Chatee ahora con Soporte
Chat con el soporte

Identity Manager 9.3 - Installation Guide

About this guide One Identity Manager overview Installation prerequisites Installing One Identity Manager Installing and configuring the One Identity Manager Service Automatic updating of One Identity Manager Updating One Identity Manager Installing additional modules for a existing One Identity Manager installation Installing and updating an application server Installing and updating an API Server Installing and updating the Manager web application Logging in to One Identity Manager tools Troubleshooting Advanced configuration of the Manager web application Machine roles and installation packages Configuration parameters for the email notification system How to configure the One Identity Manager database using SQL Server AlwaysOn availability groups

Installing or uninstalling the SCIM plugin

For more information about SCIM plugin, see the One Identity Manager Configuration Guide.

The SCIM 2.0 service provider for One Identity Manager is provided as a plugin for the API Server. You usually set up the machine role for the SCIM plugin when installing a API Server.

If necessary, you can install the machine role at a later date. Uninstall the machine roles again as required. Customize the API Server installation.

To install the SCIM plugin on an API Server at a later date

  1. Launch autorun.exe from the root directory of the One Identity Manager installation medium.

  2. On the installation wizard's home page, perform the following actions:

    1. Click Installation.

    2. In the Web-based components pane, click Install.

    This starts the Web Installer.

  3. On the Web Installer start page, click Modify API Server installation and click Next.

  4. On the Installation source page, select the API Server instance that you want to customize.

  5. On the Database connection page, select the database connection and authentication method.

  6. On the Assign machine roles page, enable the SCIM Provider machine role.

  7. (Optional) In the Installation source page, change the connection settings.

  8. Installation progress is displayed on the Setup is running page. After installation is complete, click Next.

  9. Click Finish on the last page to end the program.

  10. Close the autorun program.

To uninstall the SCIM plugin on an API Server at a later date

  1. Launch autorun.exe from the root directory of the One Identity Manager installation medium.

  2. On the installation wizard's home page, perform the following actions:

    1. Click Installation.

    2. In the Web-based components pane, click Install.

    Starts the Web Installer.

  3. On the Web Installer start page, click Modify API Server installation and click Next.

  4. On the Installation source page, select the API Server instance that you want to customize.

  5. On the Database connection page, select the database connection and authentication method.

  6. On the Assign machine roles page, disable the SCIM provider machine role.

  7. (Optional) In the Installation source page, change the connection settings.

  8. Installation progress is displayed on the Setup is running page. After installation is complete, click Next.

  9. Click Finish on the last page to end the program.

  10. Close the autorun program.

Related topics

Modifying authentication data for API Server projects

Normally, you enter the authentication data for projects when you install an API Server. But it possible to configure the authentication data for optional projects at a later date.

To add authentication data at a later date

  1. Launch autorun.exe from the root directory of the One Identity Manager installation medium.

  2. On the installation wizard's home page, perform the following actions:

    1. Click Installation.

    2. In the Web-based components pane, click Install.

    Starts the Web Installer.

  3. On the Web Installer start page, click Modify API Server installation and click Next.

  4. On the Installation source page, select the API Server instance that you want to modify.

  5. On the Database connection page, select the database connection and authentication method.

  6. (Optional) On the Assign machine roles page, alter the usage of the SCIM Provider machine role.

  7. On the Installation source page, in the Additional connections section, enter any additional information for authentication. This displays the number of connections that can be configured.

    1. To configure additional authentication data, click .

    2. In the Authentication data dialog, select the project you want to authenticate and enter the authentication data.

      • Multi-factor authentication with OneLogin (OneLogin): Multi-factor authentication with OneLogin can be used for specific security-critical actions in One Identity Manager. For more information, see the One Identity Manager Web Application Configuration Guide.

        Enter the authentication data for logging in to the OneLogin domain.

        • Connection string: Connection string for logging in to the OneLogin domain.

          Syntax: Domain=<domain>;ClientId=<clientid>;ClientSecret=<clientSecret>

          - OR -

        • Domain: Enter the DNS name of the synchronized OneLogin domain.

          Example: <your domain>.onelogin.com

        • Client ID: Enter the client ID with which the application is registered in OneLogin. You obtain the client ID when you register your application with OneLogin.

        • Client secret: Enter the security token for the OneLogin application. You obtain the client secret when you register your application with OneLogin.

      • Authentication for self-registration of new users (sub:register): For self-registration of new users in the Password Reset Portal, a user is required with which the new user accounts are created.

        NOTE: It is recommended to use the IdentityRegistration system user. This system user has the specified permissions required for self-registration of new users in the Password Reset Portal.

        If you have your own system user, ensure that it has the necessary permissions. For more information about system users and permissions, see the One Identity Manager Authorization and Authentication Guide.

        • If you use the IdentityRegistration system user, enter a password for the system user.

        • If you want to use your own system user, under Authentication method, select the authentication module for logging in. Depending on the authentication module, other data may be required, such as user and password. For more information about One Identity Manager authentication modules, see the One Identity Manager Authorization and Authentication Guide.

    3. To test the data, click Test connection.

    4. To accept the data, click OK.

  8. Installation progress is displayed on the Setup is running page. After installation is complete, click Next.

  9. Click Finish on the last page to end the program.

  10. Close the autorun program.

Related topics

Adjusting IIS request limits for the API Server

Normally, you specify whether the default IIS values for the URL length, query string length, and content length are overwritten during the API Server installation.

But it is also possible to configure the settings at a later date.

If the values are not adequate, IIS returns an HTTP 404 error. For more information, see HTTP 404 Error Substatus Codes.

To adjust the IIS request limits later

  1. Launch autorun.exe from the root directory of the One Identity Manager installation medium.

  2. On the installation wizard's home page, perform the following actions:

    1. Click Installation.

    2. In the Web-based components pane, click Install.

    Starts the Web Installer.

  3. On the Web Installer start page, click Modify API Server installation and click Next.

  4. On the Installation source page, select the API Server instance that you want to customize.

  5. On the Database connection page, select the database connection and authentication method.

  6. (Optional) On the Assign machine roles page, alter the usage of the SCIM Provider machine role.

  7. On the Installation source page, enable the Overwrite default IIS request limits option and change the values as required.

    • Max. URL length [B]: Maximum length if a URL in bytes. The default value is 4096 bytes.

    • Max. query string length [B]: Maximum length of a query string in bytes. The default value is 32768 bytes.

    • Max. content length [B]: Maximum length of content in bytes. The efault value is 30000000 bytes.

  8. Installation progress is displayed on the Setup is running page. After installation is complete, click Next.

  9. Click Finish on the last page to end the program.

  10. Close the autorun program.

Related topics

Updating API Servers

NOTE: Best practice is to perform automatic updates within special maintenance windows in which the application is not accessible by users and the application can be restarted manually without risk.

The following permissions are required to automatically update an IIS installation of the API Server:

  • The user account for updating requires write permissions for the application directory.

  • The user account for updating requires the Log on as a batch job local security policy.

  • The user account running the application pool requires the Replace a process level token and Adjust memory quotas for a process local security policies.

To run an update, first load the files to be updated into the One Identity Manager database. The necessary files are loaded into the One Identity Manager database and updated when a hotfix, a service pack, or a full version update is run.

The update process differs depending on how the API Server is run:

  • Running on the IIS: The API Server automatically checks for updates on a regular basis. If updates are available, the API Server starts the update process. The API Server then restarts itself.

  • Running as a Docker container: As soon as the Docker container starts, the update starts. If updates become available during operation, the Docker container shuts down. You must then restart the Docker container either manually or using a container orchestration program.

  • Running from the ImxClient command line program: The API Server does not load updates independently. To install updates, you must restart the command line program manually.

To enable or disable automatic updates for a web application

  1. Start the Designer program.

  2. Connect to the relevant database.

  3. Navigate to Base data > Security settings > Web server configurations.

  4. In the List Editor, select the corresponding web application.

  5. Perform one of the following actions:

    • To enable automatic updates, set the Auto update level to active.

    • To disable automatic updates, set the Auto update level to inactive.

  6. Commit the changes.

Related topics
Documentos relacionados

The document was helpful.

Seleccionar calificación

I easily found the information I needed.

Seleccionar calificación