Configure Decipher IDP

When you have installed the Blue Prism and Decipher IDP components, you need to complete the following configuration steps before you can get started. These should be done in the following order:

  1. Configure database access:
  2. Secure the Decipher website with a Secure Sockets Layer (SSL) (production environments)
  3. Add Decipher SQL connection parameters to Web.config
  4. Ensure all Decipher services are running
  5. Activate sites and services for Decipher IDP
  6. Enable machine learning training (optional)

Grant system access (NT AUTHORITY) to the Decipher database (non-production environments only)

This configuration applies to single-server, non-production environments only.

The Decipher server service runs under the local system account. In order to access the Decipher database, this user must be given access to the database. If you don't want to perform this step for the current user, you could set Decipher to run as another user who has access to the database. The user needs sufficient permissions to create the database and then read and write to it.

To give NT authority access to the Decipher database:

  1. Open Microsoft SQL Server Management Studio and connect to the instance that is hosting your Decipher database. If you installed SQL Express, the default for this is .\SQLEXPRESS.

  2. Click Security > Logins and double-click NT AUTHORITY\SYSTEM.
  3. The Login Properties dialog displays.

  4. Click Server Roles and select the relevant the check boxes to ensure the user has db_datareader and db_datawriter access to the database.

  5. Click OK to save the changes.

Configure Windows Authentication (production environments)

For production environments, Blue Prism recommends the use of Windows Authentications using service accounts.

The Decipher services and the website application pool must run under the context of a user that has access to the relevant databases.

Configure the Decipher services

The following Decipher services must be configured with database access:

Service name Database

Required database permissions

Decipher Licensing Service

The Blue Prism database to which the Decipher license is applied.

db_datawriter / db_datareader

Decipher Server The Decipher database.

db_datawriter / db_datareader

Decipher Web SDK The Decipher database.

db_datawriter / db_datareader

To configure Windows authentication for each Decipher service listed above:

  1. From Windows Services, right-click the Decipher service and select Properties.
  2. Click the Log On tab and select This account.
  3. Enter the location and password of your service account.
  4. Perform this task for each Decipher service.
  5. Restart the Decipher services.

Grant the service account access to Decipher folders

The service account used to access the Decipher databases also needs access to the following Decipher folders:

  • The Decipher Image Storage Path – This location is defined during the Decipher Server installation and can be viewed in: C:\Program Files (x86)\Blue Prism\Decipher Server\ SsiServer.exe.config under the "ImageStorageRoot" key.
  • The Decipher application filesC:\Program Files (x86)\Blue Prism\
  • The default Decipher logging locations:
    • C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Blue Prism\Blue Prism
    • C:\Windows\System32\config\systemprofile\AppData\Local\Decipher

    • C:\Windows\System32\config\systemprofile\AppData\Local\Blue Prism

  • The default website folderC:\inetpub\wwwroot

Configure the Decipher website identity

The Decipher website identity should be set to an account that has db_datareader and db_datawriter access to the Decipher database. The service account that was specified in the Service configuration can be used.

To change the application pool identity:

  1. Open Internet Information Services (IIS) Manager.
  2. On the left-hand pane, navigate to Application Pools.

  3. Select Decipher AppPool.

  4. On the right-hand pane, click Advanced Settings.

  5. The Advanced Settings dialog displays.

  6. Under Process Model, click Identity.

  7. The (ellipsis) button displays.

  8. Click the (ellipsis) button.
  9. The Application Pool Identity dialog displays.

  10. Select Custom Account and click Set.
  11. Enter the account credentials, as prompted.
  12. Once complete, navigate back to the Application Pools list.

  13. Select Decipher AppPool and click the Recycle button.

Secure the Decipher website with a Secure Sockets Layer (SSL) (production environments)

To secure your Decipher website to use an SSL certificate:

  1. Open Internet Information Services (IIS) Manager.
  2. On the left-hand pane, expand the Sites node and select Decipher.
  3. Under Edit Site in the right-hand pane, click Bindings.
  4. The Site Bindings dialog displays.

  5. Click Add.
  6. The Add Site Binding dialog displays.

  7. From the Type drop-down, select https.
  8. Add the host name of the Decipher Server to the Host name field.

  9. Select an SSL certificate.
  10. The SSL certificate drop-down is populated with certificates from the personal certificate store on the local machine.

  11. Click OK to accept the changes.
  12. Navigate to the Decipher website and click Restart.

Any clients connecting to the Decipher website will have to trust the certificate that you selected in the above process. Self-signed certificates will need to be imported onto client machines, but it is more advisable to use a certificate from a certificate authority so that it is implicitly trusted by all clients.

Add Decipher SQL connection parameters to Web.config

In order to generate reports, the Decipher Web Client requires access to the Decipher Server database. The following connection string tells the Web Client how to access the database:

  1. Using Notepad++, open the Web.config file, which is found in the Decipher Web install folder. (The default location is C:\Program Files (x86)\Blue Prism\Decipher Web\Web.config.)
  2. Find connectionString and replace the string with the name of the SQL database connection.

    If you accepted the default settings whilst installing Decipher Server, this will be Data Source=.\SQLEXPRESS;Initial Catalog=DecipherServerDb;IntegratedSecurity=True.

    If you didn’t accept the defaults, these details can be found in the SsiServer.exe.config file. (The default location is C:\Program Files (x86)\Blue Prism\Decipher Server\SsiServer.exe.config.)

Check all Decipher services are running

Check that the necessary services exist and are running – you can do this by typing services into the Windows search bar and checking these services:

  • Decipher Automated Client Manager
  • Decipher Licensing Service
  • Decipher Server (This service will not run until the LocalSystem user has been given access to the database.)
  • Decipher Web SDK Service
  • RabbitMQ

Activate sites and services for Decipher IDP

By default, IIS creates a website on port 80. If you want Decipher IDP to run on port 80, then this default web site must be disabled or moved to avoid it conflicting with Decipher. To do this:

  1. Open IIS and click the Sites folder in the Connections panel.

  2. Select Default Web Site and click Stop on the Actions > Manage Website panel.
  3. Select Decipher and click Start or Restart.

Enable machine learning training (optional)

Machine learning training can be switched on and off in the Decipher IDP user interface via Document types. However, it first needs to be configured in the SsiDataCaptureClient.exe.config file.

  1. Using Notepad++, open the SsiDataCaptureClient.exe.config file as an Admin. (The default location is C:\Program Files (x86)\Blue Prism\Decipher Automated Clients.)
  2. Find <add key="EnableModelTrainingML" value="false" /> and set the value to true.

  3. Save the changes to the config file.

  4. Restart the Decipher Server Service.

For information on why machine learning is not enabled by default, see the Decipher IDP frequently asked questions.