Skip to main content
After deploying the AMI (or installing the Helm chart), Protector Plus requires a one-time provisioning pass before it can accept production traffic.

1. Network configuration (AMI only)

In appliance/AMI deployments, the operator assigns an IP address via the console using the bootstrap kioskuser account. The kioskuser password is provided out-of-band.
1

Access the appliance via the physical / virtual console

Log in as kioskuser.
2

Configure IP, gateway, DNS, NTP

Use the menu-driven kiosk to set the static network configuration.
3

Reboot

Select the reboot option from the kiosk menu.
4

Verify dashboard access

Navigate to https://<instance-ip>. The dashboard administrative password is provided out-of-band.
In Kubernetes/Helm deployments, network ingress is exposed via your Ingress Controller and Helm-chart values control replica counts and resource sizing — there is no kiosk step.

2. First admin sign-in

The initial admin authenticates using a local dashboard account. After sign-in:
  1. Change the admin password (Profile → Security).
  2. Bind Enterprise SSO if available (Profile → Identity Providers). The initial local admin remains as the break-glass entry point.
  3. Configure SIEM forwarding (Settings → SIEM Integration) if you have a log collector.

3. Create the first security profile

Create a security profile for your GenAI application. See Security profiles for the workflow and the choice between Forwarding mode (FQDN-driven) and Non-forwarding mode (key-driven).

4. Set up authentication

1

Generate the org-wide API key

Navigate to Org Settings in the dashboard sidebar → Click Generate to create your organization-wide API key.
The key is shown only once. Store it securely in a secrets manager — Vault, AWS Secrets Manager, GCP Secret Manager, Doppler, etc.
2

Register your first application

Navigate to AppsRegister App.Fill in:
  • App Name: Human-readable name for your GenAI application
  • App ID: Unique identifier (e.g., my-chatbot, hr-assistant)
  • Security Profile: Select the security profile you created in Step 3
Save and note your App ID for use in API calls.
3

Configure your application

Update your application to include both headers in all Protector Plus API calls:
  • X-API-Key: Your org-wide API key
  • X-App-ID: Your app’s unique ID
See Authentication for integration details.
The same org-wide API key is used for all your applications. Each app is distinguished by its unique App ID.

5. Configure guardrails

Configure which guardrails to enable for your security profile. A recommended starting configuration is: LLM, Vector, Content Moderation, and System Prompt Protection. See Guardrails for details on each guardrail. Tune from there once you have baseline alert volume.