appear as the sender when sending an email.
  • Sending email address
    Enter the e-mail address that will apply to e-mails, in most cases a no-reply address is usually entered here.
  • Relay hostname (SMTP server hostname)
    Enter the hostname of the SMTP server through which the email is to be sent.
  • Use SSL
    Check this if SSL is to be used for secure communication.
  • Port
    Specify the port to use for the SMTP server.
  • Username
    Enter the user name of the SMTP server.
  • Password
    Finally, enter the password that applies to the SMTP server. If there is no password, enter a hyphen as the password.

Default LDAP authentication settings

Here you enter default information for your LDAP or AD server so that you do not have to enter this information every time a new product is added.

See LDAP and SAML SSO login for more information

Mividas Installer onboarding is now complete

After specifying the various default settings for the server, you are now ready to start adding products that are available through your license key. These products appear on the Mividas Installer home page that you access by clicking on the logo at the top left of the page, or “Installation” in the main navigation at the top of the page.

1.2.2. Troubleshooting tools

To simplify the process of troubleshooting settings and installation, Mividas Installer comes with tools to be able to test in your environment directly from Mividas Installer.

You can access these tools by clicking on Network tools in the top navigation.

LDAP test

For troubleshooting your LDAP connection, this tool is available to quickly and easily test lookups in your LDAP. Simply fill in the fields and click on “Test LDAP query” and the result will appear for your request.

Network tools

Use these tools to verify DNS lookups and try connecting to different IP/TCP-ports directly from the Mividas Installer server to check firewall and route settings.

SSL check

Use this tool to check the SSL connection for an FQDN.

1.2.3. Certificate management

TLS/SSL certificates are crucial for private information exchange and to validate that the received information has not been altered. Mividas installer includes tools to help deal with these seemingly complex technologies.

Sometimes it can take a while to get access to valid certificates, which is why Mividas Installer has tools to be able to generate test certificates while waiting for the valid ones to arrive. To simulate a real environment, both a root CA issuer and an intermediate CA issuer is generated. Note that these should only be used in tests or proof of concept environments.

You will find the certificate management tools by navigating to “Certificates” located in the header navigation of the Mividas Installer.

Certificates management

Use this tool to upload your certificate pairs and check certificate information. To help with demo-setups a self signed CA and certificate generation service is also included.

When first navigating to certification management you will be met by the certificate overview where you will see all available certificates. Find information including the expiration date, upload date, and Issuer. You also have the choice to delete selected certificates.

Clicking on the title of a certificate from the overview will bring you to the certificate details page for the specific certificate, where you will find tools such as update certificate, create CSR request or export private key. Read more about this topic in the Certificate details documentation.

General information about certificates

Certificates files should use Base 64-encoded PEM format, and the public certificate should always include the full certificate chain for better compatibility with different services, video conferencing systems and web browsers.

I.e. the public certificate file should include the certificate for the service followed by intermediate certificate(s) and the root CA. If the file contains only one certificate some devices or services may not work correctly even if everything looks ok in the administrators web browser.

Use external tools, e.g. https://www.ssllabs.com/ssltest/ or openssl from the command line openssl s_client -connect core.example.org:443 to validate your installation.

Example of a public key for core.example.org opened in a text editor:

—–BEGIN CERTIFICATE—–
(core.example.org content)
—–END CERTIFICATE—–
—–BEGIN CERTIFICATE—–
(Intermediate CA content)
—–END CERTIFICATE—–
—–BEGIN CERTIFICATE—–
(Root CA content)
—–END CERTIFICATE—–

Upload or generate certificates

By scrolling down on the certificate overview page you will find tools for uploading new certificates or have the Mividas Installer generate temporary self-signed certificates for all products without assigned certificates. Lastly, you have the choice to generate new certificates.

Custom CA

Make sure to upload custom CA certificates to allow communication between services. E.g. to allow Meeting Portal (portal.example.org) to schedule meetings through a Mividas Core installation (core.example.org), the CA that have signed the certificate of core.example.org must be approved on the Mividas Portal server in the Installer.

Find the CA / intermediary tools by navigating to “Certificates” located in the header navigation of the Mividas Installer followed by clicking on the “CA / Intermediary” tab.

1.2.3.1. Certificate details

On the certificate details page, you will find more information and tools for a specific certificate.

You will reach this view by navigating to “Certificates” located in the header navigation of the Mividas Installer, then click on the title of your desired certificate from the certificates overview.

Certificate general information

The first thing you will see is a table with general information about the specific certificate. Scrolling down will show tools and actions for the certificate described below.

Update certificate

Use the form to update the certificate, choose a name and select your private key and public certificate and click “Update”. You also have the choice to delete the certificate.

Public certificate

You will see the public certificate in the text field and also have the option to download the public certificate by clicking on “Download”.

Generate CSR

Create a CSR request, simply fill in the form and click the “Generate CSR request” button, and you are done.

Export private key

Lastly, you have the option to export the certificate private key, simply click the “Export” button.

1.2.4. Installation and upgrades

After you have finished setting up Mividas Installer, the next step is to onboard the products that are available for your license key.

Install Mividas Products

Settings differ depending on the product you choose to install. See the documentation for more information on installing each specific product.

All settings can be changed after the installation by pressing the “Configure”-button for each component and then pressing “Deploy” to apply the new settings.

Upgrade Mividas components

Always take VM snapshot before upgrade. From the dashboard, select one of your installed products by pressing the Details-button. For each installed component (e.g. Mividas Core, Meeting Portal etc), select the version you want to upgrade to.

At the bottom of the page, press “Deploy” to install the new version.

Uninstall component

Always take VM snapshot before uninstall. Select “Uninstall” that is at the bottom of the version select box. Press Deploy to apply the change.

Convert Mividas products

Always take VM snapshot before conversion. It is also possible to convert Mividas products. This becomes relevant if e.g. the license is changed so that more product choices are available, then it is possible to choose from an already existing installation to convert this to another product. These choices then appear at the bottom of the deployment for a specific installation.

Upgrade Mividas Installer

Always take a VM snapshot before upgrading. To upgrade Mividas Installer, start by navigating to “Settings” in the menu at the top of the page, then click on the “Upgrade installer” tab. Note that this is for an online version of Installer.

On this page you get information about the currently installed version and can easily upgrade to the latest version by clicking the “Start upgrade” button. Note that the process may take a few minutes to fully implement.

Here you also have the opportunity to export an offline bundle of your current version and then use it if you have an environment without internet access. You can read more about this in the section Managing offline bundles.

1.2.5. Offline environment

If Mividas virtual machine has been set up in a network where the server does not have access to the internet, the approach to configuring and installing products will look a bit different.

If you have set up the Mividas Installer virtual machine in an environment with internet access you may skip this section.

Even in an offline environment, the first step is to enter your license key, but in this case check “Ignore verification errors and save anyway” before you choose to proceed. This causes Mividas Installer to ignore verification errors due to the connection failure and save it anyway. To install the actual software you will need to export offline bundle packages from a separate Mividas Installer with internet access.

Proceed as follows:

  • Online VM: Follow the steps in the documentation VM deployment and install a virtual machine in an environment with internet access.
  • Online VM: Navigate to Mividas Installer via the URL you received from the command line when setting up the virtual machine.
  • Online VM: Enter default password
  • Online VM: Proceed to enter license key
  • Online VM: After your license key has been verified, you now have the opportunity to export bundle packages of the product range that is available for your license key, which you can read more about in the section Export product bundle for offline use.
  • Offline VM: Enter your license key in the text field, tick “Ignore verification errors and save anyway” and click “Submit”.
  • Offline VM: Fill in server settings ​​for your environment, which you will find more detailed information about in the section Enter default information.
  • Offline VM: Once an offline bundle has been exported from the Online VM, you now need to import it to your Mividas Installer located in the offline environment. Read more about how to proceed with this in the Handle offline bundles section.

Export product bundle for offline use

To create an offline bundle, start by configuring the product that you intend to bundle for offline use. Note that you only need to enter the required fields, the settings you enter will need to be re-entered when you then configure the product in your offline environment.

This section is only relevant for you who install Mividas Installer in an environment that does not have access to the internet and can otherwise be skipped.

Then select the versions you of the product you want to export to your installation that does not have internet access. Once you have selected the version for the product, then click on “Export offline bundles” further down the page and save the resulting file.

Export Mividas Installer for offline upgrade

A new version of Mividas Installer can also be bundled for use in an environment that lacks internet. Start by navigating to “Settings” in the menu at the top of the page followed by clicking on the “Upgrade installer” tab.

On this page you have the option to export an offline bundle version by clicking on “Export offline bundle of installer”. The file you exported can then be used to upgrade Mividas Installer in an environment that lacks internet. You can read more about using offline bundles in the next section.

Handle offline bundles

For this section, we assume that you have gone through Mividas Installer onboarding in an offline environment and have now exported an offline bundle that you will now import in the environment that lacks internet access.

This section is only relevant if you have installed Mividas Installer in an environment that does not have internet access.

Start by navigating to “Settings” via the menu at the top of the page followed by clicking on the “Handle offline bundles” tab. Here you can then easily import the offline bundle that you exported in previous steps. Select the file and click “Import” to proceed.

After the offline bundle have been imported you should now have access to configure and deploy the products you exported with the offline bundle.

1.2.6. LDAP authentication settings

As groups and paths in the LDAP / AD environment often differ between organizations, this section may need to be done in consultation with your organization’s AD group.

LDAP Settings

Mividas Installer also has tools to easily test your LDAP or AD settings to make it easier for you to troubleshoot and get started, you can read more about this under Troubleshooting tools.

These settings are optional and will be automatically filled in when installing future products, which will otherwise be left blank.

Server *
Enter the hostname of the current LDAP or AD server to use by default. Use “fqdn:389” to use a specific port

Service account DN / username *
Here you enter the path to the account to be used as a service account. The path is often unique to your particular organization.

Password
Enter the password for your LDAP or AD server. The field will get empty after pressing save.

Use LDAPS-connection
Connect to the server using SSL-based LDAPS-connection (port 636 by default). Make sure you have added any custom CA-certificates to make verification work

Ignore TLS / SSL verification errors
Ignore TLS CA verification.

TLS over regular LDAP port 389 may be used even if LDAPS is not enabled so unless you have added custom CA certificates for verification login may fail.

Disable referral chasing

By default unchecked

Base dn *
Specify where in the tree the initial search for results should begin.

User filter *
Here you choose how users are filtered out and displayed.

By default, the filter allows all users in the LDAP tree to use the systems, so you should change it according to your environment and filter out restricted users.

See more information about filters and examples below

Admin group DN
Specify which group in the tree will have elevated admin rights in the system, which opens up additional settings and functions for the logged-in user.

Superuser group DN
Specify which group in the tree that will give members superuser status (highest). Use this with caution as these users will have full control over the system and should only be assigned to users with high technical knowledge.

Customer attribute
Enter attributes for the customer’s shared key in multi-tenant installations.

Read Only
If this is checked, users will not have access to functions such as changing passwords, e-mails or other information for their users.

Organization membership attribute (only some components)

For automatic mapping of users to the organization tree, specify a comma-separated list of attributes containing different levels of the organization to allow fine-grained call statistics. E.g. topLevelOrganization,secondsLevelOrganization

Username attribute (only some components)

Which attribute to use to generate a username when scheduling meetings. Format: <ldap_fieldname>[/<search>/<replace>] Example: email/example.org/video.example.org to use the content of attribute email but replace example.org with video.example.org. A common use is the email field as-is for Pexip Infinity installations, and email or userPrincipalName with replace string to generate userJid with the correct SIP-domain for Cisco Meeting server

Ldap Filters

To limit access only to users belonging to specific groups you can add a variation of the following filter:

Direct members: (memberOf=cn=group,cn=users,dc=example,dc=org)

Nested membership, if running Active Directory: (memberOf:1.2.840.113556.1.4.1941:=cn=group,cn=users,dc=example,dc=org)

Full example, Active Directory, for users with direct membership of cn=group

(&(|(sAMAccountName=%(user)s)(userPrincipalName=%(user)s))(objectClass=person)(memberOf=cn=group,cn=users,dc=example,dc=org))

Full example, OpenLDAP/Redhat DS, for users with direct membership of cn=group

(&(|(uid=%(user)s)(objectClass=person))(memberOf=cn=group,cn=users,dc=example,dc=org))

1.3. Core installation

In this section, we go through the steps that are necessary to get started with your Mividas Core installation.

We assume that you have a running Mividas virtual machine, if not please see the VM deployment documentation.
We also assume Mividas Installer is set up correctly and that you have activated your license key, if not please see the documentation for Mividas Installer before proceeding.

Release notes for Mividas Core can be found here.

Proceed by reading about Mividas Core installation and upgrades.

1.3.1. Installation and upgrades

The Mividas Installer start screen shows all the products that you have access to via your license key. In this case, there should be an alternative to install Mividas Core.

Mividas Core is available as either a stand-alone installation or in combination with other Mividas products.

Start by clicking on “Configure” for the Mividas Core product on the Mividas Installer start screen. This takes you to the configuration of your installation of Mividas Core before it is ready for deployment. In this example we are using the stand-alone version of Mividas Core.

Hostname

The first thing to fill in is information regarding the hostname to be used for your Mividas Core installation. Fill in the hostname and possibly the certificates to be used for access to the installation after deployment. Read more about certificates.

Local settings

Specify which language and time zone to use. Note that Mividas Core will first and foremost use the language setting in the web browser for selecting language for the user interface, if the web browser language is not available then the default language will be used instead.

Outgoing email settings (SMTP)

Fill in the SMTP settings that will be used for example for e-mail invitations. If you have filled in these settings when you did your onboarding of Mividas Installer, the fields will be pre-filled with what you specified in that step, but can now be changed if desired.

Other settings

These settings are usually not necessary but are available for specific cases where they are needed.

Optional settings

Often these settings are not necessary to fill in but are available to make more specific changes.

LDAP authentication settings

By default, settings for LDAP will be filled in with what was specified when onboarding Mividas Installer, but can here be changed for your Mividas Core installation.

See LDAP authentication settings for more information about LDAP

All users matching LDAP filter can log in and have write permission. Make sure to limit access using the user filter field

Cisco Meeting Server

Set which different number series that should apply for your meeting rooms, so that they can be matched to your current environment. This step will also be included in the onboarding wizard for Mividas Core and can be specified there as well.

Separate domain name for scheduling-API

Choose if you want network separation for the scheduling API, so that traffic will go through a separate hostname if you want to add firewall rules or the like. These are also slimmed down so only the functions that apply to the scheduling API are used by this hostname.

Separate domain name for Rooms Endpoint event requests

This option is available for Core + Rooms installations. Should an event be sent to Mividas Rooms from the conference system, this can then go via a separate hostname to be able to distinguish this traffic and e.g. add firewall rules.

This is something we recommend using to also simplify troubleshooting but also if there is e.g. any overload, one can also shut down this particular type of traffic temporarily in a simpler way.

Separate domain name for incoming SMTP invites

You have the option to specify a separate domain to use for conference system email addresses. This is used, among other things, to redirect e-mails through external spam filters. Enter the hostname and any settings for the certificates to be used.

Save configuration and continue

Note that all the Settings you have entered in these steps can be changed at a later time. you can read more about this under Update settings after deployment.

After you have gone through and filled in the necessary settings, you proceed by clicking on “Configure” at the bottom of the page that takes you to the step to deploy Mividas Core with the settings you have selected.

Deployment

After you have gone through and filled in the necessary settings during the configuration and clicked on “Configure”, you will be redirected to the step to deploy your installation of Mividas Core.

Start by selecting which version of Mividas Core to install in the drop-down list to the right then click on “Deploy changes” to start the installation. You can now follow the installation process in a terminal that appears under the deploy button. When the installation is complete, you may reload the page and then you should see the correct version displayed for Mividas Core.

The next step is to move on to the onboarding for your Mividas Core installation. Open a web browser and navigate to the hostname that you entered for the installation. Read more in the Onboarding wizard documentation. Note that the hostname you selected for your installation must be a valid record in your DNS.

Update settings after deployment

After the installation of Mividas Core is complete, you still have the option to change settings. To do this, click on the installation you want to change from the Mividas Installer start screen.

Then click on “Configure” for the product you wish to change settings for and make the changes you desire. After you are satisfied, click on “Save” which will take you back to the deployment of the product. Finally, you need to click on “Deploy changes” to apply the new settings to your installation.

After the installation process is complete you may now reload the page and your update is completed.

1.3.2. Onboarding

After completing the Installation process and then navigating to your Mividas Core installation via your web browser you will be met by the Mividas Core onboarding wizard described below.

Organization

Enter a name and click continue. This organization will be used as the default organization for your Core installation.

Add video cluster

The next step in the wizard is to set up a video cluster. Start by filling in a description for the cluster followed by choosing whether it is CMS or Pexip this cluster applies to.

Add CMS server or Pexip Infinity server

Depending on the cluster type the next step is to add your CMS server or Pexip Infinity server to your cluster. Note that a cluster can consist of a number of different server nodes. More details are available via the Adding a Cisco Meeting Server cluster and Adding a Pexip Infinity cluster documentation.

Add call control clusters

You can also add your VCS in the onboarding wizard. Read more about the steps in the Adding a VCS cluster documentation.

Choose password

Here you may enter a password for the fall back user ”mividas_fallback”. Recommendation is to set a password so you always have a fall back user for recovering the platform. You may skip this step, but will then have to use one of your LDAP users for future access.

All done!

After completing the onboarding wizard you are now ready to start managing your video conferencing platform with Mividas Core.

1.4. Rooms installation

In this section, we go through the steps that are necessary to get started with your Mividas Rooms installation.

We assume that you have a running Mividas virtual machine, if not please see the VM deployment documentation.
We also assume Mividas Installer is set up correctly and that you have activated your license key, if not please see the documentation for Mividas Installer before proceeding.

Release notes for Mividas Rooms can be found here.

Proceed by reading about Mividas Rooms installation and upgrades.

1.4.1. Installation and upgrades

The Mividas Installer start screen shows all the products that you have access to via your license key. In this case, there should be an alternative to installing Mividas Rooms.

Note that Mividas Rooms is available as either stand-alone installation or in combination with other Mividas products.

Start by clicking on “Configure” for the Mividas Rooms product on the Mividas Installer start screen. This takes you to the configuration of your installation of Mividas Rooms before it is ready for deployment. In this example we are using the stand-alone version of Mividas Rooms.

Hostname

The first thing to fill in is information regarding the hostname to be used for your Mividas Rooms installation. Fill in the hostname and possibly the certificates to be used for access to the installation after deployment. Read more about certificates

Locale settings

Specify which language and time zone to use. Note that Mividas Rooms will first and foremost use the language setting in the web browser for selecting the language for the user interface, if the web browser language is not available then the default language will be used instead.

Outgoing email settings (SMTP)

Fill in the SMTP settings to be used for the installation. If you have filled in these settings when you did your onboarding of Mividas Installer, the fields will be pre-filled with what you specified in that step, but can now be changed if desired.

Other settings

These settings are usually not necessary but are available for specific cases where they are needed.

Optional settings

There are also optional settings. Often these are not necessary to fill in but are available to make more specific changes.

LDAP authentication settings

By default, settings for LDAP will be filled in with what was specified when onboarding Mividas Installer, but can here be adapted for your particular Mividas Rooms installation.

See LDAP and SAML SSO login for more information about LDAP

All users matching LDAP filter can log in and have write permission to systems. Make sure to limit access using the user filter field

Separate domain name for incoming SMTP invites

You have the option to specify a separate domain to use for conference system email addresses. This is used, among other things, to redirect e-mails through external spam filters. Enter the hostname and any settings for the certificates to be used.

Save configuration and continue

Note that all the Settings you have entered in these steps can be changed at a later time. you can read more about this under Update settings after deployment.

After you have gone through and filled in the necessary settings, you proceed by clicking on “Configure” at the bottom of the page that takes you to the step to deploy Mividas Rooms with the settings you have selected.

Deployment

After you have gone through and filled in the necessary settings during the configuration and clicked on “Configure”, you will be redirected to the step to deploy your installation of Mividas Rooms.

Start by selecting which version of Mividas Rooms to install in the drop-down list to the right then click on “Deploy changes” to start the installation. You can now follow the installation process in a terminal that appears under the deploy button. When the installation is complete, you may reload the page and then you should see the correct version displayed for Mividas Rooms.

The next step is to move on to the onboarding for your Mividas Rooms installation. Open a web browser and navigate to the hostname that you entered for the installation. Read more in the Onboarding wizard documentation. Note that the hostname you selected for your installation must be a valid record in your DNS.

Update settings after deployment

After the installation of Mividas Rooms is complete, you still have the option to change settings. To do this, click on the installation you want to change from the Mividas Installer start screen.

Then click on “Configure” for the product you wish to change settings for and make the changes you desire. After you are satisfied, click on “Save” which will take you back to the deployment of the product. Finally, you need to click on “Deploy changes” to apply the new settings to your installation.

After the installation process is complete you may now reload the page and your update is completed.

1.4.2. Onboarding

After completing the installation process and navigating to your Mividas Rooms installation via your web browser you will be met by the Mividas Rooms onboarding wizard.

Organization

Enter a name and click continue. This organization will be used as the default organization for your Rooms installation.

Choose password

Here you may enter a password for the fall back user ”mividas_fallback”. Recommendation is to set a password so you always have a fall back user for recovering the platform. You may skip this step, but will then have to use one of your LDAP users for future access.

If the password for the fallback user is non-existent or forgotten, and the LDAP integration is down, password recovery is only available via the virtual machine. In this case please contact support for further assistance. A password recovery in this way is a time-consuming process and that is why we always recommend setting a password for the fallback user which you then store in a safe place.

All done!

After completing the onboarding wizard you are now ready to start managing all your video conferencing systems with Mividas Rooms.

From here, please review the Mividas Rooms documentation for more information about how to start working with your new Mividas Rooms installation.

1.5. Meeting Portal installation

In this section, we go through the steps that are necessary to get started with your Mividas Meeting Portal installation.

We assume that you have a running Mividas virtual machine, if not please see the VM deployment documentation.
We also assume Mividas Installer is set up correctly and that you have activated your license key, if not please see the documentation for Mividas Installer before proceeding.

Release notes for Mividas Meeting Portal can be found here.

Proceed by reading about Mividas Meeting Portal installation and upgrades.

1.5.1. Installation and upgrades

The Mivida Installer start screen shows all the products that you have access to via your license key. In this case, there should be an alternative to installing Mividas Meeting Portal.

Note that Mividas Meeting Portal requires a Mividas Core product for communication.

See other instructions to install multiple Meeting Portals and connect them to the correct customers

Start by clicking on “Configure” for the Mividas Core product on the Mividas Installer start screen. This takes you to the configuration of your installation of Mividas Meeting Portal before it is ready for deployment. The first thing you need to do is to select “Mividas Meeting Portal” as the product you are about to install.

Hostname

The first thing to fill in is information regarding the hostname to be used for your Mividas Meeting Portal installation. Typically this will be a public FQDN but can of course be used in a strictly private network. For secure connections to the portal, be advised to use a SSL certificates validated by the end users computers. Read more about certificates.

Dial info and presentation

Add a site title for your Meeting Portal, usually the name of your organization.

The “Example login username” will decide what the username should look like, e.g. “[email protected]

The SIP-domain and H.323 Gateway IP will be used for the invite sent to meeting participants. If your Cisco or Pexip meeting platforms and conference systems uses a specific SIP-domain, you will add that here, e.g. “mividas.com”. The H.323 gateway typically uses a gateway IP address, e.g. “88.83.48.200”.

Local settings

Here you specify which language and time zone to use. Note that Mividas Meeting Portal will first and foremost use the language setting in the web browser for selecting language for the user interface, if the web browser language is not available then the default language will be used instead.

Outgoing email settings (SMTP)

Fill in the SMTP settings that will be used for example for e-mail invitations. If you have filled in these settings when you did your onboarding of Mividas Installer, the fields will be pre-filled with what you specified in that step, but can now be changed if desired.

This is a key configuration for Mividas Meeting Portal.

Optional settings

There are also optional settings. Often these are not necessary to fill in but are available to make more specific changes.

Book API settings

This setting is relevant if you are installing split VM/several Mividas Meeting Portal instances that will communicate with Mividas Core installed on another server. Follow the instructions to set up the right information and use the API keys to connect the portal to the right customer in Mividas Core. Note that the public certificate used by the hostname of the Mividas Core installation must be approved for communication to work.

LDAP authentication settings

By default, settings for LDAP will be filled in with what was specified when onboarding Mividas Installer, but can here be changed for your Mividas Meeting Portal installation. Please be advised to contact your IT department for this part of the configuration.

See LDAP and SAML SSO login for more information

SAML SSO settings

The Mividas Meeting Portal supports SAML2-based SSO (single-sign-on) for easy integration for users as no user name or password will be necessary. The Mividas Meeting Portal is also ADFS compatible.

SMS settings

You can combine meeting invitations by e-mail with SMS, adding the provider and credentials. Please contact your Mividas partner for more information to integrate with your choice of SMS provider. This feature can be used for 2FA scenarios (2-factor authentication).

Save configuration and continue

Note that all the Settings you have entered in these steps can be changed at a later time. you can read more about this under Update settings after deployment.

After you have gone through and filled in the necessary settings, you proceed by clicking on “Configure” at the bottom of the page that takes you to the step to deploy Mividas Meeting Portal with the settings you have selected.

Deployment

After you have gone through and filled in the necessary settings during the configuration and clicked on “Configure”, you will be redirected to the deployment step of your installation.

Start by selecting which version of Mividas Meeting Portal to install in the drop-down list to the right then click on “Deploy changes” to start the installation. You can now follow the installation process in a terminal that appears under the deploy button. When the installation is complete, you may reload the page and then you should see the correct version displayed for Mividas Meeting Portal.

The next step is to move on to the onboarding for your Mividas Meeting Portal installation. Open a web browser and navigate to the hostname that you entered for the installation. Read more in the Onboarding wizard section. Note that the hostname you selected for your installation must be a valid record in your DNS.

Update settings after deployment

After the installation of Mividas Meeting Portal is complete, you still have the option to change settings. To do this, click on the installation you want to change from the Mivida Installer start screen.

Then click on “Configure” for the product you wish to change settings for and make the changes you desire. After you are satisfied, click on “Save” which will take you back to the deployment of the product. Finally, you need to click on “Deploy changes” to apply the new settings to your installation.

After the installation process is complete you may now reload the page and your update is completed.

1.5.2. Secure meeting

In this section, we go through the necessary steps to configure your Mividas Portal to be able to schedule secure meetings.

Prerequisite

  • License for Mividas Identify and Secure meeting types.
  • Install Mividas Meeting Portal v2.9.0 or higher and Mividas Identify v1.0.0 or higher.
  • Configure both your Mividas Identify installation and Mividas Meeting Portal installation to make them communicate together and to add support for scheduling secure meetings type via the Meeting Portal by following the steps here.

Related information

Configuration

Follow the steps below to configure your Mividas Meeting Portal installation to get access to the API key to be used in your Mividas Identify installation.

Backend admin

Settings for activating secure video meetings in the Mividas Meeting Portal are located in the backend admin, start by navigating there through the steps below.

  1. Navigate via a browser to the address you have specified for your Mividas Meeting Portal installation https://{fqdn_portal}
  2. Log in using an account with administrator permissions
  3. Click on your avatar ( in the upper right corner)
  4. Lastly, select ”Backendadmin” from the dropdown menu

Note: If you are already logged in as a user with administrator permissions, a quick way to reach the backend admin is to just add /admin to the end of the portal fqdn as follows: https://{fqdn_portal}/admin

Set up secure meeting settings

Once inside the portal’s backend admin, a list should appear with available settings for the portal. Follow the steps below to add a new meeting type for secure video meetings.

  1. Click on ”Secure meetings settings”
  2. If there is a configuration in the “Secure meetings settings” list, click on an existing configuration or create a new one
  3. Enter the URL to the Identify server in the format:
    https://{fqdn_identify}
  4. Check ”Enabled”, if not enabled the meeting type won’t show up on the Mividas Meeting Portal start page
  5. Copy the ”API key” to be used in the Identify configuration

Set up Secure meeting types

The next step is to configure “Secure meeting types”, you need to configure one for each authentication type.

Please visit Installation and upgrades Identify for details on setting up different authentication methods.

Settings for setting up Secure meeting types are also located in the backend admin. Follow the steps below to add a new Secure meeting type.

  1. Click on “Secure meeting types”
  2. Click on the existing meeting type or create a new one by clicking “ADD SECURE MEETING TYPE ?” in the top right corner.
  3. Configure the settings on the page:
    • System name in Core API: Set this to “secure”
    • Icon: Text…
    • Numerically: This controls the order for the scheduling button on the frontpage of Mividas Portal
    • Turn on email invitation: Must be checked for secure meeting types! (Menu will be removed in the next version).
    • Turn on automatic dialing: Adds a step in the scheduling dialog to add video endpoint SIP URIs to automatically dial when the meeting starts.
    • Turn on the moderator pin: Unchecked for secure meeting types! (Menu will be removed in the next version).
    • Force guest PIN: Unchecked for secure meeting types! (Menu will be removed in the next version).
    • Force moderator PIN to be set: Unchecked for secure meeting types! (Menu will be removed in the next version).
    • Advanced settings: See documentation about Advanced settings in Mividas Portal – TODO
    • Default login type moderator: Sets the default authentication method for the Moderator.
    • Selectable login modes, moderator: Set the selectable authentication methods for the Moderator for this meeting type. Which methods are ok to use and what is the function : none:none, portal:login, sso:portal, sso:login, sso:all, sso:validate, eid:identify, eid:validate, sms:code, sms:pin
    • Default sign-in type: Sets the default authentication method for the Guest.
    • Selectable login methods: Set the selectable authentication methods for the Guest for this meeting type. Which methods are ok to use and what is the function : none:none, portal:login, sso:portal, sso:login, sso:all, sso:validate, eid:identify, eid:validate, sms:code, sms:pin
    • Enable meeting agenda: Enable a hidden agenda, not visible until authenticated.
    • Enable separate agenda for moderator and participant: Enable separate hidden agenda for Moderator and Guest
    • Enable sending invitations via another program: Enable a tab in the sceduling dialog wher you can copy the invite and send via your own email client, chat, sms or other.
    • Replace sender address in moderator invitation email: Replace the standard sender email address in the moderator invite.
    • Replace sender address in participant invitation email: Replace the standard sender email address in the participant invite.
    • Number of days before meeting log is hidden in interface: Set the number of days that you want the meeting log to be dosplayed in Mividas Portal user interface.
    • Heading, button: Heading above the scheduling button, if you want to change the standard text.
    • Hjälptext i knapp: Help text above the scheduling button, if you want to change the standard text.
    • Rubrik i mötesbokningsflöde: Heading in the first dialog box when scheduling a meeting.
    • Rubrik för instruktioner: Not used with Secure meeting types! (Menu will be removed in the next version).
    • Rubrik för moderator-instruktioner: Not used with Secure meeting types! (Menu will be removed in the next version).
    • Beskrivning på formulärsfält för identifikation: Type in the attribute that is used for verification, i.e email, Personal Identification number.
  4. Click Save.

1.5.3. Onboarding

After completing the installation process and navigating to your Mividas Meeting Portal installation via your web browser you will be met by the Mividas Meeting Portal onboarding wizard.

Choose password

Here you may enter a password for the fall back user ”mividas_fallback”. Recommendation is to set a password so you always have a fall back user for recovering the platform. You may skip this step, but will then have to use one of your LDAP users for future access.

Settings

The last step in the onboarding wizard allows you to upload a logo, choose a light colour theme and some support texts that will be shown to users in the Mividas Meeting Portal front end. If you don’t want users to schedule recording of meetings from the Microsoft Outlook add-in (separate license), please choose “Do not show recording options”.

More comprehensive branding support will be available by navigating to “Theme settings”  well inside Mividas Meeting Portal. Here, for example, you can set colors on buttons and icons to make Mivida’s Meeting Portal follow your organization’s graphic profile.

All done!

After the configuration, you may log in to the Portal front end. If you have a LDAP server or SSO configured, you may use any user from e.g. an Microsoft Active Directory. You can also use the mividas_fallback user and the password you entered earlier in the onboarding wizard.

You can update your user information with an e-mail address if none is configured from e.g. Microsoft Active Directory. This e-mail will be used as a sender address as you invite meeting participants.

Backend admin

You may change the Mividas Portal front end by adding “/admin” after the URL, e.g. “https://portal.yourdomain.com/admin”

This opens the backend admin interface for the Mividas Portal end user web page. You can add administrators and regular users without having to use e.g. LDAP. This is typically used for admins and evaluation processes. You can organize users in groups.

You can add meetings in the “Book” section, great for testing and troubleshooting as you do not need to be logged in to the front end as a regular user.

The “Flat blocks” section is an editor for some of the text fields in the user interface.

The “Self registrations” is used if you want users to create their own portal user accounts. They need to use an e-mail address from a trusted domain to self register.

1.5.4. API Key/Customer-matching

One Mividas Core installation can have one or many Mividas Core Portal user frontends for scheduling meetings, using both Portal instances for specified customers or a shared instances for multiple customers

If you install Mividas Core and Mividas Core Meeting Portal at the same time, these settings will be automatically configured for the default Customer (tenant).

Follow the instructions below to add a new or separate Meeting Portal installation or modify the connected customer

Install a separate Meeting Portal server

For service providers and large installation we recommend a separate VM for Mividas Meeting Portal(s).

Follow the VM deployment guide and use the same license key as the first server.

To only install Mividas Core Meeting Portal, press “Install new product” and select “Mividas Core + Rooms” or “Mividas Core” depending on your license. On the next step when selecting component, don’t select Mividas Core, (i.e. only Mividas Core Portal and maybe Outlook Addin if should be used). You need to enter the FQDN for the Mividas Core installation under “Book API key” (see below).

Make sure to import any custom Root CA-certificates from the certificate configured for Mividas Core on the Portal server to allow SSL-connection between them

Book API key-settings in Installer

Relevant form fields:

External Mividas Core server domain name – FQDN for the Mividas Core main hostname. E.g. “core.example.org”.

Default customer shared key – This key will be matched to an existing Customer in Mividas Core using the Customer shared keys. (Backend admin > Provider > Customer, click on the relevant customer name).

Disable dynamic customer shared key – Check this box to lock this Mividas Portal to a single Customer. If you are using a central Mividas Core Portal for multiple tenants, leave this unchecked to dynamically match Customer keys using the LDAP users DN tree, or the Default customer shared key as a fallback. See LDAP customer matching below.

API Key – This is the main API-key to allow communication between this Mividas Core Portal-installation and Mividas Core. This must be approved in Mividas Core Backend admin > API Keys > Scheduling portal API-keys.

LDAP multitenant customer matching

If Disable dynamic customer shared key is not checked in the Installer, the Customer shared key will be dynamically generated from the DN of the logged in users LDAP tree..

See Multi-tenant API Key/customer-matching for more information

Mapping example: One static customer with a dedicated Portal

Mividas Installer > Mividas Meeting Portal > Book API settings:

External Mividas Core server domain namecore.example.org
Default customer shared keyabc123
Disable dynamic customer shared key(checked)
API keyqwerty987 […]

Mividas Core > Backend admin > API Keys > Scheduling portal API Keys:

Keyqwerty987 […]

1.5.5. Multi-tenant API Key/customer-matching

One Mividas Core installation can have one or many Mividas Core Portal user frontends for scheduling meetings, using both Portal instances for specified customers or a shared instances for multiple customers

If you install Mividas Core and Mividas Core Meeting Portal at the same time, these settings will be automatically configured for the default Customer (tenant).

Single tenant / dedicated Portal

See API Key/Customer matching if you are using a single tenant or dedicated Portal

Book API key-settings in Installer

Relevant form fields:

External Mividas Core server domain name – FQDN for the Mividas Core main hostname. E.g. “core.example.org”.

Default customer shared key – This key will be matched to an existing Customer in Mividas Core using the Customer shared keys. (Backend admin > Provider > Customer, click on the relevant customer name).

Disable dynamic customer shared key – Check this box to lock this Mividas Portal to a single Customer. If you are using a central Mividas Core Portal for multiple tenants, leave this unchecked to dynamically match Customer keys using the LDAP users DN tree, or the Default customer shared key as a fallback. See LDAP customer matching below.

API Key – This is the main API-key to allow communication between this Mividas Core Portal-installation and Mividas Core. This must be approved in Mividas Core Backend admin > API Keys > Scheduling portal API-keys.

LDAP multitenant customer matching

If Disable dynamic customer shared key is not checked in the Installer, the Customer shared key will be dynamically generated from the logged in users LDAP-structure.

The default way to generate the key is by using the LDAP tree structure and the OU that the user object belongs to in the tree. You can override this with a custom ldap attribute by settings the Customer attribute field in LDAP authentication settings in the settings of the Mividas Portal installation in Installer.

Example LDAP user DN:

uid=testuser,ou=department1,ou=myorganization,dc=example,dc=org

This schema gives the same result (or a mix thereof):

cn=testuser,cn=department1,cn=myorganization,dc=example,dc=org

Example Default customer shared key-value in Installer:

aabbcc123

This will match Customers in Mividas Core that have the following shared keys, in order of match priority:

  • department1,myorganization,aabbcc123
  • myorganization,aabbcc123
  • department1,myorganization
  • myorganization
  • department1

External LDAP-sources

When connecting Mividas Core Portal to a LDAP-source where an external part has control of the LDAP tree structure, always select relevant customers of “Limit to customers” in Mividas Core > Backend admin > API Keys > Scheduling Portal API Keys > [Key object] so that users can’t be matched to a customer of another LDAP tree if the OU-names are the same

Mapping example: Shared Portal with LDAP-connection

Mividas Installer > Mividas Meeting Portal > Book API settings:

External Mividas Core server domain namecore.example.org
Default customer shared keyabc123
Disable dynamic customer shared key(not checked)
API keyqwerty987 […]

Mividas Core > Backend admin > API Keys > Scheduling portal API Keys:

Keyqwerty987 […]

Mividas Core > Backend admin > Provider > Customer > [Customer object 1] > Customer Keys:

Shared keyexampleltd,abc123
Example LDAP user DN:uid=username,ou=dept1,ou=exampleltd,dc=example,dc=org

Mividas Core > Backend admin > Provider > Customer > [Customer object 2] > Customer Keys:

Shared keyotherltd,abc123
Example LDAP user DN:uid=username,ou=dept34,ou=otherltd,dc=example,dc=org

1.5.6. SAML SSO

Mividas Meeting Portal have support for Single Sign On (SSO) through SAML2 that can be used with (among others) Microsoft ADFS, Keycloak/Redhat SSO and Netscaler as the idP.

SAML idP-settings:

Entity URISet in installer. (example “https://portal.example.org”)
Force NameID-formatyes
NameID-formatPersistent – use username/sAMAccountName as NameID
BindingPOST
Redirect / Login-URLhttps://<portal FQDN>/saml/acs (example “https://portal.example.org/saml/acs”)
Claims:username
email
displayName
memberOf (only required to allow admin-permissions)

Most idPs have these by default, except for memberOf. All claims can be looked up from LDAP if also configured, see below

For idP-specific configuration examples, see:

On prem ADFS: See step by step guide

Azure ADFS:

  • Sign in to the Azure portal and go to the Azure Active Directory service
  • On the left navigation pane, select the Azure Active Directory service.
  • Navigate to Enterprise Applications and then select All Applications.
  • To add new application, select New application.
  • Press New application, then Create your own application
  • Input Mividas and select “Integrate any other application you don’t find in the gallery (Non-gallery)”.
  • Activate the “Single sign-on”-tab and select SAML
  • Edit the Basic SAML Configuration. Use your chosen Entity URI (see table above) and set the Redirect URL from table above in the Sign on URL-field. Press Save.
  • Optionally, add a group clain containing groups that may be used to determinate user permissions. Under advanced options, check “Customize the name of the group claim” and change the Name to memberOf. Press Save.
  • Copy the App Federation Metadata Url to the Metadata XML field in the Mividas Installer.
  • Save and deploy to use the new login

KeyCloak: External link

Configuration in Mividas Installer

To enable SSO, configure your Meeting Portal in the installer and navigate to the “SAML SSO”-settings.

Input the “Entity URI” that you will use in your idP-connection, e.g. “https://portal.example.org” and point to the metatdata.xml for your idP-provider.

For ADFS: https://<ADFS server FQDN>/FederationMetadata/2007-06/FederationMetadata.xml

For Keycloak: https://<Keycloak server FQDN>/auth/realms/<REALM>/protocol/saml/descriptor

Combination with LDAP

If LDAP authentication is also configured, only users that matches the LDAP-filter are allowed to login. Any missing SAML-claims (email, displayName or memberOf) will be looked up from the users LDAP-attributes.

1.5.7. SSO for Microsoft ADFS

Use this guide to get up and running with Single sign-on for Microsoft ADFS.

Prerequisite

  • You should have deep knowledge about the Mividas products, AD FS, DNS, and Certificates. 
  • AD FS Service installed and configured for the organization. 
  • All certificates and CA root and Intermediary certificates should be installed. 
  • Hostname/Fully Qualified Domain Name of AD FS Service and Mividas Meeting Portal.
  • NTP configured and in sync. 
  • LDAP Authentication/Synchronization is already setup in Mividas Portal with groups for Administrators and Superusers or local administrator/Superusers are configured in backend with the username formatted as username@{your_domain}

    Without this step, you will not be able to log in as an administrator to the backend with any user.

Configuration step by step

Start by following these steps:

1. Configure Relying Party Trust

The first step is to start the AD FS Manager. Click on the Windows flag on the server hosting the ADFS Service and select Windows Administrative Tools -> AD FS Management.

When AD FS Management is started, right-click on Relying Party Trust and select Add Relying Party Trust, and then click on Start.

Select Enter data about the relying party manually followed by clicking on Next.

Enter a Display name and click on Next.

Click on Next in the following Window.

  1. Check the Enable support for the SAML 2,0 SSO service URL checkbox.
  2. Enter https://<portal FQDN>/saml/acs in the Relying Party SAML 2.0 SSO service URL field.
  3. Click on Next.

Enter the URL used for accessing the Mividas Portal as
https//<Mividas Portal FQDN> in the Relying party trust identifier field and click on Add.

Click on Next.

Click on Next

Choose an appropriate access control policy for your implementation followed by clicking on Next.

Click on Next on the next page.

Click on Close on the next page.

2. Add claims to the configuration

There are 2 ways to enter claims, manually map attributes in the GUI or using Custom Claim to paste in the Custom Claim data at the end of this section.

Right-click the Relying Party created above, and select Edit Claim Issuance Policy…

Click on the Add Rule button.

Select Send LDAP Attributes as Claims from the dropdown menu and click on Next.

Select Active Directory as the Attribute store and select the LDAP Attribute in the left column and type in the corresponding claims in the right column in the Mapping of LDAP attributes to outgoing claim types field (as the screenshots below) and click on Finished.

Note: If you want to use a Custom Claim instead, see below:

Custom Claim if you are using LDAP authentication in Mividas:

c:[Type == "http://schemas.microsoft.com/ws/2008/06/identity/claims/windowsaccountname", Issuer == "AD AUTHORITY"]
 => issue(store = "Active Directory", types = ("http://schemas.xmlsoap.org/ws/2005/05/identity/claims/nameidentifier", "email", "displayName"), query = ";sAMAccountName,mail,displayName;{0}", param = c.Value);

Custom Claim if you are using local accounts as administrators:

c:[Type == "http://schemas.microsoft.com/ws/2008/06/identity/claims/windowsaccountname", Issuer == "AD AUTHORITY"]
 => issue(store = "Active Directory", types = ("http://schemas.xmlsoap.org/ws/2005/05/identity/claims/nameidentifier", "email", "displayName", "givenName", "last_name"), query = ";sAMAccountName,mail,displayName,givenName,sn;{0}", param = c.Value);

Note: If you are using local accounts as administrators instead of LDAP authentication in Mividas, you need to enter additional claims as in picture 2.

Alternative claims when using local users formatted as username@{your_domain}  for administrator accounts instead of using LDAP authentication in combination with SAML/SSO.

In this case, you also need clams for givenName and last_name.

Click on OK to close the configuration dialog.

3. Configure Mividas Portal

Go to Mividas Portal Installer and go to settings for Home/Installed/Mividas Core + Rooms/Mividas Core Meeting Portal and enter the same Identity URL in the Entity URI to pass to SAML server* field

  • Enter: https://<AD FS FQDN>/FederationMetadata/2007-06/FederationMetadata.xml in the URL to autoconfig metadata XML-file field.
    If you don’t have access to the idp Metadata URL, you can paste the Metadata in the “Local/offline idP metadata XML” field instead.

4. Test the configuration

Type the portal URL in a web browser and click the login button. You will now be redirected to the selected logon method in the AD FS server. 

Enter your credentials and click the login button.

You will now be redirected to the Mividas Meeting Portal. 

Troubleshooting

Mividas Installer logs

Start by checking the logs via the Mividas Installer. Navigate to Mividas Installer and follow the steps below:

Step 1: Click on Details in the Mividas Core + Rooms card.

Step 2: Click on Log viewer on the Mividas Core Meeting Portal card.

Step 3: Check the service that ends with _web and click Display logs to view the logs.

Timing issue between Mividas Meeting Portal and ADFS

If you see the following in the logs there is a time issue between Mividas Meeting Portal and ADFS.

| XML parse error: Can't use response yet: (now=2022-05-02T13:56:38Z + slack=0) <= notbefore=2022-05-02T13:56:39.221Z

Solution

The solution relies on using the PowerShell API to make the modification.  There is no setting for “NotBeforeSkew” when configuring Relying Trust in the GUI.

Load up the ADFS PowerShell plug in
Add-PSSnapin Microsoft.Adfs.PowerShell

View current values
Get-ADFSRelyingPartyTrust –identifier “urn:party:sso”

Set the skew to 1 minutes Where “urn:party:sso” is one of the Identifiers for your Relying Party and you want the NotBefore values set back 1 minutes before the ticket is created.
Set-ADFSRelyingPartyTrust –TargetIdentifier “urn:party:sso” –NotBeforeSkew 1

Diffie-Hellman Key to short

If you see the following in the log the idp is probably using a Diffie-Hellman Key lenght of 1024 bit.

"139651732964544:error:141A318A:SSL routines:tlsprocessskedhe:dh key too small:../ssl/statem/statemclnt.c:2158:"

Solution

Follow the instructions in Security advisor from Microsoft: https://learn.microsoft.com/en-us/security-updates/SecurityAdvisories/2016/3174644?redirectedfrom=MSDN to increase Diffie-Hellman Key lenght.

Workaround
This problem occurs when the ADFS server is using a Diffie-Hellman Key lenght of 1024 bit and you are trying to retreive the ADFS Metadata dynamically.

If you van’t change the ADFS server Diffie-Hellman Key lenght support at this time, folow the steps below:

  • Remove the config in the field “URL to autoconfig metadata XML-file” from Mividas Portal (Step 4 above).
  • Use the same URL in your web-browser to retreive the metadata as a text file.
  • Copy the content of the textfile in the “Offline idP metadata XML” instead.
  • Save
  • Deploy Mividas Portal

1.6. Identify installation

In this section, we go through the steps that are necessary to get started with your Mividas Identify installation.

We assume that you have a running Mividas virtual machine, if not please see the VM deployment documentation.

We also assume Mividas Installer is set up correctly and that you have activated your license key, if not please see the documentation for Mividas Installer before proceeding.

Release notes for Mividas Identify can be found here.

Configuration flowchart

A simplified illustration of the Mividas Identify installation can be seen below:

Proceed by reading more about the Mividas Identify installation and upgrades here.

1.6.1. Installation and upgrades

In this section, we go through the detailed steps that are necessary to configure your Mividas Meeting Portal and Mividas Identify for secure video meetings with participant identification and verification.

To get started with your installation, it is necessary to configure both your Mividas Identify installation and Mividas Meeting Portal installation to make them communicate together and to add support for scheduling secure meetings type via the Meeting Portal. Below are the necessary configurations required for both products.

Prerequisite

Installing Mividas Identify

The Mividas Installer start screen shows all the products that you have access to via your license key. In this case, there should be an alternative for you to install Mividas Identify. Start by navigating to the Mividas Installer via your browser https://{fqdn_installer}:8999 and log in using your installer password.

Once logged in to the Mividas Installer, click “Configure” for the Mividas Identify product on the Mividas Installer start page under “Configure a new product”. This takes you to the configuration of Mividas Identify before it is ready for deployment. The below settings will appear:

Main domain name for web interface

Here you specify the Hostname /FQDN that will be used to reach this Mividas Identify instance.

You can also select from a list of existing certificates to be used by this Identify installation, or if you have a certificate and public key already prepared, you can add them by uploading the certificate and key files in this section. After uploading, you can select your certificate in the “Select existing certificate” selection box.

If you want to create a certificate from a Certificate Signing Request (CSR) before proceeding, you can do so by selecting the menu “Certificates” in the top right of the page.

Locale settings

Here you specify which language and time zone to use. Note that Mividas Identify will first and foremost use the language setting in the web browser for selecting a language for the user interface, if the web browser language is not available then the default language will be used instead.

Outgoing e-mail settings (SMTP)

Fill in the SMTP settings that will be used for sending e-mails. If you entered these settings when you did your onboarding of Mividas Installer, the fields will be pre-filled with what you specified in that step, but can now be overridden for your Mividas Identify installation.

Portal API settings

This section will allow you to set up API settings for requests being made from Mividas Identify and the Mividas Meeting Portal.

External Mividas Core server domain name

If this Meeting Portal should be connected to a specific Core installation, please enter the Core server domain name here. In the case of single server installation, leave this blank.

API key

Enter the API key received from the Mividas Meeting Portal. If you don’t have configured the secure meetings in the Mividas Meeting Portal and don’t have an API key, please follow the steps in this document Secure meeting to configure your Mividas Meeting Portal installation to get access to the API key to be used in your Mividas Identify installation.

LDAP authentication settings

By default, settings for LDAP will be filled in with what was specified when onboarding Mividas Installer, but can here be changed for your Mividas Identify installation.

See LDAP authentication settings for more information about LDAP

All users matching LDAP filter can log in and have write permission. Make sure to limit access using the user filter field

Deployment Mividas Identify

After you have gone through and filled in the necessary settings during the configuration and clicked on “Configure”, you will be redirected to the deployment step of your installation.

Start by selecting which version of Mividas Identify to install in the drop-down list to the right then click on “Deploy changes” to start the installation. You can now follow the installation process in a terminal that appears under the deploy button. When the installation is complete, you may reload the page and then you should see the correct version displayed for Mividas Identify.

Update settings after deployment

After the installation of Mividas Identify is complete, you still have the option to change settings. To do this, click on the installation you want to change from the Mivida Installer start screen.

Then click on “Configure” for the product you wish to change settings for and make the changes you desire. After you are satisfied, click on “Save” which will take you back to the deployment of the product. Finally, you need to click on “Deploy changes” to apply the new settings to your installation.

After the installation process is complete you may now reload the page and your update is completed.

Onboarding

Once the installation process has been completed, you can now refer to the onboarding documentation to learn about configuring your new Mividas Identify installation and adding various authentication options.

1.6.2. Onboarding

After completing the Installation process and navigating to your Mividas Identify installation via your web browser you will be met by the Mividas Identify onboarding wizard described below.

Choose password (1/3)

Here you may enter a password for the fallback user ”mividas_fallback”. A recommendation is to set a password so you always have a fallback user for recovering the platform. You may skip this step, but will have to use one of your LDAP users for future access.

Branding (2/3)

Here you can change the default logo on the landing page, web browser favicon, and colors for the background, buttons, and web links. When you do the changes you will see a preview of the result at the bottom of this dialog window.

Support information (3/3)

Here you can set the support information that will be shown in the frontend help topics and forms

All done!

After completing the onboarding wizard you are now ready to start configuring your Mividas Identify with the different authentication options.

1.6.2.1. SAML

In this section, we go through the necessary steps to configure your Mividas Identify installation for SAML authorization.

The actual Authentication method for the end user can be different depending on the method(s) presented by the SAML idp. Examples of different authentication methods can be One Type Password, SMS Code, Digital identification card/eID (eg. SITHS card that are widely used within Swedish healthcare), BankID (or other national electronic ID)

In this documentation, BankID will be used as an example.

Prerequisite

  • License for Mividas Identify and Secure meeting types.
  • Install Mividas Meeting Portal v2.9.0 or higher and Mividas Identify v1.0.0 or higher.
  • Configure both your Mividas Identify installation and Mividas Meeting Portal installation to make them communicate together and to add support for scheduling secure meetings type via the Meeting Portal by following the steps here.

Related information

Configuration

Follow the steps below to configure your Mividas Identify installation to be able to use SAML as an authentication method for secure access to meetings.

SAML configuration

Settings for SAML are located in the Mividas Identify backend admin, follow the steps below to set up a new, or to change a SAML configuration.

  1. Go to the URL https://{fqdn_identify}/admin/
  2. Log in to Mividas Identify with a user with superuser permissions.
  3. Click on the tab “Backend”
  4. Click on the menu “Saml configurations”
  5. Create a new configuration by clicking the “Add SAML configuration” button in the top right corner, or edit an existing configuration by clicking a specific title in the list
  6. If you are adding a new configuration, set “System configuration name” to bankid as an example, could be anything as long as same name is used in the next section “Configure a new authentication provider”
  7. Enter the “Entity id”, this value should be the same as the entity id in your idp. You may read SSO for Microsoft ADFS to see detailed steps for configuring this in Microsoft ADFS.
  8. Enter the “Remote idP metadata XML” to get dynamic idp Metadata. Example for Microsoft ADFS: https://{fqdn_ms_adfs}/FederationMetadata/2007-06/FederationMetadata.xml If you don’t have access to the idp Metadata URL, you can paste the Metadata in the “Local/offline idP metadata XML” field instead.
  9. Select e-ID login as “Auth type”
  10. Enter claims as agreed with your idp technical team.
    • Email claim – Enter the attribute containing the email-address
    • First name claim – Enter the attribute containing the First name
    • Last name claim – Enter the attribute containing the Last name
    • Full name claim – Optional, and only needed if first- and last name is not provided
    • Identification claim – Needed if you want to validate identity number, personal identification number, email, or other.
  11. Verify all data entered:

Lastly, click on the “Save” button in the bottom right. After saving the configuration, you may move on to the next topic below to configure a new authentication provider for SAML.

Configure a new authentication provider

Now you need to configure a new authentication provider. This is what you will see as an authentication method in Mividas Identify user interface, as shown below:

  1. Go back to the backend admin start page https://{fqdn_identify}/admin/
  2. Click on the menu “Auth providers”
  3. Click on the existing SAML provider, or create e new configuration
  4. In the “Backend” menu, select bankid
  5. Enter the same “System configuration name” as specified in step #6 in the above topic SAML configuration (we used bankid in this example)
  6. Check the “Enabled” checkbox, if not checked, the authentication method won’t show up on the Mividas Identify login page.
  7. Verify all data entered:

After these steps, and clicking on the “Save” button, your new authentication method will show up on the Mividas Identify start page by navigating to https://{fqdn_identify}.

1.6.2.2. BankID

In this section, we go through the detailed necessary steps to configure your Mividas Identify installation for BankID authorization.

Prerequisite

  • Install Mividas Meeting Portal v2.9.0 or higher and Mividas Identify v1.0.0 or higher.
  • Configure both your Mividas Identify installation and Mividas Meeting Portal installation to make them communicate together and to add support for scheduling secure meetings type via the Meeting Portal by following the steps here.
  • You have ordered and received a BankID certificate
    (https://www.bankid.com/utvecklare/guider/skapa-fp-certifikat/rp-cert-bestaell-mottag)

Configuration

Follow the steps below to configure your Mividas Identify installation to be able to use BankID as an authentication method for secure access to meetings.

BankID configuration

Settings for BankID are located in the Mividas Identify backend admin, follow the steps below to set up a new, or to change a BankID configuration.

  1. Go to the URL https://{fqdn_identify}/admin/
  2. Log in to Mividas Identify with a user with superuser permissions.
  3. Click on the tab “Backend”
  4. Click on the menu “Bankid configurations”
  5. You may now create a new configuration, or edit an existing configuration by clicking a specific title in the list
  6. If you are adding a new configuration, start by setting the “System configuration name” to bankid
  7. Upload your BankID certificate file and enter the certificate password.

Lastly, click on the “Save” button in the bottom right.

For testing bankID be sure to check “Test mode” which will use the bankID test environment

After saving the configuration, you may move on to the next topic below to configure a new authentication provider for bankID.

Configure a new authentication provider

Now you need to configure a new authentication provider. This is what you will see as an authentication method in Mividas Identify user interface, as shown below:

The authentication provider is also configured in the Mividas Identify backend admin. Continue by following the steps below:

  1. Go back to the backend admin start page https://{fqdn_identify}/admin/
  2. Click on the menu “Auth providers”
  3. Click on an existing BankID provider or create e new configuration
  4. In the “Backend” menu, select bankID
  5. Enter the same “System configuration name” as specified in step #6 in the above topic BankID configuration (we used bankid in this example)
  6. Enter a “Title”. This is what will be displayed in logs.
  7. The “Order” field will set the order of the Authentication buttons on the Mividas Identify homepage if you have multiple authentication provider.
  8. Check the “Enabled” checkbox, if not checked, the authentication method won’t show up on the Mividas Identify login page.

After these steps, and clicking on the “Save” button, your new authentication method will show up on the Mividas Identify start page by navigating to https://{fqdn_identify}.

1.6.2.3. SMS

In this section, we go through the necessary steps to configure your Mividas Identify installation for secure meetings with SMS code authentication

Prerequisite

  • Install Mividas Meeting Portal v2.9.0 or higher and Mividas Identify v1.0.0 or higher.
  • Configure both your Mividas Identify installation and Mividas Meeting Portal installation to make them communicate together and to add support for scheduling secure meetings type via the Meeting Portal by following the steps here.
  • One of the following SMS services:
    • SendInBlue
    • Twilio
    • GatewayAPI
    • MoSMS
    • Email to SMS gateway (mobilenumber@emaildomain)

Configuration

Follow the steps below to configure your Mividas Identify installation to be able to use an SMS code as an authentication method for secure access to meetings.

SMS provider configuration

Settings for SMS providers are located in the Mividas Portal installer, follow the steps below to set up a new, or to change an existing SMS configuration.

  1. Go to URL https://{fqdn_portal}:8999
  2. Login to the installer
  3. Click on Details for your Portal installation
  4. Click on Configure for Mividas Core Meeting Portal
  5. Click on SMS settings located at the bottom in the left menu
  6. Select your SMS provider in the selection-box Provider
  7. Fill in all data for the selected provider:
    • Username: Input the username you got from your provider, For providers using API-keys, input API key in the username-field, or use username “api-key” and the API key as password.
      If you selected Email as Provider, the recipient address is entered in th Username field as [email protected] where $country will be replaced with country code and $number will be replaced with recipient mobile number
    • Password: Input the password you got from your provider, or if you entered “api-key” as username above enter the API key.
    • Sender: Input the sendername that will be shown as the sender of the SMS.
    • Default country code: The default country code used if none is provided
    • Click Save
    • Click on Deploy Changes and wait for all services to start up and you se the message “Finished”.

Now you can continue to configure Secure meeting support in the Mividas Portal installation guide.

1.7. Outlook Add-in installation

In this section, we go through the steps that are necessary to get started with your Mividas Outlook Add-in installation.

We assume that you have a running Mividas virtual machine, if not please see the VM deployment documentation.
We also assume Mividas Installer is set up correctly and that you have activated your license key, if not please see the documentation for Mividas Installer before proceeding.

Release notes for Mividas Meeting Portal can be found here.

Configure Mividas Outlook Add-in

Mividas Outlook Add-in does not require its own configuration, but will instead use the settings set for Mividas Core and Mividas Meeting Portal, please follow the instructions for these products to make the correct configuration.

Deployment

In the Mividas Installer, start by selecting which version of Mividas Outlook Add-in to install in the drop-down list to the right then click on “Deploy changes” to start the installation.

You can now follow the installation process in a terminal that appears under the deploy button. When the installation is complete, you may reload the page and then you should see the correct version displayed for Mividas Outlook Add-in.

Upgrade

It is easy to update Mividas Outlook Add-in to a new version, just follow the instructions in the Deployment section where you instead choose a newer version of the product.

Branding support

You can change the icon and title of Mividas Outlook Add-in to make it fit into your organization’s branding profile. You do this via “Outlook settings” from your Mividas Meeting Portal installation before you deploy the add-in to your organization.

All done!

After deployment, you now have the option to install the manifest file for Mividas Outlook Add-in as an add-in to your Outlook client.

You will find instructions and the link to the manifest file via “Outlook settings” from your Mividas Meeting Portal installation.

1.8. Monitoring

The different Mividas components and services may be monitored using HTTP monitoring solutions and syslog

Core + Rooms

Core specific

Rooms specific

Scheduling Portal

Syslog

Beginning with Installer v1.8.4 you are able to configure remote syslog server using the CLI onboard wizard.

It’s possible to enable manually in earlier versions by creating a file called /etc/rsyslog.d/50-remote.conf with the following content:

UDP

        *.* action(type="omfwd" target="syslog.example.org" port="514" protocol="udp" action.resumeRetryCount="100" queue.type="linkedList" queue.size="10000" )

TCP

        *.* action(type="omfwd" target="syslog.example.org" port="514" protocol="tcp" action.resumeRetryCount="100" queue.type="linkedList" queue.size="10000" )

TCP+TLS

        global(
            DefaultNetstreamDriver="gtls"
            DefaultNetstreamDriverCAFile="/etc/ssl/certs/ca-certificates.crt"
        )

        *.* action(type="omfwd" target="syslog.example.org" port="514" protocol="tls" StreamDriverMode="1" StreamDriverAuthMode="x509/name" action.resumeRetryCount="100" queue.type="linkedList" queue.size="10000" )