Chat now with support
Chat with Support

Identity Manager 9.2 - Installation Guide

About this guide One Identity Manager overview Installation prerequisites Installing One Identity Manager Installing and configuring the One Identity Manager Service Automatic updating of One Identity Manager Updating One Identity Manager Installing additional modules for a existing One Identity Manager installation Installing and updating an application server Installing the API Server Installing, configuring, and maintaining the Web Designer Web Portal Installing and updating the Manager web application Logging in to One Identity Manager tools Troubleshooting Advanced configuration of the Manager web application Machine roles and installation packages Configuration parameters for the email notification system How to configure the One Identity Manager database using SQL Server AlwaysOn availability groups

Updating One Identity Manager components with the installation wizard

NOTE: You can use the automatic software update method for updating workstations and servers. For more information, see Automatic updating of One Identity Manager.

In some cases it may be necessary to update the workstations and servers manually using the installation wizard. This may be required, for example, if there are a significant number of new changes with a One Identity Manager version update that do not allow the use of automatic update.

NOTE: If you change versions or add more modules to an existing One Identity Manager installation, use the installation wizard to update the workstation that the One Identity Manager database schema installation starts on.

To update a workstation using the installation wizard

  1. Run the program autorun.exe from the root directory on the One Identity Manager installation medium.

  2. Change to the Installation tab. Select the edition that you installed.

  3. Click Install.

    This starts the installation wizard.

  4. Select the language for the installation wizard on the start page and click Next.

  5. Confirm the conditions of the license.

  6. On the Installation settings page, enter the following information.

    • Installation source: Select the directory containing the installation files.

    • Installation directory: Select your current installation directory. Otherwise, the components are not updated and a new installation is created in the second directory instead.

      NOTE: To make additional changes to the configuration settings, click on the arrow button next to the input field. Here, you can specify whether you are installing on a 64-bit or a 32-bit operating system.

      For a default installation, no further configuration settings are necessary.

    • Select installation modules using the database: Set this option to load the installation data using the existing One Identity Manager database.

      NOTE: Leave this option empty to install the workstation on which you start the One Identity Manager schema installation.

    • Add further modules to the selected edition: Set this option to add additional One Identity Manager modules to the selected edition.

  7. Enter the database connection data on Connect to database.

    NOTE: This page is only shown if you have set the Select installation modules with existing database option.

    • Select the connection in Select a database connection.

      - OR -

    • Click Add new connection, select the SQL Server system type, and enter the connection data.

      • Server: Database server.

      • (Optional) Windows Authentication: Specifies whether the integrated Windows authentication is used. This type of authentication is not recommended. If you decide to use it anyway, ensure that your environment supports Windows authentication.

      • User: The user's SQL Server login name.

      • Password: Password for the user's SQL Server login.

      • Database: Select the database.

  8. On the Module selection page, also select the modules to be installed.

    NOTE: This page is only shown if you set the option Add more modules to the selected edition.

  9. On the Assign machine roles page, define the machine roles.

    NOTE: Machine roles matching the existing installation are already enabled.

  10. On the Install WebView2 page you are prompted to install Microsoft Edge WebView2. The user interface of some One Identity Manager components requires Microsoft Edge WebView2 to display certain content.

    NOTE: This page is only shown if you want to install One Identity Manager components that are expecting WebView2 and WebView2 is not yet installed.

  11. You can start different programs for further installation on the last page of the install wizard.

    • To install the One Identity Manager schema, start the Configuration Wizard and follow the Configuration Wizard instructions.

      NOTE: Perform this step only on the workstation on which you start the installation of the One Identity Manager schema.

    • To create the configuration of the One Identity Manager Service, start the Job Service Configuration program.

      NOTE: Run this step only on servers on which you have installed the One Identity Manager Service.

  1. Click Finish to close the installation wizard.

  2. Close the autorun program.

To update the One Identity Manager Service using the installation wizard

  1. Open the service management of the server and close the One Identity Manager Service.

  2. Update the One Identity Manager components with the installation wizard.

    IMPORTANT: On the Installation Settings page, select the directory for your current installation as the installation directory. Otherwise, the components are not updated and a new installation is created in the second directory instead.

  3. Check the login credentials of the One Identity Manager Service. Specify the service account to use.

  4. Start the One Identity Manager Service in service management.

Updating the One Identity Manager database

Automatic version control is integrated into One Identity Manager, ensuring that One Identity Manager components are always consistent with each other and with the database. If program extensions that change the structure are implemented - for example, table extensions - the database needs to be updated.

You need to update the database if hotfixes and service packs are available for the version of One Identity Manager you are currently running or for complete version updates. In addition, customer-specific changes must be transferred from a development database into the test database and into the production system database.

IMPORTANT: Test changes in a test system before you load a transport package into a live system.

You can customize the One Identity Manager schema by loading so-called transport packages. One Identity Manager recognizes the following types of transport packages that can be copied to the database depending on requirements.

Table 23: Transport package
Transport package type Description Tool used

Migration package

Migration packages are provided by for the initial database schema installation, for service pack and complete version updates. A migration package contains all the necessary tables, data types, database procedures, and the default One Identity Manager configuration.

Configuration Wizard

Hotfix package

Hotfix packages are provided to load individual corrections to the default configuration such as templates, scripts, processes, or files into the database. Multiple hotfix packages are combined into one cumulative hotfix package.

NOTE: If a hotfix package only contains changed files, load these files into the database using the Software Loader file.

Database Transporter

Software Loader

Custom configuration package

A custom configuration package is used to exchange customer specific changes between the development, test, and productive system database. This transport package is created by the customer and loaded into the database.

Database Transporter

NOTE: If other configuration customizations are to be transferred to a One Identity Manager database in addition to a hotfix package, you can create a cumulative transport package to do this and, by using the Database Transporter, import the transport package into the target database.

Related topics

Advice on updating the One Identity Manager database

Note the following information when updating up the One Identity Manager database.

  • Test changes in a test system before you load a migration package in a production system. Use a copy of the production database for testing.

  • Before you update the One Identity Manager schema, ensure that the administrative system user, who is going to compile the database, has a password. Otherwise the schema update cannot be completed successfully.

  • Use the Configuration Wizard to update the One Identity Manager database if you have received a service pack or complete version update. The Configuration Wizard carries out the update of the schema and transfers the current status to the version history.

  • For One Identity Manager databases on SQL Servers, it is recommended, on performance grounds, that you set the database to the Simple recovery model for the duration of the schema update.

  • Start Configuration Wizard on an administrative workstation.

    Select a user who has at least administrative permissions for the One Identity Manager database to update the One Identity Manager schema with the Configuration Wizard.

    • Use the same user that you used to initially install the schema.

    • If you created an administrative user during schema installation, use that one.

    • If you selected a user with Windows authentication to install the schema, you must use the same one for updating.

    NOTE: If you want to change to the granular permissions concept when you upgrade from version 8.0.x to 9.2, user the installation user according to Users and permissions for the One Identity Manager database on an SQL Server.

    After updating One Identity Manager, change the connection parameters. This affect the connection credentials for the database (DialogDatabase), for example, the One Identity Manager Service, the application server, administration tools and configuration tools, web applications and web services, and the connection credentials in synchronization projects.

    If you want to switch to granular permissions when you update from 8.1.x, contact support. To access the Support Portal, go to https://support.oneidentity.com/identity-manager/.

  • For the period of the update, the database is set to single user mode. Close all existing connections to the database before starting the schema update.

  • After the update has completed, the database switches automatically to multi-user mode. If this is not possible, you receive a message in which you can manually switch to multi-user mode.

  • You may experience problems activating single-user mode when using database mirroring.

  • During the update, calculation tasks are queued in the database. These are processed by the DBQueue Processor. Processing calculation tasks may take some time depending on the amount of data and system performance.

    This is particularly the case if you save large amounts of historical data in the One Identity Manager database, such as change data or data from process handling.

    Therefore, ensure that you have configured an appropriate procedure for archiving the data before you update the database. For more information about archiving data, see the One Identity Manager Data Archiving Administration Guide.

  • To ensure that HTML applications are successfully compiled, you must download packages from the NPM repository. Ensure that the workstation you are compiling on, can establish a connection to the registry.npmjs.org:443 website.

    Alternatively, you can download packages from a proxy server and install them manually.

  • It is not recommended to perform an upgrade of the existing modules to a new One Identity Manager version and install additional modules at the same time. This may cause dependencies between modules to be constructed incorrectly. First update the existing modules to the new One Identity Manager version. Then restart the Configuration Wizard and install the additional modules.

Detailed information about this topic

Updating the One Identity Manager database with the Configuration Wizard

IMPORTANT: Test your changes in a test system before you load a migration package in a productive system. Use a copy of the production database for testing.

NOTE: Always start the Configuration Wizard on an administrative workstation!

To update a database

  1. Start the Configuration Wizard.

  2. On the Configuration Wizard home page, select the Update database option and click Next.

  3. On the Select database page, select the database and installation directory.

    1. Select the database connection in the Select a database connection pane. Select a user who at least has administrative permissions for the One Identity Manager database.

    2. In the Installation source pane, select the directory with the installation files.

  4. Configuration modules and version information are shown on the Product description page.

    1. Select the module you want to update.

    2. Confirm that you have an up-to-date backup of database.

    3. Confirm that the database consistency checks were run.

    4. Set Add other modules to select other modules.

  5. On the Select configuration modules page, select the additional modules and confirm the security prompt.

    NOTE: This page is only shown if you set Add more modules.

    If you add more modules, your custom administrative users obtain the permissions for this module.

  6. On the Database check page, errors are displayed that prevent the database from being processed. Correct the errors before you continue updating.

  7. On the Initiating the update page, you will go through the different phases in preparation for database update.

    NOTE: This page is only displayed when updating a database that has at least One Identity Manager version 8.2.

    This step-by-step preparation is intended to ensure that users are informed about the upcoming update and that processes can be shut down in a targeted manner.

    Alternatively, you can start the database update immediately. This skips the preparation phases.

    • Running through preparation phases (default)

      1. Wait until the Configuration Wizard has completed each phase of the database update preparations. The information about the phases is displayed.

      2. Click Next.

    • Starting the database update immediately

      1. Click the Click <here> to start the update immediately link.

      2. Click Next.

  8. Other users with existing connections to the database are displayed on the Active sessions page.

    • Disconnect the connections on order to start database processing.

  9. On the Create a new login for administrators page, decide which SQL server login to use for administrative users.

    NOTE: This page is only shown when updating a One Identity Manager database from version 8.0.x to version 9.2.

    If you want to switch to granular permissions when you update from version 8.1.x at a later date, contact support. To access the Support Portal, go to https://support.oneidentity.com/identity-manager/.

    You have the following options:

    • Create new SQL Server logins for the database: Select this option if you want to work with granular permissions.

      This sets up a new administrative login on the SQL Server.

      • Enter the login name, password, and password confirmation for the new SQL Server login.

      Later on in the process, the Configuration Wizard sets up additional SQL Server logins for the configuration user and the end user.

    • Use the current SQL Server login for the database: If you select this option, no other SQL server logins are created for the database. In this case, you cannot work with granular permissions concepts at SQL level.

      The user you specified is used to connect to the database.

  10. On the System administrator connection page, enter the login credentials for the database login with system administrator permissions.

    NOTE: This page is only shown if you are working with granular permissions and you have to make changes to the administration user's permissions.

  11. The installation steps are shown on the Processing database page. Installation and configuration of the database are automatically carried out by the Configuration Wizard.

    TIP: Set Advanced to obtain detailed information about processing steps and the migration log.

    1. During the update process, you must log in as an administrative user.

      1. Enter a user name and password for the administrative system user.

      2. Click Connect.

    2. Once processing is complete, click Next.

  12. On the Create SQL server logins page, enter the login name, the password, and password confirmation for the SQL Server logins for configuration users and end users.

    NOTE: The password must meet the Windows policy requirements for passwords.

    NOTE: This page is only shown when upgrading a One Identity Manager database from version 8.0 to version 9.2 if you have opted for granular permissions on the Create a new login for administrators page.

  13. On the System Information page, configure administrative system users for the One Identity Manager. Enter a password and password confirmation.

    NOTE: This page is only shown if the upgrade creates new administrative system users.

  14. You can configure the vendor notification on the page, Configure vendor notification.

    NOTE: This page is only shown of you have not yet enabled vendor notifications.

    If vendor notification is enabled, One Identity Manager generates a list of system settings once a month and sends it to One Identity. This list does not contain any personal data. The list will be reviewed by our customer support team, who will look for material changes in a proactive effort to identify potential issues before they materialize on your system. The lists may be used by our R&D staff for analysis, diagnosis, and replication for testing purposes. We will keep and refer to this information for as long as your company remains on support for this product.

    1. To use the function, set Enable vendor notification and enter your company's contact email address in Email address for contact.

      The email address is used as the sender address for notifying vendors.

    2. Set Disable vendor notification if you do not want to use this functionality.

  15. The Processing database tasks page is only shown if there are still DBQueue Processor tasks queued in the DBQueue that are prerequisite for installing the database. Once processing is complete, click Next.

  16. On the last page of the Configuration Wizard, click Finish.

Related topics
Related Documents

The document was helpful.

Select Rating

I easily found the information I needed.

Select Rating