Chat now with support
Chat with Support

Identity Manager 8.1.2 - Installation Guide

About this guide One Identity Manager overview Installation prerequisites Installing One Identity Manager Installing and configuring the One Identity Manager Service Automatic updating of One Identity Manager Updating One Identity Manager Installing and updating an application server Installing the API Server Installing, configuring, and maintaining the Web Portal Installing and updating the Manager web application Logging in to One Identity Manager tools Troubleshooting Creating a One Identity Manager database for a test or development environment from a database backup Advanced configuration of the Manager web application Machine roles and installation packages

Disabling automatic update

NOTE: If the Common | Autoupdate configuration parameter is deactivated, no automatic update is performed across the system.

Under certain circumstances, it is necessary to exclude individual workstations, server, or web applications.

Disabling automatic update on workstations

To disable automatic update locally on a workstation, set the HKEY_CURRENT_USER\Software\One Identity\One Identity Manager\Global\Settings\AutoUpdateEnabled="false" registry key.

This disables automatic updating completely on this workstation.

Disabling Job server automatic updating

Automatic update for Job servers is configured in the server entry. To exclude individual Job servers (for example the update server) from the automatic update, enable the following option for the Job server in the Designer: No automatic software update.

Disabling automatic update of the Web Portal

You can disable Web Portal updates in the database. If the property QBMWebApplication.AutoUpdateLevel is set to the value 1 (inactive), this web application can no longer be updated by the automatic software update.

Configuring automatic update of an application server

Configure automatic updating in the application server's web.config. You can adjust the behavior with the following statements:

<autoupdate>

<!-- <add key="off" value="true" /> -->

<add key="checkinterval" value="00:05:00"/>

<add key="inactivitytime" value="00:00:10"/>

</autoupdate>

Updating One Identity Manager

Updating One Identity Manager tools includes updating the One Identity Manager database and the existing installations on One Identity Manager network workstations and servers.

Database updates are necessary when hotfixes and service packs or complete version updates are available for One Identity Manager.

  • Hotfix

    A hotfix contains corrections to the default configuration of the current main version but no extension of functionality. A hotfix can supply patches for issues solved in synchronization projects.

  • Service pack

    A service pack contains minimal extensions of functionality and all the modifications since the last main version that were already included in the hotfixes. A service pack can supply patches with new functions for synchronization projects.

  • Version change

    A version change means that significant extensions of functionality have been made and involves a complete re-installation. A version change can supply milestones for updating synchronization projects. Milestones group together all patches for solved issues and patches required for new features of the previous version.

Detailed information about this topic

The update process for releasing a new One Identity Manager version

NOTE: Read the release notes for possible differing or additional steps for updating One Identity Manager.

To update the One Identity Manager to a new version

  1. In the Designer, carry out all consistency checks in the Database section.
    1. In the Designer, start the Consistency Editor by selecting the Database | Check data consistency menu item.
    2. In the Test options dialog click the icon .
    3. Activate all tests in the Database view and click OK.
    4. To start the check, select the Consistency check | Run menu item.

      All the database tests must be successful. Correct the errors. Some consistency checks offer repair methods for correcting errors.

  2. Update the administrative workstation on which the One Identity Manager database schema update will start.
    1. Execute the autorun.exe program from the root directory on the One Identity Manager installation medium.
    2. Change to the Installation tab. Select the edition that you installed.

    3. Click Install.

      This starts the installation wizard.

    4. Follow the installation instructions.

      IMPORTANT: On the Installation Settings page, select the directory for your current installation as the installation directory. Otherwise the components are not updated and a new installation is created in the second directory instead.
  3. (From version 7.0.x or version 7.1.x) End the One Identity Manager Service on the server that processes direct database queries.

    (From version 8.0.x or version 8.1.x). End the One Identity Manager Service on the update server.

  4. Create a back up of the One Identity Manager database.
  5. Check whether the database's compatibility level is set the 130 and change it if necessary.
  6. Run a schema update of the One Identity Manager database.

    • Start the Configuration Wizard on the administrative workstation.

      Select a user who has at least administrative permissions for the One Identity Manager database to update the One Identity Manager schema with the Configuration Wizard.

      • Use the same user that you used to initially install the schema.

      • If you created an administrative user during schema installation, use that one.

      • If you selected a user with Windows authentication to install the schema, you must use the same one for updating.

      NOTE: If you want to switch to the granular permissions concept when you upgrade from version 7.0.x, 7.1.x or 8.0.x to 8.1.2, you will also require an installation user in accordance with Users with granular permission for the One Identity Manager database on an SQL Server.

      After updating One Identity Manager, change the connection parameters. This affect the connection credentials for the database (DialogDatabase), for example, the One Identity Manager Service, the application server, administration, and configuration tools, web applications and web services, and the connection credentials in synchronization projects.

      If you want to switch to granular permissions when you update from 8.1.x, contact support. To access the Support Portal, go to https://support.oneidentity.com/identity-manager/.

  7. (From version 7.0.x or version 7.1.x) Update the One Identity Manager Service on the server that processes direct database queries.

    (From version 8.0.x or version 8.1.x). Update the One Identity Manager Service on the update server.

    1. Execute the program autorun.exe from the root directory on the One Identity Manager installation medium.

    2. Change to the Installation tab. Select the edition that you installed.

    3. Click Install.

      This starts the installation wizard.

    4. Follow the installation instructions.

      IMPORTANT: On the Installation Settings page, select the directory for your current installation as the installation directory. Otherwise the components are not updated and a new installation is created in the second directory instead.
  8. Check the One Identity Manager Service‘s login information. Revert to the original settings if the One Identity Manager Service did not initially use the local system account for logging in. Specify the service account to use.

  9. Start the One Identity Manager Service on the update server.

  10. Update other installations on workstations and servers.

    You can use the automatic software update method for updating existing installations.

    NOTE: In some cases it may be necessary to update the additional workstations and Job servers manually. This may be required, for example, if there are a significant number of new changes with a One Identity Manager version update that do not allow the use of automatic update.

To update synchronization projects to a new version

Any required changes to system connectors or the synchronization engine are made available when you update One Identity Manager. These changes must be applied to existing synchronization projects to prevent target system synchronizations that are already set up, from failing. Patches are available for this.

NOTE: Some patches are applied automatically. A process that migrates all existing synchronization project is queued in the Job queue to do this. To execute the process, the One Identity Manager Service must be started on the database server and on all the synchronization servers.

  • Check whether the DPR_Migrate_Shell process has been started successfully.

    If a patch could not be applied, for example because the target system was not available, you can apply the patch manually later.

For more detailed information about applying patches, see the One Identity Manager Target System Synchronization Reference Guide.

To update an application server to a new version

  • The application server starts updating automatically after the One Identity Manager database schema update.

  • To start the update manually, open the status page for the application in the browser and click Update immediately in the logged in user’s menu.

To update the Web Portal to a new version

NOTE: Ensure that the application server is updated before you update the Web Portal.
  • To update the Web Portal automatically, use a browser to connect to the runtime monitor http://<server name>/<application>/monitor and start the update of the web application.

  • To manually update the Web Portal, uninstall the existing Web Portal and install the Web Portal again.

To update an API Server to a new version

  • After updating the One Identity Manager database schema, restart the API Server. The API Server is updated automatically.

To update the Operations Support Web Portal to a new version

  • (As from version 8.1.x) After updating the API Server, compile the HTML application Operations Support Portal.

  • (As from version 8.0.x)

    1. Uninstall the Operations Support Web Portal.

    2. Install an API Server and compile the HTML application Operations Support Portal.

To update the Manager web application to a new version

  1. Uninstall the Manager web application.
  2. Reinstall the Manager web application.
  3. The Manager default user requires write access to the Internet Information Services web application installation directory so that Manager web applications can be updated automatically. Check that the correct permissions are allocated.
Detailed information about this topic

Updating One Identity Manager components

You can use the automatic software update method for updating the workstations and servers.

In some cases it may be necessary to update the workstations and servers manually using the installation wizard. This may be required, for example, if there are a significant number of new changes with a One Identity Manager version update that do not allow the use of automatic update.

NOTE: When changing versions, use the installation wizard to update the workstation on which the schema installation of the One Identity Manager database is started.

To update a workstation using the installation wizard

  1. Execute the program autorun.exe from the root directory on the One Identity Manager installation medium.

  2. Change to the Installation tab. Select the edition you have installed and click Install.

  3. This starts the installation wizard. Select the language for the installation wizard on the start page and click Next.

  4. Confirm the conditions of the license.

  5. On the Installation settings page, enter the following information.

    Table 25: Settings for the installation

    Setting

    Description

    Installation source

    Select the directory containing the installation files.

    Installation directory

    Select the directory of your previous One Identity Manager installation. Otherwise, the components are not updated and a new installation is created in the second directory instead.

    NOTE: To make additional changes to the configuration settings, click on the arrow button next to the input field. Here, you can specify whether you are installing on a 64-bit or a 32-bit operating system.

    For a standard installation, no further configuration settings are necessary.

    Select installation modules using the database

    Set this option to load the installation information using the existing One Identity Manager database.

    NOTE: Leave this option empty to install the workstation on which you start the One Identity Manager schema installation.

    Add further modules to the selected edition

    Set this option to add additional One Identity Manager modules to the selected edition

  6. On the Module selection page, also select the modules to be installed.

    NOTE: This page is only shown if you set the option Add more modules to the selected Edition.

  7. Enter the database connection data on Connect to database.

    NOTE: This page is only shown if you have set the Select installation modules with existing database option.

    1. Select the connection in Select a database connection.

      - OR -

      Click Add new connection, select a system type and enter connection data.

      Table 26: SQL Server database connection data
      Data Description

      Server

      Database server.

      Windows authentication

      Specifies whether integrated Windows authentication is used. This type of authentication is not recommended. If you decide to use it anyway, ensure that your environment supports Windows authentication.

      User

      SQL Server login name.

      Password

      SQL Server login password.

      Database

      Database.

    2. In the Authentication method pane, select the authentication module and enter the login data for the system user ID.

      The login data required depends on which authentication module you select.

  8. On the Assign machine roles page, define the machine roles.

    NOTE: The machine roles appropriate for the One Identity Manager modules are activated. All machine subroles are selected when you select the machine role. You can deselect individual packages.
  9. You can start different programs for further installation on the last page of the install wizard.

    • To install the One Identity Manager schema, start the Configuration Wizard and follow the Configuration Wizard instructions.

      NOTE: Perform this step only on the workstation on which you start the installation of the One Identity Manager schema.

    • To create the configuration of the One Identity Manager Service, start the Job Service Configuration program.

      NOTE: Execute this step only on servers on which you have installed the One Identity Manager Service.

  1. Click Finish to close the installation wizard.
  2. Close the autorun program.

To update the One Identity Manager Service using the installation wizard

  1. Open the service management of the server and close the One Identity Manager Service.
  2. Update the One Identity Manager components with the installation wizard.
  3. Check the login information of the One Identity Manager Service. Revert to the original settings if the One Identity Manager Service did not initially use the local system account for logging in. Specify the service account to use.
  4. Start the One Identity Manager Service in service management.
Related topics
Related Documents