Chat now with support
Chat with Support

Identity Manager 9.2 - Installation Guide

About this guide One Identity Manager overview Installation prerequisites Installing One Identity Manager Installing and configuring the One Identity Manager Service Automatic updating of One Identity Manager Updating One Identity Manager Installing additional modules for a existing One Identity Manager installation Installing and updating an application server Installing the API Server Installing, configuring, and maintaining the Web Designer Web Portal Installing and updating the Manager web application Logging in to One Identity Manager tools Troubleshooting Advanced configuration of the Manager web application Machine roles and installation packages Configuration parameters for the email notification system How to configure the One Identity Manager database using SQL Server AlwaysOn availability groups

Implementing the automatic software update

The following permissions are required for automatic software updating:

  • It is recommended that you apply full access permissions to the One Identity Manager installation directory for automatic updating of One Identity Manager tools.

  • The service's user account needs full access to the One Identity Manager Service installation directory in order to automatically update One Identity Manager.

To implement automatic software updating

  1. Ensure that an update server is set up. This server ensures that the other servers are updated automatically.

    • The server must be entered in the database as a Job server with the server function Update server.

    • A One Identity Manager Service with direct access to the database must be installed and configured on the server.

  2. In the Designer, check the Common | Autoupdate configuration parameter.

    • If the configuration parameter is set (default), One Identity Manager files that do not have the current revision status, are updated automatically.

    • If this configuration parameter is not set, no automatic update is performed.

  3. Use the Common | AutoUpdate | AllowOutOfTimeApps configuration parameter to define whether the users of the One Identity Manager tools can decide when the update of their workstation takes place.

    • If this configuration parameter is set, users of One Identity Manager tools are prompted to decide whether they want to update now or later.

    • If this configuration parameter is not set, the One Identity Manager tools are updated immediately.

  4. In the Common | Autoupdate | ServiceUpdateType configuration parameter, determine which procedure is used to update the One Identity Manager Service.

    Table 22: Methods under to the configuration parameter Common | Autoupdate | ServiceUpdateType
    Method Meaning

    Queue

    A process is queued in the Job queue that distributes the files.

    DB

    The files are reloaded directly from the database. Implement this procedure if all Job servers have a direct connection to the database.

    Auto

    All root servers are filled directly from the database. A process is set up in the Job queue for all leaf servers. For this process, the root servers must have a direct database connection.

  5. Web applications may require some individual configuration settings. Check the configuration settings.

Related topics

Disabling automatic software update

NOTE: If the Common | Autoupdate configuration parameter is deactivated, no automatic update is performed across the system.

Under certain circumstances, it is necessary to exclude individual workstations, server, or web applications.

Disabling workstation automatic update

To disable automatic update locally on a workstation, set the HKEY_CURRENT_USER\Software\One Identity\One Identity Manager\Global\Settings\AutoUpdateEnabled registry key to false.

This disables automatic updating completely on this workstation.

Disabling a Job server automatic update

Configure the Job server automatic update in the Job server entry.

To exclude individual Job servers from updating automatically

  1. In the Designer, select the Base Data > Installation > Job server category.

  2. Select the Job server to be edited in the Job server overview.

  3. On the Properties tab, enable the No automatic software update option.

  4. Select the Database > Commit to database and click Save.

Disabling the Web Designer Web Portal automatic update

You can disable Web Designer Web Portal updates in the database.

To disable the automatic Web Designer Web Portal update

  1. In the Designer, select the Base data > Security settings > Web server configurations category.

  2. In the list view, select the entry for the Web Designer Web Portal.

  3. On the Properties tabs, change the value of the Auto update level to inactive.

  4. Select the Database > Commit to database and click Save.

Disabling automatic application server update

Configure automatic updating in the application server's web.config file. For more information, see Updating application servers.

Updating One Identity Manager

Updating One Identity Manager tools includes updating the One Identity Manager database and the existing installations on One Identity Manager network workstations and servers.

Database updates are necessary when hotfixes and service packs or complete version updates are available for One Identity Manager.

  • Hotfix

    A hotfix contains corrections to the default configuration of the current main version but no extension of functionality. A hotfix can supply patches for issues solved in synchronization projects.

  • Service pack

    A service pack contains minimal extensions of functionality and all the modifications since the last main version that were already included in the hotfixes. A service pack can supply patches with new functions for synchronization projects.

  • Version change

    A version change means that significant extensions of functionality have been made and involves a complete re-installation. A version change can supply milestones for updating synchronization projects. Milestones group together all patches for solved issues and patches required for new features of the previous version.

Detailed information about this topic

The update process for releasing a new One Identity Manager version

NOTE: Read the release notes for possible differing or additional steps for updating One Identity Manager.

To update the One Identity Manager to a new version

  1. In the Designer, carry out all consistency checks in the Database section.

    1. in the Designer, start the Consistency Editor with the Database > Check data consistency menu item.

    2. In the Test options dialog, click the icon .

    3. Enable all tests in the Database view and click OK.

    4. Start testing with the Consistency check > Run menu item.

      All the database tests must be successful. Correct the errors. Some consistency checks offer repair methods for correcting errors.

  2. Update the administrative workstation on which the One Identity Manager database schema update will start.
    1. Run the autorun.exe program from the root directory on the One Identity Manager installation medium.

    2. Change to the Installation tab. Select the edition that you installed.

    3. Click Install.

      This starts the installation wizard.

    4. Follow the installation instructions.

      IMPORTANT: On the Installation Settings page, select the directory for your current installation as the installation directory. Otherwise the components are not updated and a new installation is created in the second directory instead.

  3. End the One Identity Manager Service on the update server.

  4. Create a back up of the One Identity Manager database.

  5. Check whether the database's compatibility level is set the 150 and change it if necessary.

  6. Run a schema update of the One Identity Manager database.

    • Start the Configuration Wizard on the administrative workstation.

      Select a user who has at least administrative permissions for the One Identity Manager database to update the One Identity Manager schema with the Configuration Wizard.

      • Use the same user that you used to initially install the schema.

      • If you created an administrative user during schema installation, use that one.

      • If you selected a user with Windows authentication to install the schema, you must use the same one for updating.

      NOTE: If you want to switch to the granular permissions concept when you upgrade from version 8.0.x to 9.2, you will also require an installation user in accordance with Users and permissions for the One Identity Manager database on an SQL Server.

      After updating One Identity Manager, change the connection parameters. This affect the connection credentials for the database (DialogDatabase), for example, the One Identity Manager Service, the application server, administration, and configuration tools, web applications and web services, and the connection credentials in synchronization projects.

      If you want to switch to granular permissions when you update from 8.1.x, contact support. To access the Support Portal, go to https://support.oneidentity.com/identity-manager/.

  7. Update the One Identity Manager Service on the update server.

    1. Run the program autorun.exe from the root directory on the One Identity Manager installation medium.

    2. Change to the Installation tab. Select the edition that you installed.

    3. Click Install.

      This starts the installation wizard.

    4. Follow the installation instructions.

      IMPORTANT: On the Installation Settings page, select the directory for your current installation as the installation directory. Otherwise the components are not updated and a new installation is created in the second directory instead.

  8. Check the login credentials of the One Identity Manager Service. Specify the service account to use.

  9. Start the One Identity Manager Service on the update server.

  10. Update other installations on workstations and servers.

    You can use the automatic software update method for updating existing installations.

    NOTE: In some cases it may be necessary to update the additional workstations and Job servers manually. This may be required, for example, if there are a significant number of new changes with a One Identity Manager version update that do not allow the use of automatic update.

To update synchronization projects to a new version

Any required changes to system connectors or the synchronization engine are made available when you update One Identity Manager. These changes must be applied to existing synchronization projects to prevent target system synchronizations that are already set up, from failing. Patches are available for this.

NOTE: Some patches are applied automatically. A process that migrates all existing synchronization project is queued in the Job queue to do this. To run the process, the One Identity Manager Service must be started on the database server and on all the synchronization servers.

  • Check whether the DPR_Migrate_Shell process has been started successfully.

    If a patch could not be applied, for example because the target system was not available, you can apply the patch manually later.

For more information about applying patches, see the One Identity Manager Target System Synchronization Reference Guide.

To update an application server to a new version

  • The application server starts updating automatically after the One Identity Manager database schema update.

  • To start the update manually, open the status page for the application in the browser and click Update immediately in the logged in user’s menu.

To update the Web Designer Web Portal to a new version

NOTE: Ensure that the application server is updated before you update the Web Portal.

  • To update the Web Designer Web Portal automatically, use a browser to connect to the runtime monitor http://<server name>/<application>/monitor and start the update of the web application.

  • To manually update the Web Designer Web Portal, uninstall the existing Web Designer Web Portal installation and reinstall the Web Designer Web Portal.

To update an API Server to a new version

  • After updating the One Identity Manager database schema, restart the API Server. The API Server is updated automatically.

To update the Operations Support Web Portal to a new version

  • (As from version 8.1.x) After updating the API Server, the Operations Support Web Portal is also current.

  • (As from version 8.0.x)

    1. Uninstall the Operations Support Web Portal.

    2. Install an API Server. For more instructions, see the One Identity Manager Installation Guide.

To update the Manager web application to a new version

  1. Uninstall the Manager web application.

  2. Reinstall the Manager web application.

  3. The Manager default user requires write permissions to the Internet Information Services web application installation directory so that Manager web applications can be updated automatically. Check that the correct permissions are allocated.

Detailed information about this topic
Related Documents

The document was helpful.

Select Rating

I easily found the information I needed.

Select Rating