4. Install Anywhere

activate anywhere extends the activate platform for secure access from the internet prerequisites core dependencies requirement description activate installed activate must be installed, configured, and operational activate configuration activate may require configuration to support anywhere (e g , enable api access, register service endpoints, align authentication mode) ssl certificate valid ssl certificate matching the anywhere hostname (anywhere company com) can be ca issued or self signed for testing application activate must be configured with an application used to authenticate users refer to identity and infrastructure deployment models docid\ wxubdgffvye9lq9kcofzh architecture options two options are available standalone on a dmz host (recommended for security isolation), see anywhere standalone server requirements docid 8tqequm2s2hsuzrpuypwy on the same server as activate (for smaller or non production environments) authentication options anywhere supports two authentication modes option description use case azure oauth authentication (default) integrates with entra id (azure ad) via oauth 2 0 cloud / hybrid deployments requiring sso secure cookie based authentication uses activate’s built in authentication and session cookies internal or trusted environments octa? other providers? the installer will detect missing prerequisites and alert you, but it does not install them automatically prepare for install verify you can access the activate portal/api from the anywhere host confirm the ssl certificate is installed under local computer → personal , including its private key record the certificate thumbprint or subject name for iis binding ensure port 443 is available on the anywhere web server enable windows authentication temporarily on the activate server activate configuration configure remote access configure activate to accept anywhere connections open activate studio on the activate server browse to configuration > external web and open the remoteaccess parameter configure these values on the authentication node, other authentication nodes should be removed or commented out configuration node value authentication/provider azure authentication/applicationid =//resources/activedirectory/external directories/azure/applicationidlogin authentication/tenantname =//resources/activedirectory/external directories/azure/tenantname authentication/redirecturi must match redirect uri configured on the application registration of the applicationidlogin application restart activate app pool install anywhere components these steps will guide you through running the installer to create a new anywhere instance to connect to your activate server depending on the security settings of the server, it is sometimes necessary to run the installation as the server administrator launch the activate installer select activate anywhere tile as the install type click the create new instance button fill the following fields on the connect dialog instance name – friendly name identifying the activate instance server path – https url of the activate server (e g https //activateselfservice) connect using – choose authentication type ( windows integrated or specific credentials) click connect to validate communication with activate on successful connection, please disable windows authentication in iis on the activate server anywhere will now connect to activate using a secure api key site binding configuration the installer now will have created the iis site for anywhere and show this message iis web site anywhere – \[instancename] – anywhere has been created or updated please review bindings and install ssl certificates you now have to configure the https site binding open iis manager locate the new site (e g anywhere – instancename) click bindings to open the site bindings dialog click add to add a new site binding and fill the following fields type = https port = 443 host name = host name of anywhere server ssl certificate = select installed ssl certificate, confirm correct certificate by comparing subject name and thumbprint as required click ok to add the new site binding select any existing type = http bindings and remove them click close restart the anywhere site the certificate hostname must match the anywhere url or users will see browser and api errors verification and testing follow these steps to confirm activate and anywhere are communicating correctly browse to https //yourdomain from a browser, both internally and externally as required verify the site loads without errors and presents the microsoft azure login page log in using an azure account confirm requests are proxied successfully by making a service request or updating your details check the windows event viewer and log files for startup or auth warnings installation complete activate anywhere is now installed and ready to enable external access to activate