Note regarding the use of the global.cfg file in production environments (4378383)

Chat now with support

Live-Hilfe anfordern
Registrierung abschließen

Anmelden

Preisinformationen anfragen

Vertrieb kontaktieren

Zurück

Feedback übermittelt

Konnten Sie mithilfe dieses Artikels ein Problem lösen?

Bewertung auswählen

Titel

Note regarding the use of the global.cfg file in production environments
Beschreibung

One Identity Manager allows the use of the global.cfg file to simplify distribution of configuration settings to endpoints such as fat clients, Job servers, and so on.

The global.cfg file only provides weak encryption of configuration settings such as connection strings.
In production environments, it is strongly recommended not to use the global.cfg file.
Lösung
In production environments the global.cfg file should be removed from all endpoints. When configuring the Job server, provide the Jobservice.cfg file directly. The first time the service is started, the weakly encrypted connection information will be converted to a higher encryption level using the Data Protection API.

How to remove the global.cfg file:

For all One Identity Manager client tools that do not require a direct database connection, switch to using the One Identity Manager Application Server by specifying the URL only. This is the most secure option.

It is also recommended to integrate clients using a Privileged Management Solution such as One Identity Safeguard.

See our Tech Brief at https://www.oneidentity.com/techbrief/running-one-identity-manager-administration-tools-via-safeguard/

For all other tools that require a direct database connection (for example the Database Compiler), it is recommended not to provide the connection string in the global.cfg file. Instead, enter the database connection string directly in the tools at log in. This does not reduce security levels as the tool used will decrypt this data anyway and open a database connection for that user.

Make sure you do not use the built-in auto-update feature to distribute the global.cfg file to all clients and users.

To remove the global.cfg file from One Identity Manager software list
1. In the Designer, select the Base Data > Installation > One Identity Manager software category.
2. Locate the global.cfg file in the list of stored files and delete it.
3. Select the Database > Commit to database menu item and click Save.
The next time the automatic update runs, the global.cfg file will be removed from all clients and servers.

Feedback übermittelt

Konnten Sie mithilfe dieses Artikels ein Problem lösen?

Bewertung auswählen

Request a KB Article

Empfohlener Inhalt

Produkt(e):: Identity Manager Data Governance Edition
9.2.1, 9.2, 9.1.3, 9.1.2, 9.1.1, 9.0 LTS, 8.2.1, 8.1.5, 8.1.4, 8.1.3, 8.1.2, 8.0.5; Identity Manager
9.3, 9.2.1, 9.2, 9.1.3, 9.1.2, 9.1.1, 9.1, 9.0 LTS, 8.2.1; Identity Manager On Demand
Hosted; Identity Manager On Demand - Starling Edition
Hosted

Thema/Themen:: Technical Solutions

Artikelhistorie:: Erstellt am: 2/7/2025
Letzte Aktualisierung am: 2/17/2025

Alle Artikel durchsuchen

Bitte w&auml;hlen Sie Ihr Produkt aus:

Damit wir Ihnen besser helfen können, geben Sie den Grund Ihres Chats an:

Empfohlene Lösungen für Ihr Problem

Note regarding the use of the global.cfg file in production environments (4378383)

Titel

Beschreibung

Lösung

Leave a Comment

Bitte wählen Sie Ihr Produkt aus: