Chat now with support
Chat with Support

Identity Manager 8.0 - Installation Guide

About this Guide One Identity Manager Overview Installation Prerequisites Installing the One Identity Manager Installing and Configuring the One Identity Manager Service Updating the One Identity Manager Installing and Updating a One Identity Manager Application Server Installing, Configuring and Maintaining the Web Portal Installing the Operations Support Web Portal Installing and Updating the Manager Web Application Logging into One Identity Manager Tools Troubleshooting Appendix: One Identity Manager Authentication Modules Appendix: Creating a One Identity Manager Database for a Test or Development Environment from a Database Backup Appendix: Manager Web Application Extended Configuration Appendix: Machine Roles and Installation Packages Appendix: Settings for a New SQL Server Database

Using an Existing Empty Oracle Database User

Using an Existing Empty Oracle Database User

NOTE: Execute this step, if you want to install the One Identity Manager schema for an existing database user with Configuration Wizard.

A database user with the required permissions must be available. For more information, see Permissions for Oracle Database Users.

To use an existing empty database user in the Configuration Wizard

  1. Start the Configuration Wizard.
  2. Select the option Create and install a database on the start page of the Configuration Wizard.
  3. Enter the data for logging into the database server on the Create administrative connection page.
    1. Select the database system Oracle Database from Connection data.
    2. Enable Advanced.
    3. Enable the option Use an existing Oracle user for installation.
    4. Enter the connection data for the Oracle instance.
      Table 24: Oracle Database Connection Data
      Data Description
      Direct access (without Oracle client) Set this option for direct access.

      Deactivate this option for access via Oracle Clients.

      Which connection data is required, depends on how this option is set.

      Server Database server.
      Port Oracle instance port.
      Service name Service name.
      User Oracle database user.
      Password Database user password.
      Data source TNS alias name from TNSNames.ora.
    5. Select the directory with the installation files in the "Installation source" section.
  4. Select the configuration module on the Select configuration module.

    • If you started the Configuration Wizard from the install wizard, the configuration modules for the selected edition are already activated. Check the module selection in this case.
    • Select the configuration module at this point if you started the Configuration Wizard directly. Dependent configuration modules are selected automatically.
  5. Next step: The installation steps are shown in the Processing database page. Installation and configuration of the database is automatically carried out by the Configuration Wizard. For more information, see Editing the Database.
Related Topics

Editing the Database

The Configuration Wizard performs the following steps when processing the database:

  • Schema installation

    Before the schema installation can take place the Configuration Wizard tests the database. Error messages are displayed in a separate window. The errors must be corrected manually. The schema installation cannot be started until these are resolved.

    All the tables, data types, database procedures that are required are loaded into the database through migration. The database role basegroup" is added and these roles are given full permissions to the database objects. The selected Editions and configuration modules are enabled. During migration, calculation tasks are queued in the database. These are processed by the DBQueue Processor.

    When a schema is installed with the Configuration Wizard, migration date and migration revision are recorded in the database's transport history.

  • System compilation

    Scripts, templates and processes are declared in the database. The authentication module "system user" with the system user "viadmin" is used for compiling.

  • Automatic update

    In order to distribute One Identity Manager files using the automatic software updating mechanism, the files are loaded into the One Identity Manager database.

To run database processing in the Configuration Wizard

  1. The installation steps are shown in the Processing database page.

    Installation and configuration of the database is automatically carried out by the Configuration Wizard. This procedure may take some time depending on the amount of data and system performance.

    • Set the option Advanced to obtain detailed information about processing steps and the migration log.
    • Once processing is complete, click Next.
  2. Next step: Enter the customer data and create administrative users on the System information pageFor more information, see Entering System Data.
Related Topics

Entering System Data

A system user is required for authentication in One Identity Manager. One Identity Manager provides various system users whose permissions are matched to the different tasks. For more detailed information about system users, access rights and granting permissions, see the One Identity Manager Configuration Guide.

The system user "viadmin" is the default system user for the One Identity Manager. This system user can be used to compile and initialize the One Identity Manager database and for the first user login to the administration tools.

IMPORTANT: The system user "viadmin" is not for use in a live environment! Set up your own system users with the appropriate permissions.

To enter system data in the Configuration Wizard

  1. Enter the customer data and create administrative users on the System information page.
    1. Enter the company's full name in the "Customer data" section.
    2. Configure the predefined system users in the "system user" section and enter your own system users.
      • Enter a password and password confirmation for the predefined system users.
      • To create custom system users, click and enter the name, password and password confirmation.

        Custom system users are created as administrative system users by the Configuration Wizard. Administrative system users are automatically added to all non role-based permissions groups and are given "viadmin" system user permissions.

      TIP: Use <...> next to a system user's name to configure more settings for the system user. You can modify these settings later in the Designer.
    3. The Configuration Wizard creates custom permissions groups, which you can use to define permissions for any custom schema extensions you require.
      • The permissions groups "CCCViewPermissions" and "CCCEditPermissions" are created for non role-based login. Administrative system users are automatically added to these permissions groups.
      • The permissions groups "CCCViewRole" and "CCCEditRole" are created for role-based login.
    4. Create more permissions groups as required.
      • Set the Advanced option and click in the "Permissions groups" section.
      • Enter the name for the permissions group. Label your own permissions groups with the prefix 'CCC'
      • Set the option Role-based for your own permissions groups.
  2. Next step: On the Service installation page, install and configure the One Identity Manager Service for a Job sever with the server functions "SQL processing server" and "Update server". For more information, see Installing the One Identity Manager Service for the Database.

Installing the One Identity Manager Service for the Database

Installing the One Identity Manager Service for the Database

IMPORTANT: If you are working with an encrypted One Identity Manager database, see Advice for Working with an Encrypted One Identity Manager Database.

The One Identity Manager Service handles defined processes. The service has to be installed on the One Identity Manager network server to execute the processes. The server must be declared as a "Job server" in the One Identity Manager database.

A Job server installed with the One Identity Manager database is created already in the One Identity Manager database during initial schema installation. This Job server includes the server functions "SQL processing server" and "Update server".

The SQL processing server handles SQL processes. The update sever ensures that software is updated automatically on other servers.

The SQL processing server and the update server require a direct connection to the One Identity Manager database to handle processes. You use the Configuration Wizard to install the One Identity Manager Service on a server for handling these processes.

The Configuration Wizard executes the following steps.

  • Installs the One Identity Manager Service components
  • Configuring the One Identity Manager Service
  • Starting the One Identity Manager Service

NOTE: The program executes remote installation of the One Identity Manager Service. Remote installation is only supported within a domain or a trusted domain.

Local installation of the service is not possible with this program. If you started the Configuration Wizard on a server on which you also want to configure a One Identity Manager Service, you miss out the section "Installing a service server". Install the One Identity Manager Service with the installation wizard in this case.

To not install the One Identity Manager Service in the Configuration Wizard

  1. Set the option Skip service installation on the Service installation page.

  2. Click Finish on the last page of the Configuration Wizard.

To configure the One Identity Manager Service in the Configuration Wizard

  1. Enter the service's installation data on the Service installation page.

    1. Enter the following information to install the One Identity Manager Service.

      Table 25: Installation Data

      Data

      Description

      Computer

      Server on which to install and start the service from.

      To select a server

      • Enter a name for the server.

        - OR -

      • Select a entry from the list.

      Service account

      User account data for the One Identity Manager Service.

      To enter a user account for the service

      • Set the option Local system account.

        This starts the One Identity Manager Service under the account "NT AUTHORITY\SYSTEM".

        - OR -

      • Enter user account, password and password confirmation.

      Installation account

      Data for the administrative user account to install the service.

      To enter an administrative user account for installation

      • Enable Advanced.

      • Enable the option Current user.

        This uses the user account of the current user.

        - OR -

      • Enter user account, password and password confirmation.

      Machine role

      Specify the machine role. The machine role "Job server" is already specified, by default. You can add more machine roles.

    2. Check the One Identity Manager Service configuration. Enable Advanced.

      NOTE: The initial service configuration is predefined already. If further changes need to be made to the configuration, you can do this later with the Designer. For more detailed information about configuring the service, see the One Identity Manager Configuration Guide.

    3. Click Next to start installing the service.

      Installation of the service occurs automatically and may take some time.

  2. Click Finish on the last page of the Configuration Wizard.

NOTE: The service is entered with the name One Identity Manager Service in the server's service administration.

Related Topics
Related Documents