Chat now with support
Chat with Support

Identity Manager 8.1.4 - Installation Guide

About this guide One Identity Manager overview Installation prerequisites Installing One Identity Manager Installing and configuring the One Identity Manager Service Automatic updating of One Identity Manager Updating One Identity Manager Installing and updating an application server Installing the API Server Installing, configuring, and maintaining the Web Portal Installing and updating the Manager web application Logging in to One Identity Manager tools Troubleshooting Creating a One Identity Manager database for a test or development environment from a database backup Advanced configuration of the Manager web application Machine roles and installation packages

Changing a database key and encrypting the database information

NOTE: To change a database key, you need the key file with the old database key. The key is change and saved in a new key file.

NOTE: It is recommended that you create a backup before encrypting the database information in a database. Then you can restore the previous state if necessary.

To change a database key and encrypt the One Identity Manager database

  1. Open the Launchpad and select the Encrypt database entry. This starts the Crypto Configuration program.
  2. Click Next on the start page.
  3. On the New database connection page, enter the valid connection data for the One Identity Manager database and click Next.
  4. Select Create or change database key on the Select action page and click Next.
  5. Load the existing key on Private key.
    1. Select Encryption was enabled.
    2. Click Load key.
    3. Using the file browser, select the (*.key) file with the old database key.
    4. Click Open.

      The file browser is closed. The path and file name are shown.

    5. Click Next.
  6. Create a new key on New private key.
    1. Click Create key.
    2. Select the directory path for saving the file using the file browser and enter a name for the key file.
    3. Click Save.

      The (*.key) key file is generated. The file browser is closed. The path and filename are displayed under Private key.

    4. Click Next.

      This establishes which data is encrypted.

  7. The date to be encrypted is displayed on the Convert database page.
    1. Click Convert.
    2. Confirm the following two security questions with Yes.

      The data encryption is started. Conversion progress is displayed.

    3. Click Next.
  8. Click Finish on the last page to end the program.
Related topics

Re-encrypting the database information

Use this method when you mark more database columns with the option Encrypted and the database is already encrypted.

NOTE: It is recommended that you create a backup before encrypting the database information in a database. Then you can restore the previous state if necessary.

To repeat One Identity Manager database encryption using an existing database key

  1. Open the Launchpad and select the Encrypt database entry. This starts the Crypto Configuration program.
  2. Click Next on the start page.
  3. On the New database connection page, enter the valid connection data for the One Identity Manager database and click Next.
  4. Select Encrypt using existing key on the Select action page and click Next.

    This establishes which data is encrypted.

  5. The date to be encrypted is displayed on the Convert database page.
    1. Click Convert.
    2. Confirm the following two security questions with Yes.

      The data encryption is started. Conversion progress is displayed.

    3. Click Next.
  6. Click Finish on the last page to end the program.
Related topics

Decrypting the database information

NOTE: You need the file with the database key for this.

NOTE: It is recommended that you create a backup before encrypting the data in a database. Then you can restore the previous state if necessary.

To decrypt the One Identity Manager database

  1. Open the Launchpad and select the Encrypt database entry. This starts the Crypto Configuration program.
  2. Click Next on the start page.
  3. On the New database connection page, enter the valid connection data for the One Identity Manager database and click Next.
  4. Select Decrypt data on the Select action page and click Next.

    This establishes which data is encrypted.

  5. The date to be encrypted is displayed on the Convert database page.
    1. Click Convert.
    2. Confirm the following two security questions with Yes.

    3. The data encryption is started. Conversion progress is displayed.

    4. Using the file browser, select the (*.key) file with the database key.
    5. Click Open.

      The file browser is closed. The data decryption is started. Conversion progress is displayed.

    6. Click Next.
  6. Click Finish on the last page to end the program.
Related topics

Advice on working with an encrypted One Identity Manager database

If you encrypt a One Identity Manager database, you must declare the database key to the One Identity Manager Service.

 CAUTION: If the One Identity Manager Service finds a private key in the installation directory on startup, it places the key in the Windows internal key container of its service account and deletes the file from the hard drive. So save the private key at another location in addition to the service install directory.

To declare the database key

  • Declare the following information in the One Identity Manager Service configuration file. Use the Job Server Editor in the Designer or the Job Service Configuration program to edit the configuration file. For more detailed information, see the One Identity Manager Configuration Guide.

    Table 20: Configuring the One Identity Manager Service for encryption
    Configuration module Parameters Meaning

    JobServiceDestination

    Encryption method (EncryptionScheme)

    Encryption method used

    JobServiceDestination

    File with private key (PrivateKey)

    Enter the file with the encryption information. The default file is private.key.

    JobServiceDestination

    Private key identifier (PrivateKeyId)

    Identifier of the private key.

    Use this parameter if you work with several private keys, for example, if One Identity Manager Service data must be exchanged between two encrypted One Identity Manager databases.

    If no ID is specified, a search is performed for the private.key file.

    File with the private key.

     

    Private key identifier and path to private key file.

    The ID is expected in the JobServiceDestination in the Private key identifier parameter (PrivateKeyId) The default key has the ID Default.

  • Save the key file created in the service’s install directory.

  • Open the service management and restart the One Identity Manager Service.

NOTE: The file with the private key must exist in the server's installation directory on all servers with an active One Identity Manager Service.

NOTE: If you change the One Identity Manager Service user account, you must save the key file in the service’s install directory again.

Detailed information about this topic
Related Documents

The document was helpful.

Select Rating

I easily found the information I needed.

Select Rating