Log in to the KMES Series 3 application interface with the default Admin identities.

Go to Identity Management > Identity Providers.

Right-click anywhere in the window and select Add > Provider > PKI.

On the Info tab of the Identity Provider Editor window, specify a name for the Identity Provider and uncheck Enforce Dual Factor.

On the PKI Options tab, select [ Select ].

In the Certificate Selector window, expand the certificate tree you created for mutual authentication, select the CA certificate that signed the MySQL Server and KMIP connection pair certificates, and select [ OK ].

Select [ OK ] to finish creating the PKI identity provider.

Right-click the identity provider you just created and select Add > Mechanism > TLS.

Othe Info tab, specify a name for the authentication mechanism.

On the PKI tab, leave all fields set to the default values.

Select [ OK ] to save.

Go to Identity Management > Roles and select [ Add ].

In the Info tab of the Role Editor window, set the Type to Application, the name to MySQL, and Logins Required to 1.

On the Permissions tab, enable the following permissions for the role:

On the Advanced tab, set Allowed Ports to KMIP only.

Select [ OK ] to finish creating the role.

Go to Identity Management > Identities.

Right-click anywhere in the window and select Add > Client Application.

On the Info tab of the Identity Editor window, select Application for the storage location and specify MySQL as the identity name.

On the Assigned Roles tab, select the role you created for MySQL Server.

On the Authentication tab, remove the default API Key mechanism and select [ Add ].

In the Configure Credential window, select the TLS Certificate drop-down option in Type and select the Provider and Mechanism you created. Select [ OK ] to finish configuring the credential.

Select [ OK ] to finish creating the identity.