1. Network configuration (AMI only)
In appliance/AMI deployments, the operator assigns an IP address via the console using the bootstrapkioskuser account. The kioskuser password is provided out-of-band.
1
Access the appliance via the physical / virtual console
Log in as
kioskuser.2
Configure IP, gateway, DNS, NTP
Use the menu-driven kiosk to set the static network configuration.
3
Reboot
Select the reboot option from the kiosk menu.
4
Verify dashboard access
Navigate to
https://<instance-ip>. The dashboard administrative password is provided out-of-band.In Kubernetes/Helm deployments, network ingress is exposed via your Ingress Controller and Helm-chart values control replica counts and resource sizing — there is no kiosk step.
2. First admin sign-in
The initial admin authenticates using a local dashboard account. After sign-in:- Change the admin password (Profile → Security).
- Bind Enterprise SSO if available (Profile → Identity Providers). The initial local admin remains as the break-glass entry point.
- Configure SIEM forwarding (Settings → SIEM Integration) if you have a log collector.
3. Create the first security profile
Create a security profile for your GenAI application. See Security profiles for the workflow and the choice between Forwarding mode (FQDN-driven) and Non-forwarding mode (key-driven).4. Set up authentication
1
Generate the org-wide API key
Navigate to Org Settings in the dashboard sidebar → Click Generate to create your organization-wide API key.
2
Register your first application
Navigate to Apps → Register App.Fill in:
- App Name: Human-readable name for your GenAI application
- App ID: Unique identifier (e.g.,
my-chatbot,hr-assistant) - Security Profile: Select the security profile you created in Step 3
3
Configure your application
Update your application to include both headers in all Protector Plus API calls:
X-API-Key: Your org-wide API keyX-App-ID: Your app’s unique ID

