Identity Manager 8.0 - Installation Guide

About this Guide One Identity Manager Overview Installation Prerequisites Installing the One Identity Manager Installing and Configuring the One Identity Manager Service Updating the One Identity Manager Installing and Updating a One Identity Manager Application Server Installing, Configuring and Maintaining the Web Portal Installing the Operations Support Web Portal Installing and Updating the Manager Web Application Logging into One Identity Manager Tools Troubleshooting Appendix: One Identity Manager Authentication Modules Appendix: Creating a One Identity Manager Database for a Test or Development Environment from a Database Backup Appendix: Manager Web Application Extended Configuration Appendix: Machine Roles and Installation Packages Appendix: Settings for a New SQL Server Database

Uninstalling a One Identity Manager Application Server

Uninstalling a One Identity Manager Application Server

To uninstall a web application

  1. To uninstall a web application, use the Web Installer.
    1. Execute the program autorun.exe from the root directory on the One Identity Manager installation medium.
    2. Go to the Installation tab and select Web-based components and click Install. This starts the Web Installer.

    - OR -

    1. Start the Web Installer from Start | One Identity | One Identity Manager | Configuration | Web Installer.
  2. Select Uninstall a One Identity Manager web application on the Web Installer start page and click Next.
  3. All installed web applications are displayed on the page, Uninstall a One Identity Manager web application.
    1. Select the web application you want to remove by double-clicking on it.
    2. Select the authentication module in the Authentication method section and authenticate yourself.
    3. Click Next to start uninstalling.
    4. Confirm the security prompt with Yes.
  4. The uninstall progress is displayed on the Setup is running page. After installation is complete, click Next.
  5. Click Finish on the last page to end the program.

Installing, Configuring and Maintaining the Web Portal

Installing, Configuring and Maintaining the Web Portal

You can use the Web Installer to install, configure and update the Web Portal. The following describes the steps necessary for installing the Web Portal on a Windows server and for getting the standard version up and running. The configuration settings are explained using their corresponding, possible values.

Detailed information about this topic

Installing the Web Portal

Installing the Web Portal

Before installation ensure that the minimal hardware and software prerequisites are fulfilled on the server.

NOTE: If you want to use full text search in the Web Portal, you must have an application server installed with the search service.

IMPORTANT: Start the Web Portal installation locally on the server.

To install the Web Portal

  1. Execute the program autorun.exe from the root directory on the One Identity Manager installation medium.
  2. Go to the Installation tab and select the entry Web based components and click Install. Starts the Web Installer.
  3. Select Install Web Portal on the Web Installer start page and click Next.
  4. Enter connection credential for the One Identity Manager database on the Database connection page and click Next.

    Different settings are displayed on the Select setup target page, depending on which database connection you use.

  5. Configure the following settings on the Select setup target page and click Next.
    Table 42: Settings for the Installation Target
    Setting Description
    Application name Name used as application name, as in the title bar of the browser, for example.
    Target in IIS Internet Information Services web page on which to install the application.
    Enforce SSL Specifies whether insecure websites are available for installation. If the option is set, only sites secured by SSL can be used for installing. This setting is the default value. If this option is not set, insecure websites can be used for installing.

    URL

    The application's Uniform Resource Locator (URL).

    Install dedicated application pool

    Specifies whether an application pool is installed for each application. This allows applications to be set up independently of one another. If this option is set, each application is installed in its own application pool.

    Application pool

    The application pool to use. This can only be entered if the option Install dedicated application pool is not set.

    The application pool is formatted with the following syntax, if the default value "DefaultAppPool" is used.

    <application name>_POOL

    Identity

    Permissions for executing an application pool. A default identity or a user defined user account can be used.

    The user account is formatted with the following syntax, if the default value "ApplicationPoolIdentity" is used.

    IIS APPPOOL\<application name>_POOL

    If you want to authorize another user, click ... next to the text box and enter the user and password.

    Web Authentication

    Specifies the type for authentication against the web application. You have the following options:

    • Windows Authentication (Single Sign-On)

      The user is authenticated against the Internet Information Services using their Windows user account and the web application logs in the employee assigned to the user account as role-based. If single sign-on is not possible, the user is diverted to a login page. You can only select this authentication method is Windows authentication is installed.

    • Anonymous

      Login is possible without Windows authentication. The user is authenticated against the Internet Information Services and the web application anonymously and the web application is directed to a login page.

    Database authentication

    NOTE: You can only see this section if you have selected an SQL database connection in Database connection.

    Specifies the type for authentication against the One Identity Manager database. You have the following options:

    • Windows authentication

      The web application is authenticated against the One Identity Manager database using the Windows account under which your application pool is running. Login is possible with a user defined user account or a default identity for the application pool.

    • SQL Authentication

      Login is only possible through a user defined user accounts. Authentication is done using user name and password. This access data is saved in the web application configuration as computer specific encrypted.

    If you have selected a direct database connection in step 4, the page Select application server is opened. Application server data is required if you want to use full text search. You can enter the application server in the configuration file at a later date.

  6. Enter the application server on which full text search is installed, on the Select application server page.
    1. Click the link Select application server.
    2. Enter the web address in URL:, confirm with OK and click Next.
  7. On the next page, specify the following extended settings for installing and click Next.
    1. Select the installation source in Installation source.
      • Select Load from database if files are to be found in the database.
      • If files are stored on the installation medium, select Install from local folder and enter the path.
    2. Select the desired web project in Web project.

      If you do not need to set more options, the message No authentication data required is displayed.

      If other settings are required, proceed as follows:

      • Click the button next to Authentication for sub projects is missing.
      • Mark the project marked in red in the edit window.
      • Select the desired authentication method under Authentication Methods and enter the required login data.
      • Click OK.

        For more information, see Web project.

    3. Specify the user account for automatic updating of the Web Portal under Set update credentials.

      The user account is used to add or replace files in the application directory.

      • Set the option Use IIS credentials for update if you want to use the user account, under which the application is run, for updates.
      • Set the option Use other credentials for updates if you want to use another user account and enter the domain, user name and password for the user.

      NOTE: The following permissions are required for automatic updating:

      • The user account for updating required write permissions for the application directory.
      • The user account for updating requires the local security policy "Log on as a batch job".
      • The user account, under which the application pool runs, requires the local security policies "Replace a process level token" and "Adjust memory quotas for a process".
  8. Installation progress is displayed on the Setup is running page. After installation is complete, click Next.

    The Web Installer generates the web application and the corresponding configuration files for each folder. You should be able to use the web application immediately.

    NOTE: If you install the web application with HTTPS, how cookies are transferred in HTTPS is set up in the Web Installer. Take into account that this value must be set manually if you make changes to the web application SSL settings at a later date.

  9. You can test starting the web application on the Validate installation page. The base URL is displayed for mail distribution. Select another URL in Change to if required and click Next.
  10. Click Finish on the last page to end the program.

To make a modification

  • Enter an example value <httpCookies requireSSL="true"> in web.config under the element <system.web>.

    The Web Installer uses the default value for most configuration settings. You can use these values normally. It is recommended you check the settings with the help of the Web Designer Configuration Editor.

Related Topics

Installing the Web Portal over the Command Line

Installing the Web Portal over the Command Line

An alternative to installing with autorun.exe is using the WebDesigner.InstallerCMD.exe in the command line console. This method can install or uninstall the Web Portal.

NOTE: You must in carry out installation using the command line console as an administrator.

Use /? to call up the help.

Calling syntax "Call help"

WebDesigner.InstallerCMD.exe

Calling syntax "Install Web Portal"

WebDesigner.InstallerCMD.exe [/prov {provider}] /conn {connectionstring} /authprops {authentication} /appname {appname}
/site {Site} [/sourcedir {dir}] [/apppool {AppPool}] [/webproject {Webproject}] [/constauthproj {subproject name}
/constauth {authentication}] [/searchserviceurl {url}] [/updateuser {username} [/updateuserdomain {domain}] [/updateuserpassword {password}]] [/allowhttp {true|false}] [-f] [-w] [-s]

Table 43: Program parameters
Parameters Description
/Prov Database provider.
/Conn Database connection parameter.
/authprops Authentication with dialog authentication.
/appname Application name.
/site Website.
/sourcedir Source directory when installing file system.
/apppool Application pool.
/webproject Name of the web project.
/constauthproj Name of sub project.
/constauth Authentication settings for the sub project.
/searchserviceurl Application server for search function availability.
/allowhttp Allow http.
/updateuser User for the update.
/updateuserdomain Active Directory domain for the update user.
/updateuserpassword Update user's password.
-W Windows authentication instead of anonymous on IIS.
Example of an installation with direct connection against an SQL Server database.

Make the following parameter settings in the example.

  • SQL Server database connection
  • In the default website
  • Application name "testqs"
  • Authentication with system user "testadmin"
  • As application server for search function availability
    https://dbserver.testdomain.lan/TestAppServer

  • Permit http

WebDesigner.InstallerCMD.exe /conn "Data Source=dbserver.testdomain.lan;Initial Catalog=IdentityManager;
Integrated Security=False;User ID=admin;Password=password"
/site "Default Web Site" /appname testqs
/authprops "Module=DialogUser;User=testadmin;Password="
/searchserviceurl https://dbserver.testdomain.lan/TestAppserver /allowhttp true

Example of an installation with a direct connection against an Oracle database

Make the following parameter settings in the example.

  • Oracle database connection
  • In the default website
  • Application name "testoraqs"
  • Authentication with system user "testadmin"
  • Authentication for the sub project "test_UserRegistration_Web"
    with system user "Subadmin"

WebDesigner.InstallerCMD.exe /prov "VI.DB.Oracle.ViOracleFactory, VI.DB.Oracle"
/conn "User Id=IdentityManager;
Password=Password;Server=testoraqs.lan;Direct=True;Service Name=test;Port=1521"
/site "Default Web Site" /appname testoraqs /authprops "Module=DialogUser;User=testadmin;Password="
/constauthproj test_UserRegistration_Web
/constauth "Module=DialogUser;User=Subadmin;Password="

Example of an installation with a connection against the application server

Make the following parameter settings in the example.

  • Connection to application
  • In the default website
  • Application name "testviaappserver"
  • with Windows authentication as web authentication
  • With update user "JohnDoe"
  • And update application "MyDomain.lan"

WebDesigner.InstallerCMD.exe /prov "QBM.AppServer.Client.ServiceClientFactory, QBM.AppServer.Client"
/conn "URL=https://test.lan/IdentityManagerAppServer/" /site "Default Web Site"
/appname testviaappserver
/authprops "Module=DialogUser;User=testadmin;Password=" -w /updateuser JohnDoe /updateuserdomain MyDomain.lan /updateuserpassword topsecret

Calling syntax "Authentication settings for the sub project"

WebDesigner.ConfigFileEditor.exe -constAuth ../web.config "test_UserRegistration_Web" "Module=DynamicPerson;User[test_USER]=xyz;(Password)Password[test_Password]=xyz;(Hidden)IgnoreMasterIdentities=;(Hidden)Product=Manager"

Table 44: Program parameters
Parameters Description
-constAuth Authentication settings for the sub project.

Make the following parameter settings in the example.

  • Authentication for the sub project "test_UserRegistration_Web"
    with the user "test_User".
Calling syntax "Uninstall Web Portal"

WebDesigner.InstallerCMD.exe [/prov {provider}] /conn {connectionstring} /authprops {authentication}
/appname {appname} [/site {Site}] -R

Table 45: Program parameters
Parameters Description
/Prov Database provider.
/Conn Database connection parameter.
/authprops Authentication with dialog authentication.
/appname Application name.
/site Website.
-r Removes the application.
Example of uninstalling the web application with a connection against an application server

WebDesigner.InstallerCMD.exe /prov "QBM.AppServer.Client.ServiceClientFactory, QBM.AppServer.Client"
/conn "URL=https://test.lan/IdentityManagerAppServer/"
/appname testviaappserver
/authprops "Module=DialogUser;User=testadmin;Password=" -R

Calling syntax "Uninstall earlier Web Portal versions (<=6.x)"

WebDesigner.InstallerCMD.exe /appname {appname} [/site {Site}] -R

Table 46: Program parameters
Parameters Description
/appname Application name.
/site Website.
-r Removes the application.
Related Documents