Chat now with support
Chat with Support

Identity Manager 8.1 - Configuration Guide

About this guide One Identity Manager software architecture Customizing the One Identity Manager default configuration Adjusting the One Identity Manager base configuration One Identity Manager schema basics Editing the user interface
Object definitions for the user interface User interface navigation Forms for the user interface Statistics in One Identity Manager Extending the Launchpad Task definitions for the user interface Applications for configuring the user interface Icons and images for configuring the user interface Using predefined database queries
Localization in One Identity Manager Process orchestration in One Identity Manager
Setting up Job servers in Designer Configuring the One Identity Manager Service Handling processes in One Identity Manager
Tracking changes with process monitoring Conditional compilation using preprocessor conditions Scripts in One Identity Manager Reports in One Identity Manager Adding custom tables or columns to the One Identity Manager schema Web service integration SOAP Web Service One Identity Manager as SPML provisioning service provider Processing DBQueue tasks Appendix: Configuration files of the One Identity Manager Service

Enter the connection data for the application server

To enter connection data for the application server

  1. In Designer, select Base data | Security settings | Connection data.

  2. Using the Object | New menu item, enter new connection data.

  3. Enter the following information.

    Table 78: Properties of connection data

    Property

    Description

    Display name

    Display name of the connection data. Using this display name, you can select the connection data at the Job server entry.

    Fallback connection

    Label one of the sets of connection data for the application server as a Fallback connection. This connection data is used if you do not enter any reference to concrete connection data on the Job server.

    Provider

    For connection data for the application server, select Application Server.

    Connection parameter

    Enter the web address (URL) for the application server.

    Use the ... button to open the default connection dialog box, from which you can specify other options and test the connection.

    Authentication data

    Enter the authentication data

    Syntax:

    Module=<name>;<property1>=<value1>;<property2>=<value2>,…

    Example:

    Module=DialogUserAccountBased

    Use the ... button to open a dialog box from which you can select the authentication module directly. The authentication data is transferred when the dialog is closed.

    For detailed information about the One Identity Manager authentication modules, see the One Identity Manager Authorization and Authentication Guide.

Related Topics

Enter the connection data on the Job server

To declare the connection data on the Job server

  1. In the Designer, select the Base data | Installation | Job server category.
  2. Select the Job server to be edited in the Job server overview.
  3. Edit the following data on the Properties tab.
    • Enable the No direct database connection option for the Job server.
    • Under Connection data, select the connection data for the application server.
Related Topics

Installing the One Identity Manager Service on the Job server

You have the option to install certain Job servers remotely in the Job Server Editor. The remote installation wizard executes the following steps:

  • Installation of One Identity Manager Service components.
  • Configuration of One Identity Manager Service.
  • Starts the One Identity Manager Service.
Prerequisites for Remote Installation
  • The Job server is entered in the database
  • There is a user account with sufficient permissions for installing the One Identity Manager Service.
  • Remote installation is only supported within a domain or a trusted domain.

NOTE: If you are working with an encrypted One Identity Manager database, see the notes on working with an encrypted database in the One Identity Manager Installation Guide.

To install the One Identity Manager Service remotely

  1. Select Base Data | Installation | Job server in Designer.
  2. Start the Job Server Editor using the Edit Job server task.
  3. Select the Job server to be edited in the Job server overview.
  4. Select the Job server | Install service menu item.

    This starts the One Identity Manager Service remote installation wizard.

  5. On the start page of the wizard, click Next.
  6. On the Configure service, enter the configuration settings of the One Identity Manager Service.

    Initial configuration of the service is already predefined for the database connection. To use this template, enter the connection data for process collection. In order to extend the configuration, each configuration section of the One Identity Manager Service is listed in the module list.

    1. For a direct connection to the database:
      1. Select Process collection | sqlprovider
      2. Click the Connection parameter entry and click the Edit button.
      3. Enter the connection data for the One Identity Manager database.

    2. For a connection to the application server:
      1. Select Process collection, click the Insert button and select AppServerJobProvider.
      2. Click the Connection parameter entry and click the Edit button.
      3. Enter the connection data for the application server.

      4. Click the Authentication data entry and click the Edit button.
      5. Select the authentication module. Depending on the authentication module, other data may be required, for example, user and password. For detailed information about the One Identity Manager authentication modules, see the One Identity Manager Authorization and Authentication Guide.
  7. On the Installation source and destination page, enter the following information.

    Table 79: Installation Data
    Data Description

    Installation directory

    Select the directory with the installation files.

    Private key

    If the database is encrypted, select the file with the private key.

    Computer Server on which to install and start the service from.
    Service account User account data for the One Identity Manager Service. For information about user account requirements, see the One Identity Manager Installation Guide.

    To enter a user account for the One Identity Manager Service

    • Set the option Local system account.

      This starts the One Identity Manager Service under the NT AUTHORITY\SYSTEM account.

      - OR -

    • Enter user account, password and password confirmation.
    Installation account Data for the administrative user account to install the service.

    To enter an administrative user account for installation

    • Enable Current user.

      This uses the user account of the current user.

      - OR -

    • Enter user account, password and password confirmation.
  8. Click Next to start installing the service.

    Installation of the service occurs automatically and may take some time.

  9. Click Close to end the workflow wizard.

NOTE: The service is entered with the name One Identity Manager Service in the server service management.

TIP: Use the Job server | Start HTTP request menu item to address the HTTP server of the One Identity Manager Service for a Job server and display the different services of the One Identity Manager Service.

Related Topics

Configuring the One Identity Manager Service

The One Identity Manager Service distributes the information managed in the One Identity Manager database across the network. The One Identity Manager Service performs data synchronization between the database and any connected target systems and executes actions at the database and file level. The One Identity Manager Service retrieves process steps from the JobQueue. Process steps are executed by process components. The One Identity Manager Service also creates an instance of the required process component and transfers the process step parameters. Decision logic monitors the execution of the process steps and determines how processing should continue depending on the results of the executed process components. The One Identity Manager Service enables parallel processing of process steps because it can create several instances of process components.

A Job provider function makes a Job destination process step available within the One Identity Manager Service. The Job destination function handles the process steps and returns a result to the Job provider. The Job provider evaluates the result.

The combination of a Job provider on one server and a Job destination on another server is called a "Job gate". The Job provider and Job destination are configured within the Jobgate such that they can communicate with each other.

Figure 28: Example of the mode of operation of the One Identity Manager Service

Table 80: One Identity Manager Service Provider
Provider

Description

MSSQLJobProvider The MSSQLJobProvider retrieves the process steps from the One Identity Manager database under SQL Server and sends them to a job destination.
FileJobProvider

In the FileJobProvider, process requests and results are read from and written to files. These files can be processed by the FileJobGate (FileJobDestination or FTPJobDestination). The data is transferred using these files.

FTPJobProvider

The FTPJobProvider is based on the function of the FileJobProvider. In the FTPJobProvider, process requests and results are read from and written to files. After the files have been created in the local directory, the FTPJobProvider connects to the FTP server and transfers the files to the server. A connection is also made to the FTP Server when it gets a signal and the data is collected.

HTTPJobProvider

The HTTPJobProvider receives process steps from a parent Job server. The data transfer is carried out by HTTP.

AppServerJobProvider

The AppServerJobProvider retrieves the process steps from the application server and sends them to a job destination.

Table 81: One Identity Manager Service Job Destinations
JobDestination Description
JobServiceDestination The JobServiceDestination is the One Identity Manager Service component that performs the actual handling of process steps. It requests the process steps from the Job provider, processes them with the process component and returns the result.
FileJobDestination The FileJobDestination handles the process steps provided by the FileJobGate (FileJobProvider or FTPJobProvider) and returns the results to the job provider.
FTPJobDestination The FTPJobDestination handles the process steps provided by the FileJobGate (FileJobProvider or FTPJobProvider) and returns the results to the job provider.
HTTPJobDestination The HTTPJobDestination sends process steps to a child Job server. The data transfer is carried out by HTTP.
Table 82: One Identity Manager Service Job Gates
Jobgate Description
HTTPJobGate Consisting of HTTPJobProvider and HTTPJobDestination.
FileJobGate Consisting of FileJobProvider, FileJobDestination, FTPJobProvider and FTPJobDestination. JobProvider and JobDestinations can be combined with each other.

Figure 29: Example Configuration for FileJobGate

Detailed information about this topic
Related Documents