サポートと今すぐチャット
サポートとのチャット

Identity Manager 9.3 - Installation Guide

About this guide One Identity Manager overview Installation prerequisites Installing One Identity Manager Installing and configuring the One Identity Manager Service Automatic updating of One Identity Manager Updating One Identity Manager Installing additional modules for a existing One Identity Manager installation Installing and updating an application server Installing and updating an API Server Installing and updating the Manager web application Logging in to One Identity Manager tools Troubleshooting Advanced configuration of the Manager web application Machine roles and installation packages Configuration parameters for the email notification system How to configure the One Identity Manager database using SQL Server AlwaysOn availability groups

Encrypting database information

NOTE: It is recommended that you create a backup before encrypting the database information in a database. Then you can restore the previous state if necessary.

In certain circumstances, it is necessary to store encrypted information in the One Identity Manager database: If you did not encrypt the database when you installed with the Configuration Wizard, use the Crypto Configuration program to encrypt. With this program an encryption file is created and the contents of the database columns that are affected are converted.

To change the encryption method

  • In the Designer, set the Common | EncryptionScheme configuration parameter and select one of the options:

    • RSA: RSA encryption with AES for large data (default).

    • FIPSCompliantRSA: FIPS certified RSA with AES for large data. This method is used if encryption must match the FIPS 104-2 standard. The local security policy Use FIPS compliant algorithms for encryption, hashing, and signing must be enabled.

NOTE: If the Common | EncryptionScheme configuration parameter is not set, RSA encryption is used as the method.

Detailed information about this topic

Creating new database keys and encrypting database information

NOTE: It is recommended that you create a backup before encrypting the database information in a database. Then you can restore the previous state if necessary.

To create a new database key and encrypt the One Identity Manager database

  1. Start the Launchpad and log in to the One Identity Manager database.

  2. In the Installation overview > Installation Checklist section, select the Encrypt the database entry and click Run.

    This starts the Crypto Configuration program.

  3. Click Next on the home page.

  4. On the New database connection page, enter the valid connection credentials for the One Identity Manager database.

  5. On the Select action page, select Create or change database key.

  6. On the Private key page, select There was no encryption yet.

  7. On the New private key page, create a new key.

    1. Click Create key.

    2. Select the directory path for saving the file using the file browser and enter a name for the key file.

    3. Click Save.

      The (*.key) key file is generated. This closes the file browser and displays the path and file name under Private key.

    4. Click Next.

      This establishes which data to encrypt.

  8. The date to be encrypted is displayed on the Convert database page.

    1. Click Convert.

    2. Confirm the following two security questions with Yes.

      This starts data encryption and displays the conversion progress.

    3. Click Next.

  9. Click Finish on the last page to end the program.

Related topics

Changing database keys and encrypting database information

NOTE:

  • To change a database key, you need the key file with the old database key. The key is change and saved in a new key file.

  • It is recommended that you create a backup before encrypting the database information in a database. Then you can restore the previous state if necessary.

To change a database key and encrypt the One Identity Manager database

  1. Start the Launchpad and log in to the One Identity Manager database.

  2. In the Installation overview > Installation Checklist section, select the Encrypt the database entry and click Run.

    This starts the Crypto Configuration program.

  3. Click Next on the home page.

  4. On the New database connection page, enter the valid connection credentials for the One Identity Manager database.

  5. On the Select action page, select Create or change database key.

  6. Load the existing key on Private key.

    1. Select Encryption was enabled.

    2. Click Load key.

    3. Using the file browser, select the (*.key) file with the old database key.

    4. Click Open.

      This closes the file browser and displays the path and file name.

    5. Click Next.

  7. On the New private key page, create a new key.

    1. Click Create key.

    2. Select the directory path for saving the file using the file browser and enter a name for the key file.

    3. Click Save.

      The (*.key) key file is generated. This closes the file browser and displays the path and file name under Private key.

    4. Click Next.

      This establishes which data to encrypt.

  8. The date to be encrypted is displayed on the Convert database page.

    1. Click Convert.

    2. Confirm the following two security questions with Yes.

      This starts data encryption and displays the conversion progress.

    3. Click Next.

  9. Click Finish on the last page to end the program.

Related topics

Reencrypting database information

Use this method if the database already has encryption but you want to encrypt more columns.

NOTE: It is recommended that you create a backup before encrypting the database information in a database. Then you can restore the previous state if necessary.

To repeat One Identity Manager database encryption using an existing database key

  1. Start the Launchpad and log in to the One Identity Manager database.

  2. In the Installation overview > Installation Checklist section, select the Encrypt the database entry and click Run.

    This starts the Crypto Configuration program.

  3. Click Next on the home page.

  4. On the New database connection page, enter the valid connection credentials for the One Identity Manager database.

  5. On the Select action page, select Encrypt using existing key.

    This establishes which data to encrypt.

  6. The date to be encrypted is displayed on the Convert database page.

    1. Click Convert.

    2. Confirm the following two security questions with Yes.

      This starts data encryption and displays the conversion progress.

    3. Click Next.

  7. Click Finish on the last page to end the program.

Related topics
関連ドキュメント

The document was helpful.

評価を選択

I easily found the information I needed.

評価を選択