Chat now with support
Chat with Support

Identity Manager 8.0 - Installation Guide

About this Guide One Identity Manager Overview Installation Prerequisites Installing the One Identity Manager Installing and Configuring the One Identity Manager Service Updating the One Identity Manager Installing and Updating a One Identity Manager Application Server Installing, Configuring and Maintaining the Web Portal Installing the Operations Support Web Portal Installing and Updating the Manager Web Application Logging into One Identity Manager Tools Troubleshooting Appendix: One Identity Manager Authentication Modules Appendix: Creating a One Identity Manager Database for a Test or Development Environment from a Database Backup Appendix: Manager Web Application Extended Configuration Appendix: Machine Roles and Installation Packages Appendix: Settings for a New SQL Server Database

Installing and Updating a One Identity Manager Application Server

Installing and Updating a One Identity Manager Application Server

The application server provides a connection pool for accessing the database. Clients send their queries to the application server, which processes the objects, for example, by determining values using templates and sending the results back to the clients. The data from the application is sent to the database when an object is saved.

NOTE: To use full text search in the Web Portal or the Manager, you need an application server with an search service installed on it.

Before installation ensure that the minimal hardware and software prerequisites are fulfilled on the server.

Detailed information about this topic

Installing a One Identity Manager Application Server

Installing a One Identity Manager Application Server

The application server provides a connection pool for accessing the database. Clients send their queries to the application server, which processes the objects, for example, by determining values using templates and sending the results back to the clients. The data from the application is sent to the database when an object is saved.

Before installation ensure that the minimal hardware and software prerequisites are fulfilled on the server.

IMPORTANT: Start the application server installation locally on the server.

To install an application server

  1. Execute the program autorun.exe from the root directory on the One Identity Manager installation medium.
  2. Go to the Installation tab and select the entry Web based components and click Install. Starts the Web Installer.
  3. Select Install application server on the Web Installer start page and click Next.
  4. Enter connection credential for the One Identity Manager database on the Database connection page and click Next.
  5. Configure the following settings on the Select setup target page and click Next.
    Table 41: Settings for the Installation Target
    Setting Description
    Application name Name used as application name, as in the title bar of the browser, for example.
    Target in IIS Internet Information Services web page on which to install the application.
    Enforce SSL Specifies whether insecure websites are available for installation. If the option is set, only sites secured by SSL can be used for installing. This setting is the default value. If this option is not set, insecure websites can be used for installing.

    URL

    The application's Uniform Resource Locator (URL).

    Install dedicated application pool

    Specifies whether an application pool is installed for each application. This allows applications to be set up independently of one another. If this option is set, each application is installed in its own application pool.

    Application pool

    The application pool to use. This can only be entered if the option Install dedicated application pool is not set.

    The application pool is formatted with the following syntax, if the default value "DefaultAppPool" is used.

    <application name>_POOL

    Identity

    Permissions for executing an application pool. A default identity or a user defined user account can be used.

    The user account is formatted with the following syntax, if the default value "ApplicationPoolIdentity" is used.

    IIS APPPOOL\<application name>_POOL

    If you want to authorize another user, click ... next to the text box and enter the user and password.

    Web Authentication

    Specifies the type for authentication against the web application. You have the following options:

    • Windows Authentication (Single Sign-On)

      The user is authenticated against the Internet Information Services using their Windows user account and the web application logs in the employee assigned to the user account as role-based. If single sign-on is not possible, the user is diverted to a login page. You can only select this authentication method is Windows authentication is installed.

    • Anonymous

      Login is possible without Windows authentication. The user is authenticated against the Internet Information Services and the web application anonymously and the web application is directed to a login page.

    Database authentication

    NOTE: You can only see this section if you have selected an SQL database connection in Database connection.

    Specifies the type for authentication against the One Identity Manager database. You have the following options:

    • Windows authentication

      The web application is authenticated against the One Identity Manager database using the Windows account under which your application pool is running. Login is possible with a user defined user account or a default identity for the application pool.

    • SQL Authentication

      Login is only possible through a user defined user accounts. Authentication is done using user name and password. This access data is saved in the web application configuration as computer specific encrypted.

  6. Specify machine roles on the Assign machine roles page and click Next.

    This enables the machine roles for the application server. The machine roles "Search Service" and "Search Indexing Service" are required for indexing the full text search. These machine roles are always used together.

    NOTE: If you want to use full text search in the Web Portal, you must have an application server installed with the search service.

  7. Specify the certificate for setting and test session tokens on the Set session token certificate and click Next.

    NOTE: The certificate must have a key length of at least 1024 bits.

    1. To create a new certificate
      • Select the item "Create new certificate" under Session token certificate.
      • Enter the issuer of the certificate under Certificate issuer.
      • Specify the length of the certificate's key under Key size.

        The certificate is entered in the application server's certificate management.

    2. To use an existing certificate
      • Select the entry "Use existing certificate" under Session token certificate.
      • Select the certificate under Select certificate
    3. To create a new certificate file
      • Select "Create new certificate" under Session token certificate.
      • Enter the issuer of the certificate under Certificate issuer.
      • Specify the length of the certificate's key under Key size.
  8. Specify the user account for automatic updating of the application server on the Set update credentials page.

    The user account is used to add or replace files in the application directory.

    • Set the option Use IIS credentials for update if you want to use the user account, under which the application is run, for updates.
    • Set the option Use other credentials for updates if you want to use another user account and enter the domain, user name and password for the user.

    NOTE: The following permissions are required for automatic updating:

    • The user account for updating required write permissions for the application directory.
    • The user account for updating requires the local security policy "Log on as a batch job".
    • The user account, under which the application pool runs, requires the local security policies "Replace a process level token" and "Adjust memory quotas for a process".
  9. Installation progress is displayed on the Setup is running page. After installation is complete, click Next.

    The Web Installer generates the web application and the corresponding configuration files (web.config) for each folder.

  10. Click Finish on the last page to end the program.

NOTE: Default values are used for the configuration settings during installation. You can keep these values. It is recommended you check the settings.

Related Topics

Updating a One Identity Manager Application Server

Updating a One Identity Manager Application Server

NOTE: It is recommended only to perform automatic update in special maintenance windows in which the application is not available to users and a reboot of the application can be done manually without causing any problems.

The application is updated automatically. To run an update, first load the files to be updated into the One Identity Manager database. The necessary files are loaded into the database and updated when a hotfix, a service pack or a full version update One Identity Manager is run.

The test is executed when the application starts and then at 5 minute intervals. New files are loaded from the database as they are identified. The files cannot be updated as long as the application is running because it locks the files whose changes result in rebooting the application and all active user session are lost. For this reason, updating takes place when the application is restarted.

The application is restarted automatically by the web server when it has been idle for a defined length of time. This may take some time or be prevented if continuous user requests.

To start the update manually, open the application's status page in the browser and select Update immediately from the current user's menu.

Related Topics

Displaying One Identity Manager Application Server Status

Displaying One Identity Manager Application Server Status

The application server can be reached over a browser under:

http://<server>/<application name>

https://<server>/<application name>

TIP: You can open the web server's status display in Job Queue Info. Select the menu item View | Server state in the Job Queue Info and display the web server's state on the Web servers tab by using Open in browser in the context menu.

You will see different status information. Status information for the application server are displayed as performance counters.

In addition, API documentation is available here.

Related Documents