Chat now with support
Chat with Support

Identity Manager 9.3 - Installation Guide

About this guide One Identity Manager overview Installation prerequisites Installing One Identity Manager Installing and configuring the One Identity Manager Service Automatic updating of One Identity Manager Updating One Identity Manager Installing additional modules for a existing One Identity Manager installation Installing and updating an application server Installing and updating an API Server Installing and updating the Manager web application Logging in to One Identity Manager tools Troubleshooting Advanced configuration of the Manager web application Machine roles and installation packages Configuration parameters for the email notification system How to configure the One Identity Manager database using SQL Server AlwaysOn availability groups

Updating One Identity Manager

Updating One Identity Manager tools includes updating the One Identity Manager database and the existing installations on One Identity Manager network workstations and servers.

Database updates are necessary when hotfixes and service packs or complete version updates are available for One Identity Manager.

  • Hotfix

    A hotfix contains corrections to the default configuration of the current main version but no extension of functionality. A hotfix can supply patches for issues solved in synchronization projects.

  • Service pack

    A service pack contains minimal extensions of functionality and all the modifications since the last main version that were already included in the hotfixes. A service pack can supply patches with new functions for synchronization projects.

  • Version change

    A version change means that significant extensions of functionality have been made and involves a complete re-installation. A version change can supply milestones for updating synchronization projects. Milestones group together all patches for solved issues and patches required for new features of the previous version.

Detailed information about this topic

The update process for releasing a new One Identity Manager version

NOTE: Read the release notes for possible differing or additional steps for updating One Identity Manager.

To update the One Identity Manager to a new version

  1. In the Designer, carry out all consistency checks in the Database section.

    1. In the Designer, start the Consistency Editor with the Database > Check data consistency menu item.

    2. In the Test options dialog, click the icon .

    3. Enable all tests in the Database view and click OK.

    4. Start testing with the Consistency check > Run menu item.

      All the database tests must be successful. Correct the errors. Some consistency checks offer repair methods for correcting errors.

  2. Update the administrative workstation on which the One Identity Manager database schema update will start.

    1. Run the autorun.exe program from the root directory on the One Identity Manager installation medium.

    2. Change to the Installation tab. Select the edition that you installed.

    3. Click Install.

      This starts the installation wizard.

    4. Follow the installation instructions.

      IMPORTANT: On the Installation Settings page, select the directory for your current installation as the installation directory. Otherwise the components are not updated and a new installation is created in the second directory instead.

  3. End the One Identity Manager Service on the update server.

  4. Create a back up of the One Identity Manager database.

  5. Check whether the database's compatibility level is set the 160 and change it if necessary.

  6. Run a schema update of the One Identity Manager database.

    • Start the Configuration Wizard on the administrative workstation.

    • Select a user who has at least administrative permissions for the One Identity Manager database to update the One Identity Manager schema with the Configuration Wizard.

      • Use the same user that you used to initially install the schema.

      • If you created an administrative user during schema installation, use that one.

      • If you selected a user with Windows authentication to install the schema, you must use the same one for updating.

    • If you want to switch to the granular permissions concept when you upgrade from version 8.0.x to 9.3, use an installation user in accordance with Users and permissions for the One Identity Manager database on an SQL Server.

      After updating One Identity Manager, change the connection parameters. This affect the connection credentials for the database (DialogDatabase), for example, the One Identity Manager Service, the application server, administration tools and configuration tools, web applications and web services, and the connection credentials in synchronization projects.

    • If you want to switch to granular permissions when you update from 8.1.x, contact support. To access the Support Portal, go to https://support.oneidentity.com/identity-manager/.

  7. Update the One Identity Manager Service on the update server.

    1. Run the program autorun.exe from the root directory on the One Identity Manager installation medium.

    2. Change to the Installation tab. Select the edition that you installed.

    3. Click Install.

      This starts the installation wizard.

    4. Follow the installation instructions.

      IMPORTANT: On the Installation Settings page, select the directory for your current installation as the installation directory. Otherwise the components are not updated and a new installation is created in the second directory instead.

  8. Check the login credentials of the One Identity Manager Service. Specify the service account to use.

  9. Start the One Identity Manager Service on the update server.

  10. Update other installations on workstations and servers.

    You can use the automatic software update method for updating existing installations.

    NOTE: In some cases it may be necessary to update the additional workstations and Job servers manually. This may be required, for example, if there are a significant number of new changes with a One Identity Manager version update that do not allow the use of automatic update.

To update synchronization projects to a new version

Any required changes to system connectors or the synchronization engine are made available when you update One Identity Manager. These changes must be applied to existing synchronization projects to prevent target system synchronizations that are already set up, from failing. Patches are available for this.

NOTE: Some patches are applied automatically. A process that migrates all existing synchronization projects is queued in the Job queue to do this. To run the process, the One Identity Manager Service must be started on the database server and on all the synchronization servers.

  • Check whether the DPR_Migrate_Shell process has been started successfully.

    If a patch could not be applied, for example because the target system was not available, you can apply the patch manually later.

For more information about applying patches, see the One Identity Manager Target System Synchronization Reference Guide.

To update an application server to a new version

  • The application server starts updating automatically after the One Identity Manager database schema update.

  • To start the update manually, open the status page for the application in the browser and click Update immediately in the logged in user’s menu.

To update an API Server to a new version

  • After updating the One Identity Manager database schema, restart the API Server. The API Server is updated automatically.

To update the Manager web application to a new version

  1. Uninstall the Manager web application.

  2. Reinstall the Manager web application.

  3. The Manager default user requires write permissions to the Internet Information Services web application installation directory so that Manager web applications can be updated automatically. Check that the correct permissions are allocated.

Detailed information about this topic

Updating One Identity Manager components with the installation wizard

NOTE: You can use the automatic software update method for updating workstations and servers. For more information, see Automatic updating of One Identity Manager.

In some cases it may be necessary to update the workstations and servers manually using the installation wizard. This may be required, for example, if there are a significant number of new changes with a One Identity Manager version update that do not allow the use of automatic update.

NOTE: If you change versions or add more modules to an existing One Identity Manager installation, use the installation wizard to update the workstation that the One Identity Manager database schema installation starts on.

To update a workstation using the installation wizard

  1. Run the program autorun.exe from the root directory on the One Identity Manager installation medium.

  2. Change to the Installation tab. Select the edition that you installed.

  3. Click Install.

    This starts the installation wizard.

  4. Select the language for the installation wizard on the start page and click Next.

  5. Confirm the conditions of the license.

  6. On the Installation settings page, enter the following information.

    • Installation source: Select the directory containing the installation files.

    • Installation directory: Select your current installation directory. Otherwise, the components are not updated and a new installation is created in the second directory instead.

      NOTE: To make additional changes to the configuration settings, click on the arrow button next to the input field. Here, you can specify whether you are installing on a 64-bit or a 32-bit operating system.

      For a default installation, no further configuration settings are necessary.

    • Select installation modules using the database: Set this option to load the installation data using the existing One Identity Manager database.

      NOTE: Leave this option empty to install the workstation on which you start the One Identity Manager schema installation.

    • Add further modules to the selected edition: Set this option to add additional One Identity Manager modules to the selected edition.

  7. Enter the database connection data on Connect to database.

    NOTE: This page is only shown if you have set the Select installation modules with existing database option.

    • Select the connection in Select a database connection.

      - OR -

    • Click Add new connection, select the SQL Server system type, and enter the connection data.

      • Server: Database server.

      • Windows authentication: (Optional) Specifies whether the integrated Windows authentication is used. This type of authentication is not recommended. If you decide to use it anyway, ensure that your environment supports Windows authentication.

      • User: User's SQL login name.

      • Password: Password for the SQL user's login.

      • Database: List of possible databases on the database server. Select the database.

      • Encrypt communication: Specifies whether encryption is required for exchanging data between the client and server. Select the minimum encryption level. The encryption level that is actually used depends on the database server configuration. For more information, see the documentation from Microsoft.

        Permitted values are:

        • Optional: Communication is not encrypted.

        • Mandatory: Data exchange is encrypted. The Trust server certificate option, allows you to also specify whether to verify the server certificate.

        • Strict (SQL Server 2022 and Azure SQL): The data exchange is encrypted.  The server certificate is always verified.

      • Trust server certificate: If this option is enabled, the data exchange between the client and server is encrypted. However, the server certificate is not verified.

  8. On the Module selection page, also select the modules to be installed.

    NOTE: This page is only shown if you set the option Add more modules to the selected edition.

  9. On the Assign machine roles page, define the machine roles.

    NOTE: Machine roles matching the existing installation are already enabled.

  10. On the Install WebView2 page you are prompted to install Microsoft Edge WebView2. The user interface of some One Identity Manager components requires Microsoft Edge WebView2 to display certain content.

    NOTE: This page is only shown if you want to install One Identity Manager components that are expecting WebView2 and WebView2 is not yet installed.

  11. You can start different programs for further installation on the last page of the install wizard.

    • To install the One Identity Manager schema, start the Configuration Wizard and follow the Configuration Wizard instructions.

      NOTE: Perform this step only on the workstation on which you start the installation of the One Identity Manager schema.

    • To create the configuration of the One Identity Manager Service, start the Job Service Configuration program.

      NOTE: Run this step only on servers on which you have installed the One Identity Manager Service.

  1. Click Finish to close the installation wizard.

  2. Close the autorun program.

To update the One Identity Manager Service using the installation wizard

  1. Open the service management of the server and close the One Identity Manager Service.

  2. Update the One Identity Manager components with the installation wizard.

    IMPORTANT: On the Installation Settings page, select the directory for your current installation as the installation directory. Otherwise, the components are not updated and a new installation is created in the second directory instead.

  3. Check the login credentials of the One Identity Manager Service. Specify the service account to use.

  4. Start the One Identity Manager Service in service management.

Updating the One Identity Manager database

Automatic version control is integrated into One Identity Manager, ensuring that One Identity Manager components are always consistent with each other and with the database. If program extensions that change the structure are implemented - for example, table extensions - the database needs to be updated.

You need to update the database if hotfixes and service packs are available for the version of One Identity Manager you are currently running or for complete version updates. In addition, customer-specific changes must be transferred from a development database into the test database and into the production system database.

IMPORTANT: Test the changes in a test system before you load a transport package into a live system.

You can customize the One Identity Manager schema by loading so-called transport packages. One Identity Manager recognizes the following types of transport packages that can be copied to the database depending on requirements.

Table 23: Transport package
Transport package type Description Tool used

Migration package

Migration packages are provided by for the initial database schema installation, for service pack and complete version updates. A migration package contains all the necessary tables, data types, database procedures, and the default One Identity Manager configuration.

Configuration Wizard

Hotfix package

Hotfix packages are provided to load individual corrections to the default configuration such as templates, scripts, processes, or files into the database. Multiple hotfix packages are combined into one cumulative hotfix package.

NOTE: If a hotfix package only contains changed files, load these files into the database using the Software Loader file.

Database Transporter

Software Loader

Custom configuration package

A custom configuration package is used to exchange customer specific changes between the development, test, and production system database. This transport package is created by the customer and loaded into the database.

Database Transporter

NOTE: If other configuration customizations are to be transferred to a One Identity Manager database in addition to a hotfix package, you can create a cumulative transport package to do this and, by using the Database Transporter, import the transport package into the target database.

Related topics
Related Documents

The document was helpful.

Select Rating

I easily found the information I needed.

Select Rating