Chat now with support
Chat with Support

Identity Manager 8.0 - Configuration Guide

One Identity Manager Software Architecture Working with the Designer Customizing the One Identity Manager Default Configuration Checking Data Consistency Compiling a One Identity Manager Database Working with Change Labels Basic System Configuration Data
One Identity Manager Authentication Module Database Connection Data Configuration Parameters for System Configuration Setting up the Mail Notification System Enabling More Languages for Displaying and Maintaining Data Displaying Country Information Setting Up and Configuring Schedules Password Policies in One Identity Manager Reloading Changes Dynamically TimeTrace Databases Machine Roles and Server Functions Files for Software Update Operating Systems in Use System Configuration Reports Using Predefined Database Queries Managing Custom Database Objects within a Database
The One Identity Manager Data Model Granting One Identity Manager Schema Permissions Working with the User Interface
Object definitions for the User Interface User Interface Navigation Forms for the User Interface Statistics in the One Identity Manager Extending the Launchpad Task Definitions for the User Interface Applications for Configuring the User Interface Icons and Images for Configuring the User Interface Language Dependent Data Representation
Process Orchestration in One Identity Manager
Declaring the Job Server One Identity Manager Service Configuration Handling Processes in the One Identity Manager
Tracking Changes with Process Monitoring Conditional Compilation using Preprocessor Conditions One Identity Manager Scripts Maintaining Mail Templates Reports in the One Identity Manager Custom schema extensions Transporting One Identity Manager Schema Customizations Importing Data Web Service Integration SOAP Web Service One Identity Manager as SPML Provisioning Service Provider Searching for Errors in the One Identity Manager Processing DBQueue Tasks One Identity Manager Configuration Files

Job Server Machine Roles

Specify which role the Job sever assumes in the One Identity Manager. Installation packages to be installed on the Job server are found depending on the selected machine role.

Table 189: Machine Role and Installation Package Options
Machine role Description of the Installation Package
Workstation  

Contains all basic components for installing tools on an administrative workstation.

Administrator

Contains One Identity Manager administration tools required by default users for fulfilling their task with One Identity Manager, As well as the tools, which ensure basic functionality for working with One Identity Manager, this includes the Manager as the main administration tools.

Configuration

Contains all One Identity Manager tools of the default user and additional programs for configuring the system. These include, for example, Configuration Wizard, Database Compiler, Database Transporter, Crypto Configuration, Designer, Web Designer and configuration tools for the One Identity Manager Service.

Development & Testing

Contains the One Identity Manager tools for developing and testing custom scripts and forms, for example, the System Debugger.

Monitoring

Contains One Identity Manager programs for monitoring the system status, for example Job Queue Info.

Documentation

 

 Contains One Identity Manager documentation in different languages.
Server  

Contains all the basic components for setting up a server.

Job server

Contains the One Identity Manager Service and basic processing components. Additional machine roles contain connectors for synchronizing individual target systems.

 NOTE: The machine roles "API" and Web" are shown additionally in the category Base Data | Installation | Machine roles. These are reserved for internal user and cannot be changed or assigned.
Related Topics

Job Server Statistic Information

Table 190: Configuration Parameter for Calculating Statistic Information
Configuration parameter Meaning
Common\JobQueueStats If this configuration parameter is set, One Identity Manager Service statistic data is written to the database (table JobQueueStats).
Common\JobQueueStats\MaxAge This configuration parameter specifies how many days the statistic data will be kept in the database.

This Job server statistic data is evaluated and creates a basis for configuration recommendations for Job server load intervals. The data for the last 100 days is included in the calculation of the configuration recommendations. You should take these recommendations into account when configuring One Identity Manager Service.

To find statistics

  • Set the configuration parameter "Common\JobQueueStats" in the Designer.
  • Set the Designer configuration parameter "Common\JobQueueStats\MaxAge" and enter the retention period for the statistics (in days).

New statistics are created for the Job server by each action in the Job queue (such as, adding, changing or deleting processes). The DBQueue Processor task QBMJobQueueStatsShrink compresses the statistics. The compression takes place for every hour prior to the current hour.

To display Job server statistics

  1. Select the category Base Data | Installation | Job server in the Designer.
  2. Start the Job Server Editor using the task Edit job server.
  3. Select the Job server to edit in the Job server overview.
  4. Select the columns with statistic information using Select columns... in the context menu.

    These columns are highlighted in the color in the view.

    Table 191: Columns for Displaying Statistic Information
    Column Name Meaning
    AverageLoad Average processes/hour Average number of processes per hour.
    MaxLoad Maximum processes/hour Maximum number of processes per hour.
    LoadDuration Recommended load interval (seconds) Configuration recommendation for the parameter "StartInterval" in the One Identity Manager Service configuration.
    StatisticsDuration Recommended statistic interval (seconds) Configuration recommendation for the parameter "StatisticInterval" in the One Identity Manager Service configuration.

Installing the One Identity Manager Service on the Job Server

Installing the One Identity Manager Service on the Job Server

You have the option to install certain Job servers remotely in the Job Server Editor. The remote installation wizard executes the following steps:

  • Installs the One Identity Manager Service components.
  • Configures the One Identity Manager Service.
  • Starts the One Identity Manager Service.
Prerequisites for Remote Installation
  • The Job server is entered in the database
  • There is a user account with sufficient permissions for installing the One Identity Manager Service.
  • Remote installation is only supported within a domain or a trusted domain.

To install the One Identity Manager Service remotely

  1. Select the category Base Data | Installation | Job server in the Designer.
  2. Start the Job Server Editor using the task Edit job server.
  3. Select the Job server to edit in the Job server overview.
  4. Select the Job server | Install service... from the menu.

    This starts the One Identity Manager Service remote installation wizard.

  5. Click Next.
  6. Enter the One Identity Manager Service configuration settings.

    Initial configuration of the service is already predefined for the database connection. To use this template, enter the connection data for process collection. In order to extend the configuration, each configuration section of the One Identity Manager Service is listed in the module list.

    • SQL Server

      Select Process collection | sqlProvider, click Connection string, click Edit and enter the following data.

      Table 192: SQL Server Database Connection Data
      Data Description

      Server

      Database server.

      Windows authentication

      Specifies whether Windows authentication is used.

      This type of authentication is not recommended. If you decide to use it anyway, ensure that your environment supports Windows authentication.

      User

      Database user.

      Password

      Database user password.

      Database

      Database.

    • Oracle Database

      Select Process collection | OracleJobProvider, click Connection string, click Edit and enter the following data.

      Table 193: Oracle Database Connection Data
      Data Description
      Direct access (without Oracle client) Set this option for direct access.

      Deactivate this option for access via Oracle Clients.

      Which connection data is required, depends on how this option is set.

      Server Database server.
      Port Oracle instance port.
      Service name Service name.
      User Oracle database user.
      Password Database user password.
      Data source TNS alias name from TNSNames.ora.
  7. Click Next.
  8. Specify the installation source. Select the directory with the installation files.
  9. If the database is encrypted, select the file with the private key.
  10. Enter the installation data.
    Table 194: Installation Data
    Data Description
    Computer Server on which to install and start the service from.
    Service account. User account data for the One Identity Manager Service. For more information about user account requirements, see the One Identity Manager Installation Guide.

    To enter a user account for the One Identity Manager Service

    • Set the option Local system account.

      This starts the One Identity Manager Service under the account "NT AUTHORITY\SYSTEM".

      - OR -

    • Enter user account, password and password confirmation.
    Installation account Data for the administrative user account to install the service.

    To enter an administrative user account for installation

    • Enable the option Current user.

      This uses the user account of the current user.

      - OR -

    • Enter user account, password and password confirmation.
  11. Click Next.

    Installation of the service occurs automatically and may take some time.

    NOTE: The One Identity Manager Service is entered in the server’s service administration with the name "One Identity Manager Service".

  12. Click Close to end the workflow wizard.

NOTE: Using the menu item Job server | Start HTTP request..., you can call up the One Identity Manager Service HTTP server for a Job server. This displays the various One Identity Manager Service services.

NOTE: If you are working with an encrypted One Identity Manager database, see the advice for working with an encrypted database in the One Identity Manager Installation Guide.

Related Topics

Customizing the One Identity Manager Service Configuration for a Job Server

Customizing the One Identity Manager Service Configuration for a Job Server

This configuration is already created when the One Identity Manager Service is installed. Use the Job Server Editor to modify each configuration setting.

 NOTE: You can also adjust the configuration settings in the program "Job Service Configuration".

To modify the One Identity Manager Service configuration

  1. Load the Job server configuration into the database. Configure and enable the schedule "Get configuration file from the Job server and write in the Job server configuration" in the Designer.
  2. Modify the Job Server Editor configuration.
  3. Deploy the modified configuration to the Job server.

To modify the One Identity Manager Service configuration on a Job server

  1. Select the category Base Data | Installation | Job server in the Designer.
  2. Start the Job Server Editor using the task Edit job server.
  3. Enable the One Identity Manager Service configure view.
  4. Select the Job server to edit in the Job server overview.
  5. Edit the configuration settings.

    TIP: Use the and buttons to change the configuration data.

  6. Save the configuration using .
  7. Use the button to test the configuration.
  8. Deploy the modified configuration to the Job server using Job server | Deploy Job server configuration from menu.

    This generates a process, which updates the configuration file on the Job server.

NOTE: Using the menu item Job server | Start HTTP request..., you can call up the One Identity Manager Service HTTP server for a Job server. This displays the various One Identity Manager Service services.

Related Topics
Related Documents