The following system prerequisites must be fulfilled to install web applications on a web server.
|
Processor |
4 physical cores 1.65 GHz+ |
|
Memory |
4 GB RAM |
|
Hard drive storage |
40 GB |
|
Operating system |
Windows operating systems The following versions are supported:
Linux operating systems
|
|
Additional software |
Windows operating systems
Linux operating systems
|
The application server provides a connection pool for accessing the database and stores business logic. The following system prerequisites must be fulfilled for installation of the application server.
|
Processor |
8 physical cores 2.5 GHz+ |
|
Memory |
8 GB RAM |
|
Hard drive storage |
40 GB |
|
Operating system |
Windows operating systems The following versions are supported:
Linux operating systems
|
|
Additional software |
Windows operating systems
Linux operating systems
|
NOTE: In order to use the application server's REST API, the HTTP request methods POST, GET, PUT, and DELETE must be permitted by the web server (IIS/Apache).
| User | Permissions |
|---|---|
|
User for installing One Identity Manager |
The installation user is needed for the initial installation of a One Identity Manager database using the Configuration Wizard. For more information, see Users and permissions for the One Identity Manager database on an SQL Server, Users and permissions for the One Identity Manager database in a manage instance in Azure SQL Database, and Users and permissions for the One Identity Manager database in Azure SQL Database. |
|
User for administrative tasks in One Identity Manager |
The administrative user is used by components of One Identity Manager that require authorizations at server level and database level, for example, the Configuration Wizard, the DBQueue Processor, or the One Identity Manager Service. For more information, see Users and permissions for the One Identity Manager database on an SQL Server, Users and permissions for the One Identity Manager database in a manage instance in Azure SQL Database, and Users and permissions for the One Identity Manager database in Azure SQL Database. |
|
User for configuration tasks in One Identity Manager |
The configuration user can run configuration tasks within the One Identity Manager, for example, creating customer-specific schema extensions or working with the Designer. Configuration users need permissions at the server and database levels. For more information, see Users and permissions for the One Identity Manager database on an SQL Server, Users and permissions for the One Identity Manager database in a manage instance in Azure SQL Database, and Users and permissions for the One Identity Manager database in Azure SQL Database. |
|
End user for One Identity Manager |
End users are only assigned permissions at database level in order, for example, to complete tasks with the Manager or the Web Portal. For more information, see Users and permissions for the One Identity Manager database on an SQL Server, Users and permissions for the One Identity Manager database in a manage instance in Azure SQL Database, and Users and permissions for the One Identity Manager database in Azure SQL Database. |
|
User for Logging into One Identity Manager |
One Identity Manager uses different authentication modules for logging in to administration tools. Authentication modules identify the system users to be used and load the user interface and database resource editing permissions depending on their permissions groups. For more information about One Identity Manager authentication modules, see the One Identity Manager Authorization and Authentication Guide. |
|
User account for the One Identity Manager Service |
The user account for the One Identity Manager Service requires user permissions to carry out operations at file level (adding and editing directories and files). The user account must belong to the Domain users group. The user account must have the Login as a service extended user permissions. The user account requires permissions for the internal web service. NOTE: If the One Identity Manager Service runs under the network service (NT Authority\NetworkService), you can grant permissions for the internal web service with the following command line call: netsh http add urlacl url=http://<IP address>:<port number>/ user="NT AUTHORITY\NETWORKSERVICE" The user account needs full access to the One Identity Manager Service installation directory in order to automatically update One Identity Manager. In the default installation, One Identity Manager is installed under:
NOTE: Other target system specific permissions may be required for synchronizing One Identity Manager with each target system. These permissions are explained in the corresponding guide. For more information, see Setting up permissions for creating an HTTP server. |
The log files of the One Identity Manager Service can be displayed using an HTTP server (http://<Servername>:<Portnumber>).
Users require permission to open an HTTP server. The administrator must grant URL approval to the user to do this. This can be run with the following command line call:
netsh http add urlacl url=http://*:<port number>/ user=<domain>\<user name>
If the One Identity Manager Service has to run under the Network Service's user account (NT Authority\NetworkService), explicit permissions for the internal web service must be granted. This can be run with the following command line call:
netsh http add urlacl url=http://<IP address>:<port number>/ user="NT AUTHORITY\NETWORKSERVICE"
You can check the result with the following command line call:
netsh http show urlacl
© 2024 One Identity LLC. ALL RIGHTS RESERVED. Terms of Use Privacy Cookie Preference Center
