Chat now with support
Chat with Support

Identity Manager 8.0 - Installation Guide

About this Guide One Identity Manager Overview Installation Prerequisites Installing the One Identity Manager Installing and Configuring the One Identity Manager Service Updating the One Identity Manager Installing and Updating a One Identity Manager Application Server Installing, Configuring and Maintaining the Web Portal Installing the Operations Support Web Portal Installing and Updating the Manager Web Application Logging into One Identity Manager Tools Troubleshooting Appendix: One Identity Manager Authentication Modules Appendix: Creating a One Identity Manager Database for a Test or Development Environment from a Database Backup Appendix: Manager Web Application Extended Configuration Appendix: Machine Roles and Installation Packages Appendix: Settings for a New SQL Server Database

Permissions for Oracle Database Users

Permissions for Oracle Database Users

You should set up your own database user to use the database. You can create the database user with the Configuration Wizard or manually.

NOTE: The database users involved, must get their permissions directly. When the permissions are assigned through database roles it may lead to Oracle errors when data queries are executed because of permission restrictions.

Permissions for Oracle Database Installations

The following permissions are required for an Oracle Database installation, in addition to default privileges, to use functionality in full.

Table 15: Permissions for Database Users

Permission

Required For

GRANT ALTER SESSION TO <user>

Changing own user session settings.

GRANT ANALYZE ANY TO <user>

The permissions are used to execute the procedure DBMS_STATS.FLUSH_DATABASE_MONITORING_INFO while calculating statistics , These permissions are not required if no statistics are being determined.

GRANT CONNECT TO <user>

Connecting database.

GRANT CREATE JOB TO <user>

Creating database schedules.

GRANT CREATE PROCEDURE TO <user>

Creating schema objects.

GRANT CREATE SEQUENCE TO <user>

Creating schema objects.

GRANT CREATE SYNONYM TO <user>

Creating schema objects.

GRANT CREATE TABLE TO <user>

Creating schema objects.

GRANT CREATE TRIGGER TO <user>

Creating schema objects.

GRANT CREATE TYPE TO <user>

Creating schema objects.

GRANT CREATE VIEW TO <user>

Creating schema objects.

GRANT EXCEUTE ON DBMS_PIPE TO <user>

Communication of single processing steps concurrently with the DBQueue Processor main routine.

GRANT EXECUTE ON DBMS_CRYPTO TO <user>

Access to package for general encryption routines.

GRANT EXECUTE ON DBMS_LOCK TO <user>

Uses the sleep method for relaying processing in the DBQueue Processor, for example, to wait for single processing steps to end.

GRANT SELECT ON GV_$OSSTAT TO <user>

Loading information about the current server version.

GRANT SELECT ON GV_$SESSION TO <user>

Loading data from the current session. These permissions are also required to switch the database into single-user mode.

Setting up Permissions for Creating an HTTP Server

The One Identity Manager Service log files can be displayed through an HTTP server (http://<server name>:<port number>).

A user must have the appropriate permissions in order to open an HTTP server. The administrator must grant URL approval to the user to do this. This can be executed with the following command line call:

netsh http add urlacl url=http://*:<port number>/ user=<domain>\<user name>

If the One Identity Manager Service has to run under the Network Service (NT Authority\NetworkService) user account, explicit permissions for the internal web service must be granted under Windows Server 2008 (R2). This can be executed with the following command line call:

netsh http add urlacl url=http://<IP address>:<port number>/ user="NT AUTHORITY\NETWORKSERVICE"

The result can also be verified using the following command line call:

netsh http show urlacl

Communications Port and Firewall Configuration

One Identity Manager is made up of several components that can be executed in different network segments. In addition, One Identity Manager requires access to various network services, which can also be installed in different network segments. You must open various ports depending on which components and services you want to install behind the firewall.

The following ports are required:

Table 16: Communications port
Default port Description

SQL Server: 1433

Oracle: 1521

Port for communicating with the database.

1880

Port for the HTTP based protocol of the One Identity Manager Service.

2880

Port for access tests with the Synchronization Editor.

80

Port for accessing web applications.

88

Kerberos authentication system. (if Kerberos authentication is implemented).

135 Microsoft EPMAP (End Point Mapper) (also DCE/RPC Locator Service)
137 NetBIOS Name Service
139 NetBIOS Session Service

Other ports for connecting to target systems are also required. These ports are listed in the corresponding guides.

Installing the One Identity Manager

Installing One Identity Manager

The following steps are required to install One Identity Manager.

  1. Installation of One Identity Manager tools on the administrative workstation on which the One Identity Manager database schema installation will be started.
  2. Installation of the One Identity Manager schema with the Configuration Wizard.
  3. Setting up the server, which handles the SQL processes.
    1. This server must be entered in the database as a Job server with the server function "SQL processing server".
    2. A One Identity Manager Service with direct access to the One Identity Manager database must be installed and configured on the server.

    		 NOTE: Several SQL processing servers can be set up to spread the load of SQL processes.
  4. Setting up an update server for automatic software updating of other servers.
    1. This server must be entered in the database as a Job server with the server function "Update server".
    2. A One Identity Manager Service with direct access to the One Identity Manager database must be installed and configured on the server.

 NOTE: You can proceed with setting up an SQL processing server and the update server using the Configuration Wizard. For more information, see Installing the One Identity Manager Service for the Database.

You can also install the following:

  • Install more workstations
  • Install more server with One Identity Manager Service
  • Install an application server
  • Install the Web Portal on a Web server
  • Install the Manager web application on a Web server

  • Install more Web services like SPML Web service or SOAP Web Service.

    For detailed information about installing the web service, see the One Identity Manager Configuration Guide.

You can install and update One Identity Manager on the following types.

  • Use the installation wizards to install One Identity Manager components on workstations for the first time.
  • Use the installation wizards to install the One Identity Manager Service on servers for the first time or remote with the Server Installer.
  • To update an existing installation use the auto update software.
  • Use the installation wizard to manually update individual workstations and servers.

Fore more detailed information about updating the One Identity Manager, see Updating One Identity Manager.

Detailed information about this topic
Related Documents