Welcome to the Topicus KeyHub best practice guide.

Topicus KeyHub ensures the authentication and authorisations of users. This best practice guide gives examples on how to link applications to Topicus KeyHub.

Layout of this guide

This guide contains example configurations of Topicus KeyHub and linked applications. Every chapter will describe the configuration used in both KeyHub and the linked application. This guide does not provide a comprehensive list of all option. For those, please read our manual.

1. Deployment

Prior to installation, the Topicus KeyHub virtual machine needs to be deployed on a hypervisor or cloud platform. If this is already done you can skip the next segments and move directly to installation.

1.1. ESX

In the following example an ESX host managed by vSphere is used. Topicus KeyHub needs a minimum of 2 VPU’s, 6GB memory and 80GB disk space. This will be detected during verification of the uploaded image.

1.1.1. Step 1 - Download and deploy the image

Download the latest OVA from Upload the image to the ESX host from vSphere. Select the ESX host, Actions and Deploy OVF template.

Figure 1. Download and deploy the image
Select an OVF template

Upload the OVA or enter the network location.

Select a name and folder

Specify a unique name and target location

Select a compute resource

Select the destination host for the Topicus KeyHub VM

Review details

Verify the template details.

Figure 2. Download and deploy the image

1.1.2. Step 2 - Configure storage & network

Select storage

Select the storage for the configuration and disk files

Select networks

Select the network where the VM will reside.

Ready to complete

Click Finish to start creation.

Once the OVA is uploaded you can start the VM. In vSphere you can monitor the VM boot process from a webconsole.

Figure 3. Configure storage & network

After boot KeyHub will show the network configuration and the 6-digit password for first login on the console screen. Paste the given link in your browser to start the configuration.

Figure 4. Terminal welcome screen

1.1.3. Step 3 - Adjust network settings (optional)

If needed you can adjust the network settings here by pressing S.

Figure 5. Adjust network settings (optional)

This guide explains how to setup a link between Topicus KeyHub and an Active Directory. This AD can then be used for dynamic and static account provisioning.

2.1. Configuration details

In this example we used the configuration below. You should replace this with the details for your configuration.

A guide on how to prepare your AD can be found here: prepare AD

You need a group in KeyHub to connect to your application. See how to create a group here
  • Name: Linked AD

  • Technical administration group: KeyHub Administrators

  • Primary Host: linked-ad.keyhub.test

  • Trusted Certificate: Click on download to get the server certificate.

  • Bind DN: CN=KeyHub, CN=Users, DC=keyhub, DC=test

  • Bind password: the password for user KeyHub

  • Base DN: CN=KeyHub, DC=KeyHub, DC=test

  • Group RDN: OU=Groups

  • User RDN: OU=Users

Detailed info per item can be found in the manual (chapter 14.2)

2.1.1. Step 1


  • Click Add

link to ad001

2.1.2. Step 2

  • Choose Type: Active Directory

  • click NEXT

link to ad002

2.1.3. Step 3

  • Fill the details as mentioned above or your own

  • Click TEST

  • Click SAVE

link to ad003
link to ad004

To provision users to a group on the Active Directory you need to link it to a group in KeyHub.

  • Click your newly linked AD

  • Click Groups

  • Click ADD

  • Select the group you want to use

  • Select the group on the AD you want to use or select Create a new group

  • Click SAVE