Configure Initial Network Settings for On-Premises Identity Routers Using the VM Console


Configure initial network settings using the Identity Router VM Console to enable an on-premises VMware or Microsoft Hyper-V identity router virtual appliance to communicate with other resources in your environment using the management network interface. This interface connects to DNS servers, identity sources, authentication sources, and RADIUS clients. This procedure is not required for identity routers deployed in the Amazon cloud.

Note: A portal interface is recommended for IDR SSO Agent deployments with on-premises identity routers, which you can configure in the Identity Router Setup Console.

The Welcome page provides navigation instructions for the Identity Router VM Console.

Note: Avoid pressing the Windows key or Option key. These keys shift application focus away from the console. If the console loses application focus, press the Windows or Option key repeatedly to cycle focus back to the console before proceeding.

Before you begin


  1. Connect to the identity router using your VMware administration client or Hyper-V Manager.

  2. Sign into the Identity Router VM Console using the identity router administrator credentials.

    If you are the first administrator to sign in to this console for this identity router, use these credentials:

    Username: idradmin

    Password: s1mp13

    The Identity Router VM Console and Identity Router Setup Console for each identity router share the same sign-in credentials. These credentials are separate from your SecurID administrator account credentials, and are managed independently for each identity router. You are required to change these credentials the first time you sign into the Identity Router Setup Console for each identity router.

  3. To designate the management interface address, see our Quick Setup Guide for the management interface values for this identity router, and do the following:
    1. Select Management in the left-hand frame.

    2. In the IP field, enter the IP address for the management interface.

    3. In the Netmask field, enter the subnet mask for the management interface.

    4. In the Gateway field, enter the gateway address for the management interface.

    5. By default, one network interface is enabled. If you are configuring an IDR SSO Agent deployment with an on-premises identity router, SecurID recommends that you select Enable two network interfaces and press Enter. You cannot disable this setting after you commit the changes. If you want to return to one network interface after committing, you must delete the identity router and add a new one.

    6. Press F10 to save the management interface configuration.

  4. Select Commit in the left-hand frame to save the network configuration settings.
    The console displays a progress bar and status messages while saving your settings.
  5. (Optional) To verify that the identity router can communicate using the configured settings, select Diagnostics in the left-hand frame, and do the following:
    1. Check that the eth0 State is up.

    2. Check that the address in the eth0 IP field matches the value you entered for the management interface in step 3, and that the address you entered is correct.

    3. To test communication with a specific network address, enter the IP address in the Ping field, and select Test.
      If the identity router receives a response from the specified address, a success message appears.
    4. Open a web browser on another computer on your network, and verify that you can navigate to one of the following URLs:

      • https://<managementIp>:9786/setup.jsp (for one network interface)
      • https://<managementIP>/setup.jsp (for two network interfaces)

      where <managementIP> is the IP address you entered for the management interface in step 3.

      It is normal to receive an SSL warning when accessing this page, because the identity router uses a self-signed certificate for connections to the management interface.


The identity router can communicate with other resources in your network.