Pair ICP with Enterprise Manager

Note: This flow is available for OT Security 3.18 and later.

You can pair your Industrial Core Platform (ICP) with OT Security EM and manage all your sites.

Before you Begin

Make sure that:

  • OT Security EM can connect via API to the ICP.

  • Make sure TCP 443 and TCP 28305 are open for communication from ICP to OT Security EM.

  • HTTPS connections exist between ICP and OT Security EM.

  • (Optional) Generate an API Key in OT Security EM.

    Note: This is required only when pairing using the API key option.

To pair ICP with OT Security EM:

  1. In OT Security, go to Local Settings > System Configuration > Enterprise Manager.

    The Enterprise Manager page appears.

  2. In the EM Pairing section, click Start Pairing.

    The EM Pairing Configuration panel appears.

  3. Select one of the following:

    • Pair using username and password

    • Pair using API secret

      If you select... Action
      Pair using username and password

      1. In the Hostname/IP box, type the hostname or the IP address of the EM.

      2. In the Username box, type the administrator username of the EM.

      3. In the Password box, type the password of the EM.

      4. In the EM Certificate Fingerprint, paste the certificate that you copied from the EM Certificates page.

        Tip: You can skip this step and manually approve the certificate from the EM Pairing page.

        Note: You can access the Certificates page from Local Settings > System Configuration in OT Security EM.
      Pair using API Key

      1. In the Hostname/IP box, type the hostname or the IP address of the EM.

      2. In the API Secret box, paste the API key that you copied from the EM.

      3. In the EM Certificate Fingerprint, paste the certificate that you copied from the EM Certificates page.

        Tip: You can skip this step and manually approve the certificate from the EM Pairing page.

        Note: You can access the Certificates page from Local Settings > System Configuration in OT Security EM.

  4. Click Pair.

    OT Security displays the EM Pairing page with the pairing status.

    Note: The status can show as Waiting for certificate approval (if certificate is not provided) or Pending EM approval (if automatic approval of pairing requests is disabled).

  5. (Optional) If the status shows Waiting for certificate approval:

    1. Click Show Certificate.

      The Approve Certificate panel appears.

    2. Verify if the fingerprint on the panel is the same as that on the EM Certificates page.

      Click Approve.

      OT Security approves the certificate and displays the EM pairing page with the status changed to Pending EM approval.

  6. If the status shows Pending EM approval, it indicates that Auto Approve ICP Pairing Requests is disabled, then proceed as follows:

    Tip: To approve pairing requests automatically in OT Security EM, enable the Auto Approve ICP Pairing Requests in the OT Security EM ICPs page.

    1. In OT Security EM, in the left navigation bar, select ICPs.

      The ICPs page appears.

    2. Hover over the row of the system you want to pair, do one of the following:

      • Right-click the Status column and select Approve.

      • In the upper-right corner, click Actions > Approve.

    OT Security EM approves the pairing and shows the status as Connected.

    Tip: After the pairing is complete, OT Security EM shows the following:

    • Shows the data from the ICP on the EM Dashboards.

    • Newly paired ICP appears on the ICPs page.

    • Access to the ICP by clicking the ICP name from the ICPs page. The ICP instance accessed from the EM shows the ICP label in the header. For more information, see ICPs.

    In OT Security, the Enterprise Manager page shows the status as Connected. You can click Edit to modify the EM pairing configuration.