Disabling automatic software update
NOTE: If the Common | Autoupdate configuration parameter is deactivated, no automatic update is performed across the system.
Under certain circumstances, it is necessary to exclude individual workstations, server, or web applications.
Disabling workstation automatic update
To disable automatic update locally on a workstation, set the HKEY_CURRENT_USER\Software\One Identity\One Identity Manager\Global\Settings\AutoUpdateEnabled registry key to false.
This disables automatic updating completely on this workstation.
Disabling a Job server automatic update
Configure the Job server automatic update in the Job server entry.
To exclude individual Job servers from updating automatically
-
In the Designer, select the Base Data > Installation > Job server category.
-
Select the Job server to be edited in the Job server overview.
-
On the Properties tab, enable the No automatic software update option.
-
Select the Database > Save to database and click Save.
Disabling the Web Designer Web Portal automatic update
You can disable Web Designer Web Portal updates in the database.
To disable the automatic Web Designer Web Portal update
-
In the Designer, select the Base data > Security settings > Web server configurations category.
-
In the list view, select the entry for the Web Designer Web Portal.
-
On the Properties tabs, change the value of the Auto update level to inactive.
-
Select the Database > Save to database and click Save.
Disabling automatic application server update
Configure automatic updating in the application server's web.config file. For more information, see Updating application servers.
Updating One Identity Manager
Updating One Identity Manager tools includes updating the One Identity Manager database and the existing installations on One Identity Manager network workstations and servers.
Database updates are necessary when hotfixes and service packs or complete version updates are available for One Identity Manager.
-
Hotfix
A hotfix contains corrections to the default configuration of the current main version but no extension of functionality. A hotfix can supply patches for issues solved in synchronization projects.
-
Service pack
A service pack contains minimal extensions of functionality and all the modifications since the last main version that were already included in the hotfixes. A service pack can supply patches with new functions for synchronization projects.
-
Version change
A version change means that significant extensions of functionality have been made and involves a complete re-installation. A version change can supply milestones for updating synchronization projects. Milestones group together all patches for solved issues and patches required for new features of the previous version.
Detailed information about this topic
The update process for releasing a new One Identity Manager version
NOTE: Read the release notes for possible differing or additional steps for updating One Identity Manager.
To update the One Identity Manager to a new version
-
In the Designer, carry out all consistency checks in the Database section.
-
in the Designer, start the Consistency Editor with the Database > Check data consistency menu item.
-
In the Test options dialog, click the icon .
-
Enable all tests in the Database view and click OK.
-
Start testing with the Consistency check > Run menu item.
All the database tests must be successful. Correct the errors. Some consistency checks offer repair methods for correcting errors.
- Update the administrative workstation on which the One Identity Manager database schema update will start.
-
Run the autorun.exe program from the root directory on the One Identity Manager installation medium.
-
Change to the Installation tab. Select the edition that you installed.
-
Click Install.
This starts the installation wizard.
-
Follow the installation instructions.
IMPORTANT: On the Installation Settings page, select the directory for your current installation as the installation directory. Otherwise the components are not updated and a new installation is created in the second directory instead.
-
End the One Identity Manager Service on the update server.
-
Create a back up of the One Identity Manager database.
-
Check whether the database's compatibility level is set the 150 and change it if necessary.
-
Run a schema update of the One Identity Manager database.
-
Start the Configuration Wizard on the administrative workstation.
Select a user who has at least administrative permissions for the One Identity Manager database to update the One Identity Manager schema with the Configuration Wizard.
-
Use the same user that you used to initially install the schema.
-
If you created an administrative user during schema installation, use that one.
-
If you selected a user with Windows authentication to install the schema, you must use the same one for updating.
NOTE: If you want to switch to the granular permissions concept when you upgrade from version 8.0.x to 9.0, you will also require an installation user in accordance with Users with granular permission for the One Identity Manager database on an SQL Server.
After updating One Identity Manager, change the connection parameters. This affect the connection credentials for the database (DialogDatabase), for example, the One Identity Manager Service, the application server, administration, and configuration tools, web applications and web services, and the connection credentials in synchronization projects.
If you want to switch to granular permissions when you update from 8.1.x, contact support. To access the Support Portal, go to https://support.oneidentity.com/identity-manager/.
-
Update the One Identity Manager Service on the update server.
-
Run the program autorun.exe from the root directory on the One Identity Manager installation medium.
-
Change to the Installation tab. Select the edition that you installed.
-
Click Install.
This starts the installation wizard.
-
Follow the installation instructions.
IMPORTANT: On the Installation Settings page, select the directory for your current installation as the installation directory. Otherwise the components are not updated and a new installation is created in the second directory instead.
-
Check the One Identity Manager Service‘s login information. Specify the service account to use.
-
Start the One Identity Manager Service on the update server.
-
Update other installations on workstations and servers.
You can use the automatic software update method for updating existing installations.
NOTE: In some cases it may be necessary to update the additional workstations and Job servers manually. This may be required, for example, if there are a significant number of new changes with a One Identity Manager version update that do not allow the use of automatic update.
To update synchronization projects to a new version
Any required changes to system connectors or the synchronization engine are made available when you update One Identity Manager. These changes must be applied to existing synchronization projects to prevent target system synchronizations that are already set up, from failing. Patches are available for this.
NOTE: Some patches are applied automatically. A process that migrates all existing synchronization project is queued in the Job queue to do this. To run the process, the One Identity Manager Service must be started on the database server and on all the synchronization servers.
-
Check whether the DPR_Migrate_Shell process has been started successfully.
If a patch could not be applied, for example because the target system was not available, you can apply the patch manually later.
For more information about applying patches, see the One Identity Manager Target System Synchronization Reference Guide.
To update an application server to a new version
-
The application server starts updating automatically after the One Identity Manager database schema update.
-
To start the update manually, open the status page for the application in the browser and click Update immediately in the logged in user’s menu.
To update the Web Designer Web Portal to a new version
NOTE: Ensure that the application server is updated before you update the Web Portal.
-
To update the Web Designer Web Portal automatically, use a browser to connect to the runtime monitor http://<server name>/<application>/monitor and start the update of the web application.
-
To manually update the Web Designer Web Portal, uninstall the existing Web Designer Web Portal installation and reinstall the Web Designer Web Portal.
To update an API Server to a new version
To update the Operations Support Web Portal to a new version
To update the Manager web application to a new version
-
Uninstall the Manager web application.
-
Reinstall the Manager web application.
-
The Manager default user requires write permissions to the Internet Information Services web application installation directory so that Manager web applications can be updated automatically. Check that the correct permissions are allocated.
Detailed information about this topic
Updating One Identity Manager components with the installation wizard
In some cases it may be necessary to update the workstations and servers manually using the installation wizard. This may be required, for example, if there are a significant number of new changes with a One Identity Manager version update that do not allow the use of automatic update.
NOTE: If you change versions or add more modules to an existing One Identity Manager installation, use the installation wizard to update the workstation that the One Identity Manager database schema installation starts on.
To update a workstation using the installation wizard
-
Run the program autorun.exe from the root directory on the One Identity Manager installation medium.
-
Change to the Installation tab. Select the edition that you installed.
NOTE: To update a One Identity Manager Active Directory Edition, switch to the Other Products tab and select the One Identity Manager Active Directory Edition entry.
-
Click Install.
This starts the installation wizard.
-
Select the language for the installation wizard on the start page and click Next.
-
Confirm the conditions of the license.
-
On the Installation settings page, enter the following information.
-
Installation source: Select the directory containing the installation files.
-
Installation directory: Select your current installation directory. Otherwise, the components are not updated and a new installation is created in the second directory instead.
NOTE: To make additional changes to the configuration settings, click on the arrow button next to the input field. Here, you can specify whether you are installing on a 64-bit or a 32-bit operating system.
For a default installation, no further configuration settings are necessary.
-
Select installation modules using the database: Set this option to load the installation data using the existing One Identity Manager database.
NOTE: Leave this option empty to install the workstation on which you start the One Identity Manager schema installation.
-
Add further modules to the selected edition: Set this option to add additional One Identity Manager modules to the selected edition.
-
Enter the database connection data on Connect to database.
NOTE: This page is only shown if you have set the Select installation modules with existing database option.
-
Select the connection in Select a database connection.
- OR -
-
Click Add new connection, select the SQL Server system type, and enter the connection data.
-
Server: Database server.
-
(Optional) Windows Authentication: Specifies whether the integrated Windows authentication is used. This type of authentication is not recommended. If you decide to use it anyway, ensure that your environment supports Windows authentication.
-
User: The user's SQL Server login name.
-
Password: Password for the user's SQL Server login.
-
Database: Select the database.
-
On the Module selection page, also select the modules to be installed.
NOTE: This page is only shown if you set the option Add more modules to the selected Edition.
-
On the Assign machine roles page, define the machine roles.
NOTE: The machine roles appropriate for the One Identity Manager modules are enabled. All machine subroles are selected when you select the machine role. You can deselect individual packages.
-
On the Install WebView2 page you are prompted to install Microsoft Edge WebView2. The user interface of some One Identity Manager components requires Microsoft Edge WebView2 to display certain content.
NOTE: This page is only shown if you want to install One Identity Manager components that are expecting WebView2 and WebView2 is not yet installed.
-
You can start different programs for further installation on the last page of the install wizard.
-
To install the One Identity Manager schema, start the Configuration Wizard and follow the Configuration Wizard instructions.
NOTE: Perform this step only on the workstation on which you start the installation of the One Identity Manager schema.
-
To create the configuration of the One Identity Manager Service, start the Job Service Configuration program.
NOTE: Run this step only on servers on which you have installed the One Identity Manager Service.
-
Click Finish to close the installation wizard.
-
Close the autorun program.
To update the One Identity Manager Service using the installation wizard
-
Open the service management of the server and close the One Identity Manager Service.
-
Update the One Identity Manager components with the installation wizard.
IMPORTANT: On the Installation Settings page, select the directory for your current installation as the installation directory. Otherwise, the components are not updated and a new installation is created in the second directory instead.
-
Check the login information of the One Identity Manager Service. Specify the service account to use.
-
Start the One Identity Manager Service in service management.