Chat now with support
Chat with Support

Identity Manager 8.0.1 - Installation Guide

About this Guide One Identity Manager Overview Installation Prerequisites Installing the One Identity Manager Installing and Configuring the One Identity Manager Service Automatic Updating of the One Identity Manager Updating the One Identity Manager Installing and Updating a One Identity Manager Application Server Installing, Configuring and Maintaining the Web Portal Installing and Updating the Operations Support Web Portal Installing and Updating the Manager Web Application Logging into One Identity Manager Tools Troubleshooting Appendix: One Identity Manager Authentication Modules Appendix: Creating a One Identity Manager Database for a Test or Development Environment from a Database Backup Appendix: Manager Web Application Extended Configuration Appendix: Configuring Azure Active Directory OAuth Integration Appendix: Machine Roles and Installation Packages Appendix: Settings for a New SQL Server Database

About this Guide

This guide describes the installation and initial start up of the One Identity Manager. You will gain an overview of the One Identity Manager architecture and the functionality of the various One Identity Manager tools. You also gain information about which prerequisites you require for installing One Identity Manager, how to set up, install and update One Identity Manager components.

This guide is intended for end users, system administrators, consultants, analysts, and any other IT professionals using the product.

NOTE: This guide describes One Identity Manager functionality available to the default user. It is possible that not all the functions described here are available to you. This depends on your system configuration and permissions.

One Identity Manager Overview

One Identity Manager Overview

One Identity Manager simplifies the process of managing user identities, access permissions and security policies. You allow the company control over identity management and access decisions whilst the IT team can focus on their core competence.

With this product, you can:

  • Implement group management using self service and attestation for Active Directory with the One Identity Manager Active Directory Edition
  • Simplify access decisions for restructuring data with the One Identity Manager Data Governance Edition
  • Realize Access Governance demands cross-platform within your entire company with One Identity Manager

Every one of these scenario specific products is based on an automation-optimized architecture that addresses major identity and access management challenges at a fraction of the complexity, time, or expense of "traditional" solutions.

One Identity Manager Editions

One Identity Manager Editions

One Identity Manager is available in the following editions.

Table 1: One Identity Manager Editions
Edition Description

One Identity Manager

This edition contains all management modules (IT Shop & workflow, delegation, system role and business role management, role mining, risk assessment, attestation, compliance, company policies, report subscriptions) as well as Unified Namespace and connectors for Active Directory.

One Identity Manager Active Directory Edition

This editions contains all the functionality required for Active Directory support including connectors for Active Directory, attestation, IT Shop & workflows and report functions.

One Identity Manager Data Governance Edition

This editions contains the features required for data governance support including the connectors for Active Directory and SharePoint, risk assessment, attestation, compliance, company policies, delegation, report subscriptions and the Data Governance service.

One Identity Manager Architecture

One Identity Manager Architecture

Figure 1: Overview of One Identity Manager Components

One Identity Manager consists of the following components:

Database

The database represents the One Identity Manager kernel. It fulfills the main tasks, which are managing data and calculating inheritance. Object properties can be inherited along the hierarchical structures, such as, departments, cost centers, location or business roles. In the case of data management, the database maps the managed target systems, ERP structures as well as the compliance rules and access permissions.

The database is separated into two logical parts, payload and metadata. The payload contains all the information required to maintaining data, such as information about employees, user accounts, groups, memberships and operating data, approval workflows, attestation, recertification and compliance rules.

The metadata contains descriptions for the payload, such as, scripts for formatting rules and value templates or specific interaction. One Identity Manager’s entire system configuration, all the front-end control settings and the queues for asynchronous processing of data and processes are also part of the metadata.

Recalculation of inheritance is started by the database trigger logic. The triggers queue processing tasks in a task list called the "DBQueue". The DBQueue Processor processes these tasks and recalculates inheritance of the respective database objects. The table "Jobqueue" is used for storing processing tasks that are run from the object layer.

The database systems SQL Server or Oracle Database can be implemented.

Server Service

One Identity Manager uses so called 'processes' for mapping business processes. A process consists of process steps, which represent processing tasks and are joined by predecessor/successor relations. This functionality allows flexibility when linking up actions and sequences on object events. Processes are modeled using process templates. A process generator (Jobgenerator) is responsible for converting script templates in processes and process steps into a concrete process in the ’Job queue’.

The server service "One Identity Manager Service" ensures distribution in the network of data managed in the One Identity Manager database. The One Identity Manager Service performs data synchronization between the database and any connected target systems and executes actions at the database and file level. The One Identity Manager Service retrieves process steps from the JobQueue. Process steps are executed by process components. One Identity Manager Service also creates an instance of the required process component and passes the parameters to the process step. Decision logic monitors the execution of the process steps and determines how processing should continue depending on the results of the executed process components. The One Identity Manager Service enables parallel processing of process steps because it can create several instances of process components.

The One Identity Manager Service is the only One Identity Manager component authorized to make changes in the target system.

Application server

Clients connect to an application server storing business logic. The application server provides a connection pool for accessing the database and ensures a secure connection to the database. Clients send their queries to the application server, which processes the objects, for example, by determining values using templates and sending the results back to the clients. The data from the application is sent to the database when an object is saved.

Clients can alternatively work without external application servers, by keeping the object layer themselves and accessing the database layer directly. In this case, only the part of the object layer required for the acquisition process is mapped in the clients.

Web server

There is an application running on a web server based on a web page render engine for implemented browser-based user interfaces. Users use a web browser to access the website that has been dynamically set up and customized for them. Data exchange between database and web server can take place directly or through the application server.

Front-Ends

There are different front-ends for different tasks. For example, a different front-end is used to configure One Identity Manager as that for managing employee data. The contents to be displayed and the extent to which it can be altered is determined in conjunction with the access rights of the respective user through the object layer. Available front-end solutions are client and browser based.

Figure 2: Overview of One Identity Manager Components without Application Server

Related Topics
Self Service Tools
Knowledge Base
Notifications & Alerts
Product Support
Software Downloads
Technical Documentation
User Forums
Video Tutorials
RSS Feed
Contact Us
Licensing Assistance
Technical Support
View All
Related Documents