Tchater maintenant avec le support
Tchattez avec un ingénieur du support

Identity Manager 8.2 - Installation Guide

About this guide One Identity Manager overview Installation prerequisites Installing One Identity Manager Installing and configuring the One Identity Manager Service Automatic updating of One Identity Manager Updating One Identity Manager Installing additional modules for a existing One Identity Manager installation Installing and updating an application server Installing the API Server Installing, configuring, and maintaining the Web Designer Web Portal Installing and updating the Manager web application Logging in to One Identity Manager tools Troubleshooting Advanced configuration of the Manager web application Machine roles and installation packages Configuration parameters for the email notification system Configuring deployment of One Identity Manager with SQL Server AlwaysOn availability groups

Setting up the email notification system

One Identity Manager sends email notifications about various actions taken within the system. Thus, various notifications are sent to requester and approver within the request process. In the same way, notifications about attestation cases are sent or reports delivered by email. Notifications are sent when an actions is successfully or unsuccessfully run during process handling.

You can implement custom notifications in addition to predefined notification processes.

To use the notification system

  1. Use the Job Server Editor to set up a Job server as a SMTP host for mail distribution.

  2. In the Launchpad, in the Configuration section, select Configure email connection.

  3. Click Run.

  4. On the home page of the Mail Configuration Wizard, click Next.

  5. On the Create connection to the SMTP server page, configure the SMTP server connection to use for sending emails.

    • To test the user account data, click Test connection.

  6. On the Email settings page, you can define the default email address of a sender and a recipient as well as the layout of the email.

  7. On the Data security page, you can configure the data security settings.

  8. On the Email notifications about requests page, make any changes to the general settings for email notifications about requests. In addition, define whether the Approval by mail feature can be used for requests. If you enable this feature, the settings you need are shown.

  9. On the Email notifications about attestation page, make any changes to the general settings for email notifications about attestations. In addition, define whether the Approval by mail feature can be used for attestations. If you enable this feature, the settings you need are shown.

  10. On the Report subscriptions page, you can change the default settings for report subscriptions.

  11. On the Email notifications about actions in the target system page, you can enter an email address for notifying about actions in the target system. This might be error or success messages about changes in the target system.

  12. On the last page of the Mail Configuration Wizard, click Finish.

In addition, other configuration parameters could be required for different notification processes. Enable these in the Designer. Some configuration parameters are only available if the module is installed.

Table 18: Additional configuration parameters for mail notification

Configuration parameter

Meaning

Common | InternationalEMail

Specifies whether international domain names and unicode characters are supported in email addresses.

IMPORTANT: The mail server must also support this function. If necessary, you must override the script VID_IsSMTPAddress

Common | MailNotification | Encrypt | EncryptionCertificateScript

This configuration parameter contains the script that supplies a list of encrypted certificates (default: QBM_GetCertificates).

Common | MailNotification | NotifyAboutWaitingJobs

Specifies whether a message should be sent if the process steps have a particular status in the Job queue.

Common | MailNotification | SMTPUseDefaultCredentials

Specifies which credentials are used for authentication on the SMTP server.

If this parameter is set, the One Identity Manager Service login credentials are used for authentication on the SMTP server.

If the configuration parameter is not set, the login data defined in the Common | MailNotification | SMTPDomain and Common | MailNotification | SMTPAccount or Common | MailNotification | SMTPPassword configuration parameters is used. (Default)

Common | MailNotification | VendorNotification

Email address of your company's contact person. The email address is used as the return address for notifying vendors.

If the configuration parameter is set, One Identity Manager generates a list of system settings once a month and sends the list to One Identity. This list does not contain any personal data. You can check the latest system information at any time by selecting Help > Info in the menu.

The list will be reviewed by our customer support team, who will look for material changes in a proactive effort to identify potential issues before they materialize on your system. The lists may be used by our R&D staff for analysis, diagnosis, and replication for testing purposes. We will keep and refer to this information for as long as your company remains on support for this product.

TargetSystem | ADS | MemberShipRestriction | MailNotification

Default email address for sending warning emails.

Related topics

Installing and configuring the One Identity Manager Service

The One Identity Manager Service handles defined processes. The service has to be installed on the One Identity Manager network server to run the processes. The server must be declared as a Job server in the One Identity Manager database.

Setting up a Job server requires the following steps:

  • Create an entry for the Job server in the One Identity Manager database.

  • Specify the machine roles and server functions for the Job server.

    Installation packages to be installed on the Job server are found, depending on the selected machine roles. The server function defines the functionality of a server in One Identity Manager. One Identity Manager processes are handled with respect to the server function.

  • Install the One Identity Manager Service.

  • Configure the One Identity Manager Service.

  • Start the One Identity Manager Service.

For more information about using the One Identity Manager Service, see the One Identity Manager Configuration Guide.

NOTE: On Linux operating systems, use of oneidentity/oneim-job docker images is recommended.

Related topics

Setting up Job servers

Each Job server within the network must have a unique queue identifier. The process steps are requested by the Job queue using exactly this queue name:

  • A Job server must be known in the One Identity Manager database for each queue.

  • Enter this queue name in the One Identity Manager Service configuration file.

There are several methods for setting up a Job server:

  • For the initial schema installation with the Configuration Wizard, you already set up a Job server with the SQL processing server and Update server server functions. Use the Configuration Wizard to configure the service and install the service remotely on a server.

  • To configure further Job servers, use the Server Installer program.

    Using the Server Installer, you create the Job server with its machine roles and server functions in the database. Use the Server Installer to configure the service and install the service remotely on a server.

  • You can create Job servers in the Designer.

    Use the Designer, to create a Job server with the machine roles and server functions, configure the service on the server and install the service remotely. For detailed information, see One Identity Manager Configuration Guide.

  • If a remote installation is not possible, you can install and configure the service locally on a server.

    • Install the service components on the server using the installation wizard.

    • Configure the service using the Job Service Configuration program. For more information about configuring the One Identity Manager Service, see the One Identity Manager Configuration Guide.

    • If the Common | Jobservice | AutoCreateServerFromQueues configuration parameter is enabled, in response to queries from the One Identity Manager Service for unknown queues, new Job servers are created in the database. Information about machine roles and server functions is transferred to the database.

NOTE: If you subsequently change server functions for a Job server in the database, for example using the Designer, the system checks whether the required components are installed on the server, and updates the server if necessary. To enable this, automatic software updates must be active.

Related topics

Remote installation of the One Identity Manager Service with the Server Installer

IMPORTANT: If you are working with an encrypted One Identity Manager database, see Tips for working with an encrypted One Identity Manager database.

Use the One Identity Manager Service to install the Server Installer. The program runs the following steps:

  • Sets up a Job server.

  • Specifies machine roles and server function for the Job server.

  • Remotely installs One Identity Manager Service components corresponding to the machine roles.

  • Configures the One Identity Manager Service.

  • Starts the One Identity Manager Service.

NOTE: The program performs a remote installation of the One Identity Manager Service. Local installation of the service is not possible with this program.

To remotely install the One Identity Manager Service, you must have an administrative workstation on which the One Identity Manager components are installed.

NOTE: To generate processes for the Job server, you need the provider, connection parameters, and the authentication data. By default, this information is determined from the database connection data. If the Job server runs through an application server, you must configure extra connection data in the Designer. For detailed information about setting up Job servers, see the One Identity Manager Configuration Guide.

To remotely install and configure One Identity Manager Service on a server

  1. Start the Server Installer program on your administrative workstation.

  1. On the Database connection page, enter the valid connection credentials for the One Identity Manager database.

  2. On the Server properties page, specify the server on which you want to install the One Identity Manager Service.

    1. Select a Job server from the Server menu.

      - OR -

      To create a new Job server, click Add.

    2. Enter the following data for the Job server.

      • Server: Name of the Job server.

      • Queue: Name of the queue to handle the process steps. Each Job server within the network must have a unique queue identifier. The process steps are requested by the Job queue using this exact queue name. The queue identifier is entered in the One Identity Manager Service configuration file.

      • Full server name: Full server name in accordance with DNS syntax.

        Syntax:

        <Name of servers>.<Fully qualified domain name>

      NOTE: You can use the Extended option to make changes to other properties for the Job server. You can also edit the properties later with the Designer.

  1. On the Machine roles page specify which roles the Job server is to have in One Identity Manager. Installation packages to be installed on the Job server are found depending on the selected machine role.

  2. On the Server functions page, specify the function of the server in the One Identity Manager environment. One Identity Manager processes are handled with respect to the server function.

    The server's functions depend on which machine roles you have selected. You can limit the server's functionality further here.

  3. On the Service Settings page, enter the connection data and check the One Identity Manager Service configuration.

    NOTE: The initial service configuration is predefined. If further changes need to be made to the configuration, you can do this later with the Designer. For detailed information about configuring the service, see the One Identity Manager Configuration Guide.

    • For a direct connection to the database:

      1. Select Process collection > sqlprovider.

      2. Click the Connection parameter entry, then click the Edit button.

      3. Enter the connection data for the One Identity Manager database.

    • For a connection to the application server:

      1. Select Process collection, click the Insert button and select AppServerJobProvider.

      2. Click the Connection parameter entry, then click the Edit button.

      3. Enter the connection data for the application server.

      4. Click the Authentication data entry and click the Edit button.

      5. Select the authentication module. Depending on the authentication module, other data may be required, such as user and password. For detailed information about One Identity Manager authentication modules, see the One Identity Manager Authorization and Authentication Guide.

  4. To configure remote installations, click Next.

  1. On the Select installation source page, select the directory with the install files. Change the directory if necessary.

  2. On the Service access page, enter the service's installation data.

    • Computer: Enter the name or IP address of the server that the service is installed and started on.

    • Service account: Enter the details of the user account that the One Identity Manager Service is running under. Enter the user account, the user account's password and password confirmation.

    The service is installed using the user account with which you are logged in to the administrative workstation. If you want to use another user account for installing the service, you can enter it in the advanced options. You can also change the One Identity Manager Service details, such as the installation directory, name, display name, and the One Identity Manager Service description, using the advanced options.

  3. Click Next to start installing the service.

    Installation of the service occurs automatically and may take some time.

  4. Click Finish on the last page of the Server Installer.

    NOTE: In a default installation, the service is entered in the server’s service management with the name One Identity Manager Service.

Related topics
Documents connexes

The document was helpful.

Sélectionner une évaluation

I easily found the information I needed.

Sélectionner une évaluation