Chat now with support
Chat with Support

Identity Manager 8.1 - Installation Guide

About this Guide One Identity Manager overview Installation prerequisites Installing One Identity Manager Installing and configuring the One Identity Manager Service Automatic updating of One Identity Manager Updating One Identity Manager Installing and updating an application server Installing the API Server Installing, configuring and maintaining the Web Portal Installing and updating the Manager web application Logging in to One Identity Manager tools Error handling Appendix: Creating a One Identity Manager database for a test or development environment from a database backup Appendix: Extended configuration of the Manager web application Appendix: Machine roles and installation packages Appendix: Settings for a new SQL Server database

Importing files with the Software Loader

NOTE:

  • Start Software Loader on an administrative workstation.

  • When selecting the base directory, ensure that a directory hierarchy is not created unintentionally.

  • For web applications, select the installation directory of the web application to ensure that the required subdirectories, for example the bin directory, are detected correctly.

  • For detailed information about how to import customer-defined files using the Software Loader, see the One Identity Manager Operational Guide.

To import files into a One Identity Manager database

  1. Open Launchpad and, in Change & Extend, select Import files for software update. This starts the Software Loader program.
  2. Select Import into database on the start page.
  3. On the Connect to database page, enter the connection data for the One Identity Manager database.
  4. Specify the file to be imported on Select files.
    1. Select the base directory where the files can be found.

      The status and file size of all the files in the selected directory are displayed in the file list.

      Table 34: Meaning of status
      Status Meaning
      Version unknown The file belongs to the known files but has not yet been loaded into the database. There is no version information in the database.
      Unknown file The file is new. The file is in the list of known files but has not been loaded in the database yet. There is no version information in the database.
      Version OK The file version matches the version in the database.
      Version modified The file version has been modified compared with the version in the database.
    2. Select the files you want to load into the One Identity Manager database.

      TIP:

      • Click a column in the table header to order the display by the selected column.
      • Press Shift + select or Ctrl + select to select more than one file.
      • To quickly select all files with Changed version as their status, select Open all directories and Open all modified files in the context menu. Files in subdirectories are only selected if the higher-level directories have already been opened.
  5. On the Select change label page, assign a change label to facilitate the exchange of files between various databases, such as the test database, development database, and live database.
    1. Select Assign files to following change label.
    2. Use the button next to the option to select the change label.
  6. The files are loaded straight from the One Identity Manager database.

  7. Specify other file settings on Assign machine roles.
    1. Assign a computer role to the files.
    2. (Optional) For more file settings, click ... next to the file names.
      Table 35: More file settings
      Setting Description
      Directory source Directory path in installation source.
      Create backup A copy must be made of the file during the automatic software update.
      No update The file is not updated by the automatic software update.
  8. Click Finish on the last page to end the program.
Related Topics

Installing and updating an application server

The application server provides a connection pool for accessing the database. Clients send their queries to the application server, which processes the objects, for example, by determining values using templates and sending the results back to the clients. The data from the application is sent to the database when an object is saved.

Before installation ensure that the minimal hardware and software prerequisites are fulfilled on the server.

Detailed information about this topic

Advice for installing an application server

  • If you want to run the One Identity Manager Service or the Designer through an application server, the application server requires at least configuration user permissions. Use the SQL Server login for connecting to the One Identity Manager database and for authenticating against the One Identity Manager database when you install the application server.

  • To limit permissions for end users, you can make other application servers available, which use the SQL Server login for end users.

  • To use the Web Portal or full text search in the Manager, you need an application server with a search service installed on it.

  • Start the application server installation locally on the server.

Installing an application server

IMPORTANT: Start the application server installation locally on the server.

To install an application server

  1. Launch autorun.exe from the root directory of the One Identity Manager installation medium.
  2. Go to the Installation tab and select the entry Web based components and click Install. Starts the Web Installer.
  3. Select Install application server on the Web Installer and click Next.
  4. On the Database connection page, enter the connection credentials for the One Identity Managerdatabase.
  5. Configure the following settings on the Select setup target page.
    Table 36: Settings for the installation target
    Setting Description
    Application name Name used as application name, as in the title bar of the browser, for example.
    Target in IIS Internet Information Services web page on which to install the application.
    Enforce SSL Specifies whether insecure websites are available for installation. If the option is set, only sites secured by SSL can be used for installing. This setting is the default value. If this option is not set, insecure websites can be used for installing.

    URL

    The application's Uniform Resource Locator (URL).

    Install dedicated application pool

    Specifies whether an application pool is installed for each application. This allows applications to be set up independently of one another. If this option is set, each application is installed in its own application pool.

    Application pool

    The application pool to use. This can only be entered if the option Install dedicated application pool is deactivated.

    If you use the DefaultAppPool default value, the application pool is defined using the following syntax:

    <application name>_POOL

    Identity

    Permissions for executing an application pool. A default identity or a user defined user account can be used.

    If you use the DefaultAppPool default value, the user account is defined using the following syntax:

    IIS APPPOOL\<application name>_POOL

    If you want to authorize another user, click ... next to the text box, activate the option Custom account, and enter the username and password.

    Web Authentication

    Specifies the type for authentication against the web application. You have the following options:

    • Windows Authentication (single sign-on)

      The user is authenticated against the Internet Information Services using their Windows user account and the web application performs a role-based login for the employee assigned to this user account. If single sign-on is not possible, the user is diverted to a login page. This authentication method can only be selected if Windows authentication is installed.

    • Anonymous

      Login is possible without Windows authentication. The user is authenticated anonymously against Internet Information Services and the web application, and the web login diverts to a login page.

    Database authentication

    NOTE: You can only see this section if you have selected an SQL database connection in the Database connection view.

    Specifies the type for authentication against the One Identity Manager database. You have the following options:

    • Windows Authentication

      The web application is authenticated against the One Identity Manager database with the Windows user account under which its application pool is running. Login is possible with a user defined user account or a default identity for the application pool.

    • SQL authentication

      Login is only possible through a user defined user accounts. Authentication is done using user name and password. This access data is saved in the web application configuration as computer specific encrypted.

  6. On the Assign machine roles page, define the machine roles.

    This enables the machine roles for the application server. The machine roles Search Service and Search Indexing Service are required for indexing the full text search. These machine roles are always used together.

    NOTE: If you want to use a Web Portal, you will need to use an application server with a search service installed.

  7. On the Set session token certificate page, you define the certificate for creating and checking session tokens.

    NOTE: The certificate must have a key length of at least 1024 Bits.

    1. To create a new certificate, enter the following information.
      1. Session token certificate: Select Create new certificate.
      2. Certificate issuer: Enter the issuer of the certificate.
      3. Key length: Specify the key length for the certificate.

      The certificate is entered in the application server's certificate management.

    2. To use an existing certificate, enter the following information.
      1. Session token certificate: Select the entry Use existing certificate.
      2. Select certificate: Select the certificate. 
    3. To generate a new certificate file, enter the following information.
      1. Session token certificate: Select Generate new certificate file.
      2. Certificate issuer: Enter the issuer of the certificate.
      3. Key length: Specify the key length for the certificate.
      4. Certificate file: Enter the directory path and name of the certificate file.

      The certificate file is stored in the specified directory in the web application.

  8. Specify the user account for automatic updating on the Set update credentials page. The user account is used to add or replace files in the application directory.

    • Use IIS credentials for update: Set this option to use the user account under which the application pool is executed for the updates.

    • Use other credentials for updates: To use a different user account, set this option. Specify the domain, the user name, and the user password.

  9. Installation progress is displayed on the Setup is running page. The Web Installer generates the web application and the corresponding configuration files (web.config) for each directory. After installation is complete, click Next.

  10. Click Finish on the last page to end the program.

  11. Close the autorun program.

NOTE: Default values are used for the configuration settings during installation. You can keep these values. It is recommended you check the settings.

Related Topics
Related Documents