Identity Manager 8.0 - Installation Guide

About this Guide One Identity Manager Overview Installation Prerequisites Installing the One Identity Manager Installing and Configuring the One Identity Manager Service Updating the One Identity Manager Installing and Updating a One Identity Manager Application Server Installing, Configuring and Maintaining the Web Portal Installing the Operations Support Web Portal Installing and Updating the Manager Web Application Logging into One Identity Manager Tools Troubleshooting Appendix: One Identity Manager Authentication Modules Appendix: Creating a One Identity Manager Database for a Test or Development Environment from a Database Backup Appendix: Manager Web Application Extended Configuration Appendix: Machine Roles and Installation Packages Appendix: Settings for a New SQL Server Database

Logging into One Identity Manager Tools

Logging into One Identity Manager Tools

When you start one of the One Identity Manager tools, a default connection dialog box opens.

Figure 5: Default connection dialog

When you log in, you need to be aware of the difference between a database user and a user of individual One Identity Manager tools (system user). More than one system user may work with the same database account.

Login takes place in two steps:

  • Selecting the database connection to log in to the database
  • Selecting the authentication method and finding the system user for logging in

    Permitted system user IDs are determined by the authentication module you select. The One Identity Manager provides different authentication parameters.

NOTE: When you start the program, it tries to restore the last used connection. This might lead to a delay resulting in an error if you frequently swap between connections to other database servers.

To prevent the previous connection restoring, create the following registry key:

HKEY_CURRENT_USER\Software\One Identity\One Identity Manager\Global\Settings\[RestoreLastConnection]="false"

Detailed information about this topic

Logging into a One Identity Manager Database as a Database User

Logging into a One Identity Manager Database as a Database User

To select an existing connection

  • Select the connection under "Select Connection" in the connection dialog box.

NOTE: Newly created connection are only shown in the list after the program has been restarted.

To create a new connection to a One Identity Manager database under SQL Server

  1. Click Add new connection under "Select Connection" and select the system type SQL Server.
  2. Click Next.
  3. Enter the connection data for the database server.
    Table 50: SQL Server Database Connection Data
    Data Description

    Server

    Database server.

    Windows authentication

    Specifies whether Windows authentication is used.

    This type of authentication is not recommended. If you decide to use it anyway, ensure that your environment supports Windows authentication.

    User

    Database user.

    Password

    Database user password.

    Database

    Database.

  4. Select Test connection in the Options menu.

    This attempts to connect the database with the given connection data. You are prompted to confirm a message about the test.

    NOTE: Use Options | Advanced options to make further changes to the database connection configuration settings.

  5. Click Finished.

    Figure 6: Connection Data Dialog Box under SQL Server

To create a new connection to a One Identity Manager database under Oracle

  1. Click Add new connection under "Select Connection" and select the system type Oracle.
  2. Click Next.
  3. Enter the connection data for the Oracle instance.
    Table 51: Oracle Database Connection Data
    Data Description
    Direct access (without Oracle client) Set this option for direct access.

    Deactivate this option for access via Oracle Clients.

    Which connection data is required, depends on how this option is set.

    Server Database server.
    Port Oracle instance port.
    Service name Service name.
    User Oracle database user.
    Password Database user password.
    Data source TNS alias name from TNSNames.ora.
  4. Select Test connection in the Options menu.

    This attempts to connect the database with the given connection data. You are prompted to confirm a message about the test.

    NOTE: Use Options | Advanced options to make further changes to the database connection configuration settings.

  5. Click Finished.

    Figure 7: Connection Data Dialog Box under Oracle

To set up a new connection to the application server

  1. Click Add new connection under "Select Connection" and select the system type Application server.
  2. Click Next.
  3. Enter the address (URL) for the application server.
  4. If you access an application server secured through SSL/TLS, configure additional settings for the certificate:
    • If the certificate's server name matches the application server's URL and, if the server certificate can be successfully validated, the server name displayed in green next the URL. By clicking on the server name next to the URL, you can get information about the certificate. You can select a certificate required for logging in, under Pin server certificate.
    • If the certificate's server name does not match the application server's URL or, if the server certificate cannot be successfully verified, the server name displayed in red next the URL. You decide whether to trust the certificate.
    • If a client certificate is expected according to the SSL settings, select the certificate under Select client certificate and decide how to verify the certificate. You can choose between "Find by subject name", "Find by issuer name" and "Find by thumbprint".
    • If you want use a self-signed certificate, set the option Accept self-signed certificate.
  5. Select Test connection in the Options menu.

    This attempts to connect the database with the given connection data. You are prompted to confirm a message about the test.

    NOTE: Use Options | Advanced options to make further changes to the database connection configuration settings.

  6. Click Finished.

    Figure 8: Dialog box for connecting to the application server

To delete a connection

  1. Select the connection under "Select Connection".
  2. Press DEL.
  3. Confirm the security prompt with Yes.

    The database connection is no longer displayed in the connection dialog.

Related Topics

Logging into One Identity Manager Administration Tools as a System User

Logging into One Identity Manager Administration Tools as a System User

Following the database login, the user must log in as a system user to the started program. Permitted system user IDs are determined by the authentication module you select.

To log in to One Identity Manager tools with a system user identifier

  1. Select the authentication module under "Authentication method" in the connection dialog box.

    This displays a list of all available authentication modules.

  2. Enter the login data for the system user ID.

    Which login data you require depends on the authentication module selected.

  3. Click Log in.

    The connection data is saved and made available for the next login.

    Figure 9: Connection Dialog Box with Administration Tool Login

If you have entered a system user ID that is not supported by the selected authentication module, the following error message appears:

[810284] Failed to authenticate user.

[810015] Login for user {0} failed.

[810017] Wrong user name or password.

Repeat the login by selecting another authentication module or another system user ID.

NOTE: After initial schema installation, only the authentication modules "system user" and "ComponentAuthenticator" and the role-based authentication modules are enabled in the One Identity Manager.

Related Topics

Enabling other Authentication Modules

One Identity Manager uses different authentication modules for logging in to administration tools. Authentication modules identify the system users to be used and load the user interface and database resource editing permissions depending on their permission group memberships.

NOTE: After initial schema installation, only the authentication modules "system user" and "ComponentAuthenticator" and role-based authentication modules are enabled in the One Identity Manager.

Note: You can log into One Identity Manager tools with all authentication modules which can be selected in the user interface and are listed in the connection dialog box. If necessary, you should ensure that users determined through the authentication module, own the required permissions to use the program.

To enable other authentication modules

  1. Select the category Base Data | Security settings | Authentication modules in the Designer.
  2. Select the authentication module and set the option Enabled to "True".
  3. Save the changes to the database using Database | Commit to database....

  4. Click Save.

    This allows you to log in to the assigned application using this authentication module. Ensure that users found through the authentication module have the required permissions to use the program.

Related Topics
Related Documents