Chat now with support
Chat mit Support

Identity Manager 9.0 LTS - Installation Guide

About this guide One Identity Manager overview Installation prerequisites Installing One Identity Manager Installing and configuring the One Identity Manager Service Automatic updating of One Identity Manager Updating One Identity Manager Installing additional modules for a existing One Identity Manager installation Installing and updating an application server Installing the API Server Installing, configuring, and maintaining the Web Designer Web Portal Installing and updating the Manager web application Logging in to One Identity Manager tools Troubleshooting Advanced configuration of the Manager web application Machine roles and installation packages Configuration parameters for the email notification system How to configure the One Identity Manager database using SQL Server AlwaysOn availability groups

Installing the Web Designer Web Portal

The following describes how to the install the Web Designer Web Portal. Please note the following information:

NOTE:

  • Before installation ensure that the minimum hardware and software prerequisites are fulfilled on the server.

  • Prepare an application server on which the search service for the Web Designer Web Portal is installed.

  • Start the Web Designer Web Portal installation locally on the server.

  • If you install the Web Designer Web Portal with HTTPS, the transfer method for cookies is configured to use HTTPS in the Web Installer.

  • If you change the SSL settings for the Web Designer Web Portal at a later time, you must manually update the value in the Web Portal's web.config configuration file.

  • Default values are used for the configuration settings during installation. You can keep these values. Check the settings using the Web Designer Configuration Editor.

    To make a modification

    • Example: Enter the value <httpCookies requireSSL="true"> in the web.config under element <system.web>.

NOTE: On Linux operating systems, use of oneidentity/oneim-web docker images is recommended.

To install the Web Designer Web Portal

  1. Launch autorun.exe from the root directory of the One Identity Manager installation medium.

  2. On the start page of the installation wizard:

    1. Change to the Installation tab.

    2. In the Web-based components pane, click Install.

    This starts the Web Installer.

  3. On the start page of the Web Installer, click Install Web Portal and click Next.

  4. On the Database connection page, do the following:

    • to use an existing connection to the One Identity Manager database, select it in the Select a database connection menu.

      - OR -

    • to create a new connection to the One Identity Manager database, click Add new connection and enter a new connection. For more information, see Configuring database connections.

  5. Select the authentication method and enter the login data for the database under Authentication method.

  6. Click Continue.

  7. Configure the following settings on the Select setup target page.

    Table 29: Settings for the installation target
    Setting Description

    Application name

    Name used as application name, as in the title bar of the browser, for example.

    Target in IIS

    Internet Information Services web page on which to install the application.

    Enforce SSL

    Specifies whether secure or insecure websites are available to install. If the option is set, only sites secured by SSL can be used for installing. This setting is the default value. If this option is not set, insecure websites can be used for installing.

    URL

    The application's Uniform Resource Locator (URL).

    Install dedicated application pool

    Specifies whether an application pool is installed for each application. This allows applications to be set up independently of one another. If this option is set, each application is installed in its own application pool.

    Application pool

    The application pool to use. This can only be entered if the Install dedicated application pool option is not set.

    If you use the DefaultAppPool default value, the application pool has the following syntax:

    <application name>_POOL

    Identity

    Permissions for running an application pool. You can use a default identity or a custom user account.

    If you use the ApplicationPoolIdentity default value, the user account has the following syntax:

    IIS APPPOOL\<application name>_POOL

    You can authorize another user by clicking ... next to the box, enabling the Custom account option and entering the user and password.

    Web authentication

    Type of authentication against the web application. You have the following options:

    • Windows authentication (single sign-on)

      The user is authenticated against the Internet Information Services using their Windows user account and the web application logs in the employee assigned to the user account as role-based. If single sign-on is not possible, the user is diverted to a login page. You can only select this authentication method if Windows authentication is installed.

    • Anonymous

      Login is possible without Windows authentication. The user is authenticated against the Internet Information Services and the web application anonymously, and the web application is directed to a login page.

    Database authentication

    NOTE: You can only see this section if you have selected a SQL database connection on the Database connection page.

    Type of authentication against the One Identity Manager database. You have the following options:

    • Windows authentication

      The web application is authenticated against the One Identity Manager database with the same Windows user account that your application pool uses. Login is possible with a user-defined user account or a default identity for the application pool.

    • SQL authentication

      Authentication is completed with a SQL Server login and password. The SQL Server login from the database connection is used. Use the [...] button to enter a different SQL login, for example, if the application is run with a access level for end users. This access data is saved in the web application configuration as computer specific encrypted.

  8. Click Continue.

    If you have selected a direct database connection in step 4, the page Select application server appears. Application server data is required if you want to use full text search. You can enter the application server in the configuration file at a later date.

  9. (Optional) Configure the following settings on the Select application server page.

    NOTE: If you would like to use the full text search in the Web Designer Web Portal, then you must specify an application server. You can enter the application server in the configuration file at a later date.

    NOTE: If you are using Windows authentication and the application server is located on a different host to that of the Web Designer Web Portal, or if the application server uses a different user account for the application pool to that used by the Web Portal, then some further Active Directory settings must be configured (like a Kerberos delegation).

    1. Click Select application server.

    2. In the dialog, in the URL field, enter the application server's address that is running the search service for full-text search.

    3. Click OK.

  10. On the Select application server page, click Next.

  11. On the Installation source page, perform one of the following actions in the Installation source area:

    • to retrieve the installation data from the database, activate the Load from database option.

      - OR -

    • to retrieve the installation data from the installation media (e.g. from the hard drive), activate the Load from local folder option and enter the path.

  12. In the Web project list, select the desired web project and enter the authentication data if required:

    NOTE: If no further authentication settings are required, the message No authentication data required is displayed.

    1. Click .

    2. In the Authentication data dialog, click a red project.

    3. Under Authentication method, specify the method and login data you would like to use.

    4. Repeat these steps for all other red projects.

    5. Click OK.

  13. Specify the user account for automatic updating on the Set update credentials page by activating one of the following options:

    NOTE: The user account is used to add or replace files in the application directory.

    • Use IIS credentials for update: Set this option to use the user account used by the application pool to run updates.

    • Use other credentials for updates: To use a different user account, set this option. Specify the domain, the user name, and the user password.

  14. Click Continue.

  15. On the Application token page, enter the application token for the Web project.

    TIP: To use a new token and therefore replace the existing token in the database, activate the option Replace the application token in the database. When doing so, note that the current token will become invalid and every location that uses it must be updated with the new token.

    NOTE: Handle the application token like as password. Once the application is saved in the database, it cannot be displayed in text form again. Make a note of the application token if necessary.

  16. Click Continue.

    The Setup is running page opens and shows the progress of each installation step. The Web Installer generates the web application and the corresponding configuration files for each folder.

  17. Installation progress is displayed on the Setup is running page. The Web Installer generates the web application and the corresponding configuration files for each folder.

  18. Once installation is complete, click Next.

  19. On the Validate installation page, test the start of the web application. The base URL is displayed for mail distribution. If you wish to use a different URL, select this from the Change to field.

  20. Click Continue.

  21. On the Wizard complete page, click Finish.

  22. Close the autorun program.

Related topics

Updating the Web Designer Web Portal

NOTE:

  • We recommend that you perform the automatic update only in specific maintenance windows, in which the application cannot be accessed by users and the application can be manually restarted with no risk.

  • The following permissions are required for automatic updating:

    • The user account for updating requires write permissions for the application directory.

    • The user account for updating requires the local security policy Log on as a batch job.

    • The user account running the application pool requires the Replace a process level token and Adjust memory quotas for a process local security policies.

The configuration settings for the automatic update of the web application are made in the configuration file web.config. You can do this using the Web Designer Configuration Editor.

To update the web application automatically

  1. Open the Runtime Monitor in the browser.

  2. On the Status tab, select either the Update now or the Update when all user sessions are closed options.

To update a web application manually

  • Uninstall the existing Web Designer Web Portal and re-install the Web Designer Web Portal.

Note that each write access to the web application's bin folder causes the web application to restart. This means that all active sessions in the application are closed and all unsaved data is lost. For this reason, you should only perform manual updates of the web application if no active session is running.

Related topics

Uninstalling the Web Designer Web Portal

To uninstall a web application

  1. Launch autorun.exe from the root directory of the One Identity Manager installation medium.

  2. On the start page of the installation wizard:

    1. Change to the Installation tab.

    2. In the Web-based components pane, click Install.

    This starts the Web Installer.

  3. On the Web Installer start page, click Uninstall a web application and click Next.

  4. On the Uninstall a web application page, double-click the application that you want to remove.

    The icon is displayed in front of the application.

  5. Click Next.

  6. On the Database connection page, select the database connection and authentication method and enter the corresponding login data.

  7. Click Next.

  8. Confirm the security prompt with Yes.

  9. The uninstall progress is displayed on the Setup is running page.

  10. Once installation is complete, click Next.

  11. On the Wizard complete page, click Finish.

  12. Close the autorun program.

Configuring the Web Designer Web Portal

Web Designer Web Portal configuration covers a number of settings. The configuration is saved in the web.config, NLog.config, and monitor.config web application configuration files, which are found in the base directory of the web application, and in the table QBMWebApplication of the One Identity Manager database.

Use the Web Designer Configuration Editor (WebDesigner.ConfigFileEditor.exe) to edit the web.config configuration file.

Connection strings and login data are automatically encrypted in the configuration files noted above with the default Microsoft ASP.NET cryptography.

To configure a web application

  1. Start the WebDesigner.ConfigFileEditor.exe program from the installation directory of the web application.

  2. Select the web.config configuration file in the Open configuration file view and click Open.

  3. Select the required authentication procedure and log on.

Make the configuration settings in the individual areas of the Web Designer Configuration Editor.

Detailed information about this topic
Verwandte Dokumente

The document was helpful.

Bewertung auswählen

I easily found the information I needed.

Bewertung auswählen