Tchater maintenant avec le support
Tchattez avec un ingénieur du support

Identity Manager 8.1.5 - Configuration Guide

About this guide One Identity Manager software architecture Customizing the One Identity Manager default configuration Customizing the One Identity Manager base configuration One Identity Manager schema basics Editing the user interface
Object definitions for the user interface User interface navigation Forms for the user interface Statistics in One Identity Manager Extending the Launchpad Task definitions for the user interface Applications for configuring the user interface Icons and images for configuring the user interface Using predefined database queries
Localization in One Identity Manager Process orchestration in One Identity Manager
Setting up Job servers Configuring the One Identity Manager Service Handling processes in One Identity Manager
Tracking changes with process monitoring Conditional compilation using preprocessor conditions Scripts in One Identity Manager
Using scripts Notes on message output Notes on using date values Using dollar ($) notation Using base objects Calling functions Pre-scripts for use in processes and process steps Using session services Using #LD-notation Script library Support for processing of scripts in Script Editor Creating and editing scripts in the Script Editor Copying scripts in the Script Editor Testing scripts in the Script Editor Testing script compilation in the Script Editor Overriding scripts Permissions for executing scripts Editing and testing script code with the System Debugger Extended debugging in the Object Browser
Reports in One Identity Manager Adding custom tables or columns to the One Identity Manager schema Web service integration SOAP Web Service One Identity Manager as SPML provisioning service provider Processing DBQueue tasks One Identity Manager Service configuration files

Installing the One Identity Manager Service on a Job server remotely

You have the option to install certain Job servers remotely in the Job Server Editor. The remote installation wizard executes the following steps:

  • Installs One Identity Manager Service components.
  • Configures the One Identity Manager Service.
  • Starts the One Identity Manager Service.

NOTE: To generate processes for the Job server, you need the provider, connection parameters and the authentication data. In the default case, this information is determined from the database connection data. If the Job server runs through an application server, you must configure extra connection data in the Designer. For more information, see Connection data for process generation.

Prerequisites for remote installation
  • The Job server is entered in the database

  • There is a user account with sufficient permissions for installing the One Identity Manager Service.

  • Remote installation is only supported within a domain or a trusted domain.

NOTE: If you are working with an encrypted One Identity Manager database, see the notes on working with an encrypted database in the One Identity Manager Installation Guide.

To install the One Identity Manager Service remotely

  1. In the Designer, select the Base Data | Installation | Job server category.

  2. Start the Job Server Editor using the Edit Job server task.

  3. Select the Job server to be edited in the Job server overview.

  4. Select the Job server | Install service menu item.

    This starts the One Identity Manager Service remote installation wizard.

  5. On the start page of the wizard, click Next.

  6. On the Configure service page, enter the One Identity Manager Service configuration settings.

    Initial configuration of the service is already predefined for the database connection. To use this template, enter the connection data for process collection. In order to extend the configuration, each configuration section of the One Identity Manager Service is listed in the module list.

    • For a direct connection to the database:

      1. Select Process collection | sqlprovider.

      2. Click the Connection parameter entry and click the Edit button.

      3. Enter the connection data for the One Identity Manager database.

    • For a connection to the application server:

      1. Select Process collection, click the Insert button and select AppServerJobProvider.

      2. Click the Connection parameter entry, then click the Edit button.

      3. Enter the connection data for the application server.

      4. Click the Authentication data entry and click the Edit button.

      5. Select the authentication module. Depending on the authentication module, other data may be required, for example, user, and password. For detailed information about One Identity Manager authentication modules, see the One Identity Manager Authorization and Authentication Guide.

  7. On the Installation source and destination page, enter the following information.

    1. General information:

      • Installation directory: Select the directory containing the installation files.

      • Private key: If the database is encrypted, select the file with the private key.

    2. Click Next.

    3. Enter the service's installation data.

      • Computer: Name or IP address of the server that the service is installed and started on.

      • Service account: User account data for the One Identity Manager Service.

        • To start the service under the NT AUTHORITY\SYSTEM account, set the Local system account option.

        • To start the service under another account, disable the Local system account option and enter the user account, password and password confirmation.

      • Installation account: Data for the administrative user account to install the service.

        • To use the current user’s account, set the option Current user.

        • To use another user account, disable the Current user option and enter the user account, password and password confirmation.

      • To change the install directory, names, display names or description of the One Identity Manager Service, use the other options.

  8. Click Next to start installing the service.

    Installation of the service occurs automatically and may take some time.

  9. Click Close to end the workflow wizard.

NOTE: In a default installation, the service is entered in the server’s service management with the name One Identity Manager Service.

TIP: Use the Job server | Start HTTP request menu item to address the HTTP server of the One Identity Manager Service for a Job server and display the different services of the One Identity Manager Service.

Related topics

Configuring the One Identity Manager Service

The One Identity Manager Service enables the distribution of the information administrated in the One Identity Manager database throughout the network. The One Identity Manager Service performs data synchronization between the database and any connected target systems and executes actions at the database and file level. The One Identity Manager Service retrieves process steps from the JobQueue. Process steps are executed by process components. The One Identity Manager Service also creates an instance of the required process component and transfers the process step parameters. Decision logic monitors the execution of the process steps and determines how processing should continue depending on the results of the executed process components. The One Identity Manager Service enables parallel processing of process steps because it can create several instances of process components.

A Job provider function makes a Job destination process step available within the One Identity Manager Service. The Job destination function handles the process steps and returns a result to the Job provider. The Job provider evaluates the result.

The combination of a Job provider on one server and a Job destination on another server is called a "Job gate". The Job provider and Job destination are configured within the Jobgate such that they can communicate with each other.

Figure 26: Example of how the One Identity Manager Service works

Table 75: One Identity Manager Service provider
Provider

Description

MSSQLJobProvider

The MSSQLJobProvider retrieves the process steps from the One Identity Manager database under SQL Server and sends them to a Job destination.

FileJobProvider

In the FileJobProvider, process requests and results are read from and written to files. These files can be processed by the FileJobGate (FileJobDestination or FTPJobDestination). The data is transferred using these files.

FTPJobProvider

The FTPJobProvider is based on the function of the FileJobProvider. In the FTPJobProvider, process requests and results are read from and written to files. After the files have been created in the local directory, the FTPJobProvider connects to the FTP server and transfers the files to the server. A connection is also made to the FTP Server when it gets a signal and the data is collected.

HTTPJobProvider

The HTTPJobProvider receives process steps from a parent Job server. The data transfer is carried out by HTTP.

AppServerJobProvider

The AppServerJobProvider retrieves the process steps from the application server and sends them to a Job destination.

Table 76: One Identity Manager Service Job destinations
JobDestination Description

JobServiceDestination

The JobServiceDestination is the One Identity Manager Service component that performs the actual handling of process steps. It requests the process steps from the Job provider, processes them with the process component and returns the result.

FileJobDestination

The FileJobDestination handles the process steps provided by the FileJobGate (FileJobProvider or FTPJobProvider) and returns the results to the Job provider.

FTPJobDestination

The FTPJobDestination handles the process steps provided by the FileJobGate (FileJobProvider or FTPJobProvider) and returns the results to the Job provider.

HTTPJobDestination

The HTTPJobDestination sends process steps to a child Job server. The data transfer is carried out by HTTP.

Table 77: One Identity Manager Service Jobgates
Jobgate Description

HTTPJobGate

Consisting of HTTPJobProvider and HTTPJobDestination.

FileJobGate

Consisting of FileJobProvider, FileJobDestination, FTPJobProvider and FTPJobDestination. JobProvider and JobDestinations can be combined with each other.

Figure 27: Example FileJobGate configuration

Detailed information about this topic

One Identity Manager Service configuration files

Configuration One Identity Manager Service and its plug-ins with a configuration file. The file has to reside in the same directory as the file viNetworkService. The configuration file is necessary both for One Identity Manager Service on a windows based operating system and for the Linux daemon.

Two configuration file formats are supported:

  • Jobservice.cfg

    Jobservice.cfg is an XML configuration file with its own format. The advantage of this file is that run-time loading is supported.

  • viNetworkService.exe.config

    The viNetworkService.exe.config file is the default configuration file for .NET exes and has the specified format.

The system initially searches for the parameter in the configuration file Jobservice.cfg in order to determine the setups. If the parameter is not found, the file viNetwordService.exe is automatically used. Thus the One Identity Manager Service can only work with the configuration file viNetworkService.exe.config.

In the Designer, configure the One Identity Manager Service in the Base data | Installation | Job server category or by using the Job Service Configuration program.

There is one unique section in the file for each of the different modules in One Identity Manager Service.

Table 78: One Identity Manager Service modules
Module Description

Process collection

Specify the Job provider in this module.

JobDestination

In this module, you specify the job destination.

Configuration

Standard configuration settings for One Identity Manager Service are in this module.

LogWriter

This module writes One Identity Manager Service messages to a log file.

Request dispatcher

Use this module to configure the One Identity Manager Service as a dispatcher. The process requests from the child Job server are buffered, processed, and forwarded.

Connection

With this module you can set special configuration settings for the behavior of the One Identity Manager Service.

HTTP authentication module

Use this module to specify how authentication works on an HTTP server so that extended services can be accessed, for example, displaying the log file or the status display.

Plug-ins

Specify which plugins should be installed in this module.

File with the private key.

In this module, you provide the data for files with a private key. Use this module if you are working with more than one private key.

Detailed information about this topic

Customizing the One Identity Manager Service configuration for a Job server

This configuration is already created when the One Identity Manager Service is installed. Use the Job Server Editor to modify each configuration setting. You can also customize all configuration settings in the Job Service Configuration program.

NOTE: Before changing the One Identity Manager Service configuration, make sure that the configuration is imported into the database. In the Designer, configure, and enable the Get configuration file from the Job server and write in the Job server configuration schedule.

To modify the One Identity Manager Service configuration on a Job server

  1. In the Designer, select the Base Data | Installation | Job server category.

  2. Start the Job Server Editor using the Edit Job server task.

  3. Enable the Configure One Identity Manager Service view.

  4. Select the Job server to be edited in the Job server overview.

  5. Edit the configuration settings.

    TIP: Use the and buttons to change the configuration data.

  6. Save the configuration using .

  7. Use the button to test the configuration.

  8. Deploy the modified configuration to the Job server using Job server | Deploy Job server configuration from menu.

    This generates a process, which updates the configuration file on the Job server.

TIP: Use the Job server | Start HTTP request menu item to address the HTTP server of the One Identity Manager Service for a Job server and display the different services of the One Identity Manager Service.

Related topics
Documents connexes

The document was helpful.

Sélectionner une évaluation

I easily found the information I needed.

Sélectionner une évaluation