> ## Documentation Index > Fetch the complete documentation index at: https://docs.futurex.com/llms.txt > Use this file to discover all available pages before exploring further. # Configure Excrypt Touch > Procedures for configuring Excrypt Touch and establishing KMES connection profiles. This section covers how to configure the Excrypt Touch and then use the Excrypt Touch to connect the KMES Series 3 to the platform and configure additional items related to user roles and identities. Perform the following tasks after logging in locally to the Excrypt Touch with the default admin identities. ## Set major keys Refer to the Excrypt Touch User Guide for instructions on how to load major keys on the Excrypt Touch. You must load the same PMK and BEK on the KMES Series 3 and Excrypt Touch. Ensure that the key checksums match. ## Create a KMES connection profile Perform the following steps to create a KMES connection profile: From the **Excrypt Touch Dashboard**, select the **Add Device** button represented by the plus sign (**+**) located underneath your active servers and to the left. In the **Add Device** window, enter the following required information:
Configuration setting Description
Name An appropriate device name.
Host The host IP address of your device
Description Optional field to describe your device
Port An example port is port 5000, which is the default port for Futurex devices. The port number must match the port number in the TLS settings for the device you are connecting to.
Enabled Select Enabled from the drop-down menu. After the device connects, you can also choose Disable, Require Dual-Control, Require Login, and Run on Boot.
Device Type Select the type of Futurex device you are connecting to from the drop-down menu. In this example, choose KMES Series 3 Enterprise.
Connection Type If connecting to a Futurex device, choose Application and choose Futurex Web when connecting to a web service.
TLS PKI Select the connection method from the following list:
  • Clear: No Authentication
  • Anonymous: Anonymous authentication
  • User: Use user-provided PKI certificates
  • Server authenticate: Authenticate server only
  • Futurex admin: Use Futurex-signed certificates to connect
For this example, select Futurex admin.
PKI Type If using Futurex certificates, select RSA or ECC.
TLS Ciphers/ TLS Protocols Choose the desired TLS Ciphers and TLS Protocols.
Select **\[ Submit ]**. Your newly added device profile displays under the list of devices and services in the Excrypt Touch Dashboard. Make the following changes to the device now displayed in the connected devices in the **Offline** column: * Select **Modify** if you'd like to edit the device profile. * Select **Test** to verify the connectivity of the device (must have a valid IP address). * Choose **Ping** to send a packet test to the device. * Choose **Retry** to re-run the test. ## Create a printer profile Perform the following steps to create a printer profile: From the **Excrypt Touch Dashboard**, select the **Add Device** button represented by the plus sign located underneath your active servers to the left. Enter all of the required information in the **Add Device** window:
Configuration setting Description
Name An appropriate device name.
Host The host IP of your device
Description Optional field to describe your device
Port The value specified in this field needs to be either port 80 or 443 because the Excrypt Touch connects to a web server that runs on the printer.
Enabled Select Require Login from the drop-down menu.
Device Type Select Encrypted File Printing from the drop-down menu.
Connection Type Because this profile is for connecting to a web service on the printer, select External Web from the drop-down menu.
TLS PKI Select the method used to connect. The options include the following:
  • Clear: No Authentication
  • Anonymous: Anonymous authentication
  • User: Use user-provided PKI certificates
  • Server authenticate: Authenticate server only
  • Futurex admin: Use Futurex-signed certificates to connect
For this example, select Futurex Admin.
PKI Type If using Futurex certificates, select RSA or ECC.
TLS Ciphers/ TLS Protocols Choose the desired TLS Ciphers and TLS Protocols.
Select **\[ Submit ]**. Your newly added device profile displays under the list of devices and services in the Excrypt Touch Dashboard. Make the following changes to the device now displayed in the connected devices in the **Offline** column: * Select **Modify** if you'd like to edit the device profile. * Select **Test** to verify the connectivity of the device (must have a valid IP address). * Choose **Ping** to send a packet test to the device. * Choose **Retry** to re-run the test. ## Start the KMES profile and log in Use the Excrypt Touch to remotely connect to your KMES and make the following additional configuration changes: To start the KMES Series 3 Connection Profile, touch the **arrow** next to the device profile. The device comes online and shows in the online column. When the device is online, you can access the application manager for that device and communicate with the device as needed. Select **\[ Go ]** in the right column to access the connected device. After the application manager loads, log in with the default admin identities. ### Create a user role Perform the following steps to create a user role: Go to the **Roles** menu, and select **\[ Add ]**. On the **Info** tab of the **Role Editor** window, configure the following settings:
Setting Required configuration
Type Administration
Name Printers
Hardened Select the checkbox to enable
Logins Required Set to 2
Go to the **Permissions** tab and enable the following permissions:
Permission Subpermissions to enable
Device Enable the following subpermissions:
  • FTP Server
  • Power Control
  • Zeroize
Excrypt Touch Enable all subpermissions
File Encryption Enable all subpermissions
File Encryption Management Enable all subpermissions
Identity Enable all subpermissions
High-level Keys Enable
Keys Enable the following subpermissions:
  • Add
  • Delete
  • Export
  • Import Components
Major Keys Enable the following subpermissions:
  • Clear
  • Load
High-level Role Enable all subpermissions
Security Enable the following subpermissions:
  • Key Settings
  • Password Settings
  • Secure Mode
  • TLS Resign
Select **\[ OK ]** to finish creating the new role. ### Create new identities Perform the following steps to create new identities: Go to the **Identities** menu, right-click the blank whitespace, and select **Add > User**. On the **Info** tab of the **Role Editor** dialog, configure the following settings:
Setting Required configuration
Type Administration
Name print1
Hardened Select the checkbox to enable.
Locked Leave unchecked.
On the **Assigned Roles** tab, select the printers role that you created in the previous section. On the **User Login** tab, set a password for the identity. Select **\[ OK ]** to finish creating the first new identity. Right-click the blank whitespace on the **Identities** menu, then select **Add**> **User**. On the **Info** tab of the **Role Editor** dialog, replicate the settings from step 2, but set **print2** in the **Name** field this time. On the **Assigned Roles** tab, select the printers role that you created in the previous section. On the **User Login** tab, set a password for the identity. Select **\[ OK ]** to finish creating the second new identity. ### Synchronize users between the KMES and Excrypt Touch Go to the **Roles** menu and select **\[ Excrypt Touch Sync ]**. When prompted to log in to the local HSM of the Excrypt Touch, log in with the default admin identities. After logging successfully, a message box informs you that tablet users have been synced successfully. For further confirmation that users and identities synced successfully, log in to the Excrypt Touch by using the **print1** and **print2** identities that you created on the KMES in the previous section.