Make sure you meet the Installation requirements first.

Follow the steps in order. Issue all commands in Windows command prompt using the Administrator user account.

Perform on Ubisecure CustomerID server (or relating to it):

Back up Ubisecure Directory. See the instructions from Backup and restore Ubisecure Directory - SSO.
Unpack the distribution package.
Unzip the Ubisecure CustomerID zip archive customerid-X.X.X-windows.zip into a temporary folder, for example %USERPROFILE%\Desktop\customerid.
This package contains all the required components you will need throughout the installation process. Do not download installation packages directly from Internet unless explicitly asked.
Check Java. See the instructions from Java check on Windows - CustomerID.
Install WildFly. See the instructions from WildFly installation on Windows - CustomerID.
Extract the deployment template.
Create a folder called Ubisecure under %PROGRAMFILES%:
```
cd /D "%PROGRAMFILES%"
mkdir Ubisecure
```
Unzip the cid-deployment-template-x.x.x.zip archive into this newly created directory.
An optional additional step is to also copy the file containing versioning information from the installation package to the installation folder:
```
copy %USERPROFILE%\Desktop\customerid\customerid-x.x.x-versioninfo.txt "%PROGRAMFILES%"\Ubisecure\customerid\
```
Edit the setup template and run setup. See the instructions from Setup template on Windows - CustomerID.
Configure WildFly. See the instructions from WildFly configuration on Windows - CustomerID.
Prepare PostgreSQL. See the instructions from PostgreSQL preparation on Windows - CustomerID.
Create a JDBC data source to WildFly.
Ubisecure CustomerID uses a JDBC data source to access the database, thus one needs to be created to WildFly before the Ubisecure CustomerID application can be deployed. There is a script create-datasource.cmd in the distribution package's tools folder for this purpose. Note that the win32.config file must have been configured, setup.cmd must have been run successfully, and WildFly must be running before the script create-datasource.cmd can be run successfully. Before executing the command, verify that the file \postgresql-x.x.x.jar is under the directory Desktop/customerid .
```
cd /D "%PROGRAMFILES%\Ubisecure\customerid\tools"
create-datasource.cmd
```
Successful execution will output the following text:
The batch executed successfully.
Create a directory service for Ubisecure CustomerID SQL in Ubisecure SSO Management. See the instructions from SQL directory service creation on Windows - CustomerID.
Create web agents for Ubisecure CustomerID.
Ubisecure CustomerID needs two web applications in SSO management. The first one is used to provide login functionality to the Ubisecure CustomerID user interfaces and also the LDAP user account that Ubisecure CustomerID uses when accessing Ubisecure Directory. The second web application is used when performing verifications during registrations. Ubisecure CustomerID installation package contains LDIF import files that need to be imported to Ubisecure Directory using the import functionality of Ubisecure SSO.
Importing the web applications:

This section assumes Ubisecure CustomerID is installed on a different server than Ubisecure SSO. See below if Ubisecure CustomerID is installed on the same server as Ubisecure SSO.
1. Copy the LDIF files found from %PROGRAMFILES%\Ubisecure\customerid\application\ldap on the Ubisecure CustomerID server to Ubisecure SSO server. You can place them on the desktop in a folder called customerid-ldifs.
2. Use the import.cmd script in the path UBILOGIN_HOME\ldap\adam\import.cmd to import these files.
```
cd /D "%PROGRAMFILES%\Ubisecure\ubilogin-sso\ubilogin\ldap\adam"
import.cmd "%USERPROFILE%\Desktop\customerid-ldifs\customerid.ldif"
import.cmd "%USERPROFILE%\Desktop\customerid-ldifs\customerid-secrets.ldif"
import.cmd "%USERPROFILE%\Desktop\customerid-ldifs\customerid-adlds.ldif"
```
3. Securely remove the temporary files from the desktop.
If Ubisecure CustomerID is installed on the same server as Ubisecure SSO, this command can be run in place:
cd /D "%PROGRAMFILES%\Ubisecure\ubilogin-sso\ubilogin\ldap\adam" import.cmd "..\..\..\..\customerid\application\ldap\customerid.ldif" import.cmd "..\..\..\..\customerid\application\ldap\customerid-secrets.ldif" import.cmd "..\..\..\..\customerid\application\ldap\customerid-adlds.ldif"
Create a directory service for Ubisecure CustomerID LDAP in Ubisecure SSO Management. See the instructions from LDAP directory service creation on Windows - CustomerID.

Perform on each Ubisecure SSO node:

Install PostgreSQL JDBC driver to SSO node(s).
Ubisecure CustomerID package includes a PostgreSQL JDBC driver.

NOTE: The installation instructions concerning the PostgreSQL JDBC driver to SSO are written for a single Ubisecure SSO node. If you have more nodes, these instructions should be followed on all nodes.
To install the PostgreSQL JDBC driver to Ubisecure SSO:
Copy the postgresql-x.x.x.jar library included in the root folder of the CustomerID installation archive to the Ubisecure SSO server and copy it to the the folder %PROGRAMFILES%\Ubisecure\ubilogin-sso\tomcat\lib.
Install Ubisecure CustomerID SSO Adapter to SSO node(s). See the instructions from SSO Adapter installation on Windows - CustomerID.

Perform on Ubisecure CustomerID server (or relating to it):

Add the authentication method configurations in Ubisecure SSO Management. See the instructions from Authentication method configuration on Windows - CustomerID.
Create a site specific configuration for Ubisecure CustomerID. See the instructions from Site specific configuration on Windows - CustomerID.

NOTE: This step is very important as some configuration options cannot be changed after this step.
Configure the authentication protocol.
Download Identity Provider metadata from Ubisecure SSO and generate Service Provider metadata:
1. Download IDP metadata by running the following commands:
```
cd /D "%PROGRAMFILES%\Ubisecure\customerid\tools\"
get-metadata.cmd
```
This command will show download statistics if successful.
2. Initialize Ubisecure CustomerID SPs by running the following commands:
```
cd /D "%PROGRAMFILES%\Ubisecure\customerid\tools\"
init-eidm-sp.cmd
```
This command will not display any output if successful.
3. Initialize authentication provider by running the following commands:
```
cd /D "%PROGRAMFILES%\Ubisecure\customerid\tools\"
init-eidm-ap.cmd
```
This command will not display any output if successful.
Deploy Ubisecure CustomerID to WildFly.
Ubisecure CustomerID uses WildFly as a J2EE Container. Here's how to deploy the cid-ear-x.x.x.ear and cid-worker-ear-x.x.x.ear enterprise archives (EARs):
Deploy the Ubisecure CustomerID applications to WildFly using the deploy-ear.cmd script. When invoking the script, you must supply the path to the EAR file like in the example below:
```
cd /D "%PROGRAMFILES%\Ubisecure\customerid\tools\"
deploy-ear.cmd %USERPROFILE%\Desktop\customerid\cid-ear-x.x.x.ear
deploy-ear.cmd %USERPROFILE%\Desktop\customerid\cid-worker-ear-x.x.x.ear
```
Initialize data storages.
1. Initialize Ubisecure CustomerID internal database and repository (i.e., the part of Ubisecure Directory needed by Ubisecure CustomerID) by running the following commands:
```
cd /D "%PROGRAMFILES%\Ubisecure\customerid\tools\"
init-customerid-data-storages.cmd
```
Successful execution will show: <init><initializeDatabase/></init>
2. Download SP metadata for authentication provider by running the following commands:
```
cd /D "%PROGRAMFILES%\Ubisecure\customerid\tools\"
get-metadata-for-ap.cmd
```
This command will show download statistics if successful.

Perform on each Ubisecure SSO node:

Restart Ubisecure SSO.

Run the following commands:

net stop UbiloginServer
net start UbiloginServer

Perform on Ubisecure CustomerID server (or relating to it):

Restart Ubisecure CustomerID.
Run the following commands:
```
net stop wildfly
net start wildfly
```
NOTE: Stopping the Ubisecure CustomerID service using the mentioned command may not succeed in Windows if your firewall settings block access to WildFly management.
Import example admin user.
After installing the software, it is necessary to create an administrative user. It is recommended that generic administrative accounts are not used.
To import the user organization and the first user account:
In the folder %PROGRAMFILES%\Ubisecure\customerid\tools, modify the provided template import file:
```
cd /D "%PROGRAMFILES%\Ubisecure\customerid\tools"
notepad examples\importtool\example.import
```
Include your personal account. Then execute the import:
```
import.cmd examples\importtool\example.import
```
Successful execution will show:
```
ImportTool 5.0.13
Create 'Users': OK
Create 'leena.laine@example.com': OK
  'Assign Role': OK
```
For more details, refer to the page Data import from external systems - CustomerID.

You can now log in to CustomerID using the URL https://<eidm.url>/eidm2/wf/admin

eidm.url value can be found from the file %PROGRAMFILES%\Ubisecure\customerid\application\win32.config

If the login page https://<eidm.url>/eidm2/wf/admin doesn't load and you get an HTTP error, make sure you have met the network requirements as defined in Installation requirements.

Perform on Ubisecure CustomerID server (or relating to it):

Importing the web applications:

Perform on each Ubisecure SSO node:

To install the PostgreSQL JDBC driver to Ubisecure SSO:

Perform on Ubisecure CustomerID server (or relating to it):

Perform on each Ubisecure SSO node:

Perform on Ubisecure CustomerID server (or relating to it):

To import the user organization and the first user account:

Browser not supported