Dragon speech recognition Enterprise solution Nuance Management Center Server installation and configuration guide For: Cloud version 6.
Copyright Nuance ® Management Center This material may not include some last-minute technical changes and/or revisions to the software. Changes are periodically made to the information provided here. Future versions of this material will incorporate these changes. Nuance Communications, Inc. has patents or pending patent applications covering the subject matter contained in this document. The furnishing of this document does not give you any license to such patents.
Contents Dragon_NMCInstallGuideCover_20160929_v4_Cloud 1 About this guide iv Guide overview v Audience Additional resources v vi Documentation vi Training vii Support vii Chapter 1: Introduction 1 About Nuance Management Center 2 Physical architecture 3 Chapter 2: Preparing for your installation Security considerations 4 5 General security principles 5 Installing and configuring Nuance Management Center securely 5 Nuance Management Center security features 6 Authentication metho
Contents Creating and configuring user accounts for single sign-on Creating user accounts 17 Configuring user accounts 17 Running the SetSPN.exe Windows utility 18 About SetSPN.exe 18 Downloading SetSPN.exe 18 Executing SetSPN.
About this guide Guide overview Audience Additional resources v v vi Documentation vi Training vii Support vii iv
Nuance Management Center Server Installation and Configuration Guide Guide overview This guide contains configuration instructions for single-sign-on authentication using Nuance's cloud-hosted NMC server. Audience This guide is intended for administrators whose responsibility is to perform the following: l Manage Central Authentication. l Set up and manage single sign-on user authentication. This guide assumes you have experience in hardware configuration, software installation, and networking.
About this guide Additional resources The following resources are available in addition to this guide to help you manage your Dragon installation. Documentation Document Description Location Dragon Group Citrix Administrator Guide Hardware, software, and network requirements for deploying Dragon in a network of client computers that connect to a Citrix server to access published applications.
Nuance Management Center Server Installation and Configuration Guide Document Description Location release notes. Training Nuance provides several training offerings, like webinars, demos, and online training courses. For more information, see the Nuance University web site: https://www.nuance.com/about-us/nuance-university-training.html Support The Dragon Support web site provides many resources to assist you with your Dragon installation, like forums and a searchable knowledgebase.
Chapter 1: Introduction About Nuance Management Center 2 Physical architecture 3 1
Nuance Management Center Server Installation and Configuration Guide About Nuance Management Center Nuance Management Center allows Dragon administrators to manage all Dragon clients from a single central console.
Chapter 1: Introduction Physical architecture Nuance Management Center is a standard Microsoft ASP .NET MVC web application that is hosted by Internet Information Services (IIS). The Nuance Management Center components include the following: l l l l Nuance Management Center (NMC) server—Stores application data, such as organizations, sites, groups, and users. It also stores transient data, such as log files.
Chapter 2: Preparing for your installation Security considerations 5 General security principles 5 Installing and configuring Nuance Management Center securely 5 Nuance Management Center security features 6 Opening required ports 8 4
Nuance Management Center Server Installation and Configuration Guide Security considerations When your organization implements Nuance Management Center, it is critical to install the software and its system components using secure installation methods to protect the integrity and confidentiality of your data. It is equally important to manage and monitor your system once installed to ensure that your data is protected from unauthorized access and misuse.
Chapter 2: Preparing for your installation Nuance Management Center provides the option to save report data to a CSV file. Establish best practices for downloading data to ensure the data remains secure outside of Nuance Management Center. Nuance Management Center security features Nuance Management Center provides the following security features to help you secure your system. Authentication You can choose from three different authentication methods.
Nuance Management Center Server Installation and Configuration Guide requirements for each user. Review your access control policy periodically to determine if changes to roles and permissions are necessary. Assigning privileges Privileges determine the ribbons, menus, and options that users can access in the NMC console. You assign or unassign privileges to show or hide those options.
Chapter 2: Preparing for your installation Opening required ports You must open the following ports to allow communication between components. Port Location Description 389 TCP NMC server Allows communication between the NMC server and your Active Directory, if you are using single sign-on authentication. 443 NMC server Allows communication between Dragon clients and the NMC server. Also allows communication between NMC console workstations and the NMC server.
Chapter 3: Post-installation tasks Configuring the Dragon client for use with Nuance Management Center 10 9
Nuance Management Center Server Installation and Configuration Guide Configuring the Dragon client for use with Nuance Management Center Applies to: Dragon desktop products only When you have finished the NMC server installation and configuration, you must install Dragon clients if you have not already done so, and then configure the Dragon clients for use with Nuance Management Center.
Chapter 4: Preparing for your Active Directory single sign-on configuration Single sign-on overview 12 Before you begin 13 Software requirements 13 Other requirements 13 Checklist—Planning the single sign-on setup 13 Creating an NMC console Administrator user for Active Directory 15 Setting the Active Directory connection string 16 Creating and configuring user accounts for single sign-on 17 Creating user accounts 17 Configuring user accounts 17 Running the SetSPN.
Nuance Management Center Server Installation and Configuration Guide Single sign-on overview You can optionally implement Active Directory single sign-on authentication rather than using the native Nuance Management Center authentication. With single sign-on, users can simply use their Windows login and password to access the Dragon client and other applications.
Chapter 4: Preparing for your Active Directory single sign-on configuration Before you begin Review the following before beginning your single sign-on configuration. Software requirements Cloud NMC server l Local Authenticator service You download the Local Authenticator installation file from your NMC console. For more information, see “About the Local Authenticator” on page 20. l l Server on which to install the Local Authenticator with the following: l Latest version of the Microsoft .
Nuance Management Center Server Installation and Configuration Guide Task Reference administrator account for Active Directory Directory” on page 15 Set the Active Directory connection string “Setting the Active Directory connection string” on page 16 Create and configure user accounts in the NMC console “Creating and configuring user accounts for single sign-on” on page 17 Run the SetSPN.exe Windows utility (Kerberos authentication only) “Running the SetSPN.
Chapter 4: Preparing for your Active Directory single sign-on configuration Creating an NMC console Administrator user for Active Directory To configure Active Directory single sign-on and manage settings, you must create an administrator user in the NMC console. You cannot use the initial NMC console login that Nuance provides (Nuance cloud-hosted NMC server) or the login that you create (on-premise NMC server). The administrator user must match a user that exists in Active Directory. 1.
Nuance Management Center Server Installation and Configuration Guide Setting the Active Directory connection string 1. In the NMC console menu bar, click Sites, then click the Organization Overview icon. Click your organization, and then click the Details icon in the Organizations area. The Organization Details screen appears. 2. Click the Domains tab. 3. Click Add. The Domain dialog box appears. 4. Enter the following: Name—Your domain name. For example, ABCCompany.
Chapter 4: Preparing for your Active Directory single sign-on configuration Creating and configuring user accounts for single sign-on Creating user accounts If you have not already created user accounts in the NMC console, you must create them before enabling single sign-on. You can create user accounts manually in the NMC console, or you can batch-create them by importing an XML file. You can include each user's NTLM credentials in the XML file.
Nuance Management Center Server Installation and Configuration Guide Running the SetSPN.exe Windows utility About SetSPN.exe SetSPN.exe is a Windows utility that registers the NMS Platform Service Principal Name (SPN) with the Windows domain. You run this utility to indicate to the Windows domain that the NMS Platform service is valid and trusted on the domain. During single sign-on, Dragon clients pass the credentials of authenticated Windows users securely to the NMS Platform service.
Chapter 5: Installing the Local Authenticator Chapter 5: Installing the Local Authenticator About the Local Authenticator Local Authenticator logs 20 20 Local Authenticator requirements 21 Downloading the Local Authenticator 22 Creating organization tokens 23 Installing the Local Authenticator 24 Installing and binding the SSL certificate 28 About signed certificates 28 Install the SSL certificate 28 Testing and troubleshooting your SSL configuration 31 Editing the configuration file 32
Nuance Management Center Server Installation and Configuration Guide About the Local Authenticator The Local Authenticator is a service that provides Dragon clients with Active Directory single sign-on authentication. The Local Authenticator validates Dragon client credentials when the clients attempt to connect to the Nuance cloud-hosted NMC server, and then passes the validate credential call to the cloud NMC server to create a session.
Chapter 5: Installing the Local Authenticator Local Authenticator requirements l Local Authenticator service You download the Local Authenticator installation file from your NMC console. l Server on which to install the Local Authenticator with the following: l l Quad-Core server l 2 GHz CPU l 8GB minimum RAM l 4.0GB disk storage l Latest version of the Microsoft .
Nuance Management Center Server Installation and Configuration Guide Downloading the Local Authenticator You download the LocalAuthenticator.exe file from your NMC console. You then install the Local Authenticator on a local server that is accessible to both NMC server and your Dragon clients. To download the Local Authenticator: 1. Log in to your NMC console as an administrator. 2. In the Utilities ribbon, click Tools. The Tools page appears. 3. Click Install local authenticator.
Chapter 5: Installing the Local Authenticator Creating organization tokens The Local Authenticator installation requires an organization token. You create a token in the NMC console. To create an organization token: 1. From the menu bar, select Sites > Organization Overview. 2. Right-click your organization, and then select Details. The Organization Details page appears. 3. Click the Organization Token tab. 4. Click Add to generate a new organization token. The Organization Token Info dialog box appears.
Nuance Management Center Server Installation and Configuration Guide Installing the Local Authenticator On the server where you are installing the Local Authenticator: 1. Run the LocalAuthenticator.exe file. A dialog box appears, prompting you to select a language for the installation. 2. Select your language from the drop-down list, and then click OK. The InstallShield Wizard opens. 3. Click Next.
Chapter 5: Installing the Local Authenticator 4. Leave the default value in the User Name field, and enter your company name in the Company field. Then, click Next. 5. Set the location in which to install the Local Authenticator, and then click Next.
Nuance Management Center Server Installation and Configuration Guide 6. In the Token field, enter the organization token that you generated in the NMC console, and then click Next.
Chapter 5: Installing the Local Authenticator 7. Click Install. 8. When the installation is complete, the InstallShield Wizard Complete dialog appears. Click Finish to exit the installer.
Nuance Management Center Server Installation and Configuration Guide Installing and binding the SSL certificate About signed certificates Using SSL requires that you obtain an SSL certificate issued by a certificate authority (CA). Nuance Management Center does not support self-signed certificates. You can obtain signed certificates from certificate authorities, such as GoDaddy or Verisign.
Chapter 5: Installing the Local Authenticator 2. Note the subject of the certificate. This should match the computer name that the certificate is deployed on, or be a wild card. This must match exactly the host used in the endpoints. For information on viewing the subject, see https://technet.microsoft.com/en-us/library/cc754686(v=ws.10).aspx.
Nuance Management Center Server Installation and Configuration Guide 3. Copy the thumbprint of the certificate. You use the thumbprint to bind the certificate to the port used by the primary NMS services in the next step. For information on retrieving the thumbprint, see https://msdn.microsoft.com/en-us/library/ms734695.aspx. 4. Bind the SSL certificate under IIS to port 443. a. In the IIS Manager, from the left panel, click Default Web Site. b. From the right panel, click Bindings...
Chapter 5: Installing the Local Authenticator Testing and troubleshooting your SSL configuration Run these tests on a different computer. Do not run them on the NMC server server. Use the browser 1. Can you access and log into the NMC console? a. Connect to https:///NMCHTML/. If you see the Nuance Management Center login page, port 443 is working, and the NMC console is being deployed properly. b. Log in to the NMC console. If successful, the console is able to communicate with the server. 2.
Nuance Management Center Server Installation and Configuration Guide Editing the configuration file You edit the Local Authenticator configuration file to change the NMC server address to the Nuance cloudhosted NMC server URL. You should have received this address in your welcome information from Nuance. 1. Open the folder where the Local Authenticator is installed. By default, the Local Authenticator is installed in: C:\Program Files\Nuance\Local Authenticator 2. In any text editor, open NMS.
Chapter 5: Installing the Local Authenticator Starting the Local Authenticator service 1. Open the Services dialog box. a. Click the Windows Start menu. b. In the Search field, enter services.msc, and then press Enter. c. Specify your administrator username and password when prompted. 2. Locate the NMS Local Authenticator Service. 3. Right-click the service, and then select Start.
Nuance Management Center Server Installation and Configuration Guide Chapter 6: Preparing for your Central Authentication single sign-on configuration Central authentication overview 35 Central Authentication benefits 35 Supported identity providers 36 Supported federation relationship types 37 Checklist—Planning your Central Authentication single sign-on setup 38 Obtaining required information 39 Configuring Central Authentication 40 Required grants 40 Configuring a federated relationship
Chapter 6: Preparing for your Central Authentication single sign-on configuration Central authentication overview Central Authentication provides an alternative method for implementing single sign-on in your organization. Using Central Authentication, you can use your existing Identity Provider (IdP) to authenticate against Nuance applications, allowing you to use your existing corporate credentials to log in.
Nuance Management Center Server Installation and Configuration Guide Supported identity providers Central Authentication currently supports the following identity providers: l OAuth2 l SAML l Open ID Connect l WS-Federation You can also use the NMC server as an identity provider if you don't have your own, or if you'd rather not expose your identity provider.
Chapter 6: Preparing for your Central Authentication single sign-on configuration Supported federation relationship types You can configure the following types of federated relationships: l WS-Federation l SAML l LDAP (using the on-premise LDAP connector) 37
Nuance Management Center Server Installation and Configuration Guide Checklist—Planning your Central Authentication single sign-on setup Generally, a Nuance representative configures most of your Central Authentication implementation. Use the following table to determine the information you must provide to your Nuance representative before the setup begins. Or, if you are performing your own Central Authentication setup, use the table to configure the federated relationship.
Chapter 6: Preparing for your Central Authentication single sign-on configuration Obtaining required information Nuance requires the following information to configure Central Authentication. Obtain the information, and then provide it to the Nuance representative configuring your implementation.
Nuance Management Center Server Installation and Configuration Guide Configuring Central Authentication Required grants Generally, a Nuance representative configures Central Authentication for your organization. This requires the following grant: l Manage Central Authentication—Grants the user write access to Central Authentication only for the organization to which the grant was assigned. The user can create and test federated relationships, view logs, and manage custom SAML signing certificates.
Chapter 6: Preparing for your Central Authentication single sign-on configuration Installing the Active Directory/LDAP connector You install the connector only if you selected the Use the On-Premise LDAP Connector option when you added a new federation relationship on the Central Authentication tab in the NMC console. The connector acts as a bridge between your Active Directory service and the Nuance Central Authentication portal, validating users against your Active Directory service.
Nuance Management Center Server Installation and Configuration Guide 3. Select the I accept the terms in the License Agreement check box, and then click Next. The Destination Folder screen appears. 4. Optionally change the path where the connection should be installed, and then click Next. The Ready to install... screen appears.
Chapter 6: Preparing for your Central Authentication single sign-on configuration 5. Click Install. The installation begins. 6. When the installation completes, click Finish. A screen appears in a browser, pointing to localhost.
Nuance Management Center Server Installation and Configuration Guide 7. Specify the Ticket URL provided to you by Nuance, and then click Continue. The Ticket URL uniquely identifies this connector in Auth0. The connector uses this to communicate with Auth0 federation server and complete the configuration automatically. The AD LDAP Configuration screen appears. 8. Specify the following, and then click Save. l 44 LDAP Connection String—Protocol and the domain name or IP address of your LDAP server.
Chapter 6: Preparing for your Central Authentication single sign-on configuration l Base DN—Base container for all the queries performed by the connector. Example: DC=contoso,DC=com l Username—Full name of a user to perform queries. l Password—User's password. The connector performs a series of tests. If tests complete successfully, the installation is complete.
Nuance Management Center Server Installation and Configuration Guide Test Description Recommendation might prevent such a connection.
Chapter 6: Preparing for your Central Authentication single sign-on configuration Viewing Central Authentication audit events After you have configured and implemented Central Authentication in your environment, you can view Central Authentication events, such as a federation being created or deleted, by using the Audit Events utility. The utility allows you to better monitor the actions that your users perform in the NMC console.
