Chat now with support
Chat with Support

Identity Manager 8.1.2 - Installation Guide

About this guide One Identity Manager overview Installation prerequisites Installing One Identity Manager Installing and configuring the One Identity Manager Service Automatic updating of One Identity Manager Updating One Identity Manager Installing and updating an application server Installing the API Server Installing, configuring, and maintaining the Web Portal Installing and updating the Manager web application Logging in to One Identity Manager tools Troubleshooting Creating a One Identity Manager database for a test or development environment from a database backup Advanced configuration of the Manager web application Machine roles and installation packages

Editing a One Identity Manager database during setup using the Configuration Wizard

Installation and configuration of the One Identity Manager database is automatically carried out by the Configuration Wizard. The Configuration Wizard can create a new database and install the One Identity Manager schema. Alternatively, the One Identity Manager schema can be installed in an existing database.

The Configuration Wizard performs the following steps when processing the database:

  • Creates the required SQL Server logins and database users with permissions for the administrative user, configuration user and end user. For more information, see Users with granular permission for the One Identity Manager database on an SQL Server.
  • Installs the One Identity Manager schema.

    Before the schema installation can take place, the Configuration Wizard tests the database. Error messages are displayed in a separate window. The errors must be corrected manually. The schema installation cannot be started until these are resolved.

    All the tables, data types, or database procedures that are required are loaded into the database through migration. The selected editions and configuration modules are enabled. During migration, calculation tasks are queued in the database. These are processed by the DBQueue Processor.

    When a schema is installed with the Configuration Wizard, migration date and migration revision are recorded in the database's transport history.

  • Compiles the system.

    Scripts, templates, and processes are declared in the database. The System user authentication module with the viadmin system user is used for compilation.

  • Uploads files for automatic software update.

    In order to distribute One Identity Manager files using the automatic software updating mechanism, the files are loaded into the One Identity Manager database.

  • Creates administrative system users and permissions groups.

    A system user is required for authentication in One Identity Manager. One Identity Manager provides various system users whose permissions are matched to the various tasks. For detailed information about system users, access rights and granting permissions, see the One Identity Manager Authorization and Authentication Guide.

    The viadmin system user is the default system user in One Identity Manager. This system user can be used to compile and initialize the One Identity Manager database and for the first user login to the administration tools.

    IMPORTANT: Do not use the viadmin system user in a live environment. Create your own system user with the appropriate permissions.

    Custom system users are created as administrative system users by the Configuration Wizard. Administrative system users are automatically added to all non role-based permissions groups, and are assigned all permissions of the system user viadmin.

  • Installs and configures a One Identity Manager Service with direct access to the database for handling SQL processes and automatic server software updates.

    The One Identity Manager Service handles defined processes. The service has to be installed on the One Identity Manager network server to execute the processes. The server must be declared as a Job server in the One Identity Manager database.

    During the initial schema installation with the Configuration Wizard, in the One Identity Manager database a Job server is already created for the server on which the One Identity Manager database is installed. This Job server receives the server functions SQL processing server and Update server:

    • The SQL processing server handles SQL processes.
    • The update sever ensures that software is updated automatically on other servers.

    The SQL processing server and the update server require a direct connection to the One Identity Manager database to handle processes. Use the Configuration Wizard to install the One Identity Manager Service on a server for handling these processes.

    The Configuration Wizard executes the following steps.

    • Installs the One Identity Manager Service components.
    • Configures the One Identity Manager Service.
    • Starts the One Identity Manager Service.
Related topics

Configuring a One Identity Manager database for testing, development, or production

You use the staging level of the One Identity Manager database to specify whether the database is a test database, development database, or a live database. A number of database settings are controlled by the staging level. The following database settings are configured when you change the staging level.

Table 18: Database settings for development, test, and live environments
Setting Database staging level
Development environment Test environment Live environment

Color of the One Identity Manager tools status bar

None

Green

Yellow

Maximum DBQueue Processor runtime

20 minutes

40 minutes

120 minutes

Maximum number of slots for the DBQueue Processor

5

7

Maximum number of slots according to the hardware configuration

To modify a database staging level

  1. Open the Launchpad and select Database staging level. Starts the Designer.
  2. Select the database and change the value of the Staging level property to Test environment, Development environment, or Live environment.
  3. Select Database | Save to database and click Save.

The DBQueue Processor configuration settings are configured for normal operations and do not normally need to be modified. The configuration settings are reduced for test environments and development environments because several databases may be located on a server.

If it is necessary to change the settings for testing or development environments for reasons of performance, you must modify the following configuration parameter settings in the Designer.

Table 19: Configuration parameters for the DBQueue Processor
Configuration parameter Meaning
QBM | DBQueue | CountSlotsMax

This configuration parameter specifies the maximum number of slots to be used. Use this configuration parameter to reduce the number of slots if required. Values lower than 5 are not permitted.

Exception: Enter a value of 0 for using the maximum number of slots available based on the hardware configuration.

QBM | DBQueue | KeepAlive

This configuration parameter regulates the maximum runtime of the central dispatcher. Tasks on slots currently in use are still processed when the timeout expires. Then the slot database schedules are stopped and the central dispatches exits.

The lowest permitted value for runtime is 5 minutes; the maximum permitted value is 720 minutes.

Related topics

Encrypting database information

In certain circumstances, it is necessary to store encrypted information in the One Identity Manager database:

  • In the Designer, choose the Common | EncryptionScheme configuration parameter to define which encryption method to use. Permitted values are:

    • RSA: RSA encryption with AES for large data (default).

    • FIPSCompliantRSA: FIPS certified RSA with AES for large data. This method is used if encryption must match the FIPS 104-2 standard. The local security policy Use FIPS compliant algorithms for encryption, hashing, and signing must be enabled.

    NOTE: If the Common | EncryptionScheme configuration parameter is not set, RSA is used as the method.

  • Encryption is carried out using the Crypto Configuration program. With this program an encryption file is created and the contents of the database columns that are affected are converted. The encrypted data is stored in the DialogDatabase database table.

NOTE: It is recommended that you create a backup before encrypting the database information in a database. Then you can restore the previous state if necessary.

Detailed information about this topic

Creating a new database key and encrypting the database information

NOTE: It is recommended that you create a backup before encrypting the database information in a database. Then you can restore the previous state if necessary.

To create a new database key and encrypt the One Identity Manager database

  1. Open the Launchpad and select the Encrypt database entry. This starts the Crypto Configuration program.

  2. Click Next on the start page.
  3. On the New database connection page, enter the valid connection data for the One Identity Manager database and click Next.
  4. Select Create or change database key on the Select action page and click Next.
  5. Select There was no encryption yet on the Private key page and click Next.
  6. Create a new key on the New private key page.
    1. Click Create key.
    2. Select the directory path for saving the file using the file browser and enter a name for the key file.
    3. Click Save.

      The (*.key) key file is generated. The file browser is closed. The path and filename are displayed under Private key.

    4. Click Next.

      This establishes which data is encrypted.

  7. The date to be encrypted is displayed on the Convert database page.
    1. Click Convert.
    2. Confirm the following two security questions with Yes.

      The data encryption is started. Conversion progress is displayed.

    3. Click Next.
  8. Click Finish on the last page to end the program.
Related topics
Related Documents