Chat now with support
Chat with Support

Identity Manager 8.1 - Installation Guide

About this Guide One Identity Manager overview Installation prerequisites Installing One Identity Manager Installing and configuring the One Identity Manager Service Automatic updating of One Identity Manager Updating One Identity Manager Installing and updating an application server Installing the API Server Installing, configuring and maintaining the Web Portal Installing and updating the Manager web application Logging in to One Identity Manager tools Error handling Appendix: Creating a One Identity Manager database for a test or development environment from a database backup Appendix: Extended configuration of the Manager web application Appendix: Machine roles and installation packages Appendix: Settings for a new SQL Server database

Installing, configuring and maintaining the Web Portal

You can use the Web Installer to install, configure and update the Web Portal. The following describes the steps necessary for installing the Web Portal on a Windows server and for getting the standard version up and running. The configuration settings are explained using their corresponding, possible values.

Detailed information about this topic

Installing the Web Portal

The following describes how to the install the Web Portal. Please note the following information:

NOTES:

  • Before installation ensure that the minimum hardware and software prerequisites are fulfilled on the server.

  • Prepare an application server on which the search service for the Web Portal is installed.

  • Start the Web Portal installation locally on the server.

  • If you install the Web Portal with HTTPS, the transfer method for cookies is configured to use HTTPS in the Web Installer.

  • If you change the SSL settings for the Web Portal at a later time, you must manually update the value in the web.config configuration file.

  • Default values are used for the configuration settings during installation. You can keep these values. Check the settings using the Web Designer Configuration Editor.

    To make a modification

    • Example: Enter the value <httpCookies requireSSL="true"> in the web.config under element <system.web>.

To install the Web Portal

  1. Launch autorun.exe from the root directory of the One Identity Manager installation medium.

  2. On the start page of the installation wizard, switch to the Installation tab in the navigation on the left.

  3. Click on Install next to Web-based components.

    Starts the Web Installer.

  4. On the Web Installer start page, click Install Web Portal.

  5. Click Next.

  6. On the Database connection page, do the following:

    • to use an existing connection to the One Identity Manager database, select it in the Select a database connection menu.

      - OR -

    • to create a new connection to the One Identity Manager database, click Add new connection and enter a new connection (see Configuring the database connection).

  7. Select the authentication method and enter the login data for the database under Authentication method.

  8. Click Next.

  9. Configure the following settings on the Select setup target page:

    Table 38: Settings for the installation target
    Setting Description
    Application name Name used as application name, as in the title bar of the browser, for example.
    Target in IIS Internet Information Services web page on which to install the application.
    Enforce SSL Specifies whether insecure websites are available for installation. If the option is set, only sites secured by SSL can be used for installing. This setting is the default value. If this option is not set, insecure websites can be used for installing.

    URL

    The application's Uniform Resource Locator (URL).

    Install dedicated application pool

    Specifies whether an application pool is installed for each application. This allows applications to be set up independently of one another. If this option is set, each application is installed in its own application pool.

    Application pool

    The application pool to use. This can only be entered if the option Install dedicated application pool is deactivated.

    If you use the DefaultAppPool default value, the application pool is defined using the following syntax:

    <application name>_POOL

    Identity

    Permissions for executing an application pool. A default identity or a user defined user account can be used.

    If you use the DefaultAppPool default value, the user account is defined using the following syntax:

    IIS APPPOOL\<application name>_POOL

    If you want to authorize another user, click ... next to the text box, activate the option Custom account, and enter the username and password.

    Web Authentication

    Specifies the type for authentication against the web application. You have the following options:

    • Windows Authentication (single sign-on)

      The user is authenticated against the Internet Information Services using their Windows user account and the web application performs a role-based login for the employee assigned to this user account. If single sign-on is not possible, the user is diverted to a login page. This authentication method can only be selected if Windows authentication is installed.

    • Anonymous

      Login is possible without Windows authentication. The user is authenticated anonymously against Internet Information Services and the web application, and the web login diverts to a login page.

    Database authentication

    NOTE: You can only see this section if you have selected an SQL database connection in the Database connection view.

    Specifies the type for authentication against the One Identity Manager database. You have the following options:

    • Windows Authentication

      The web application is authenticated against the One Identity Manager database with the Windows user account under which its application pool is running. Login is possible with a user defined user account or a default identity for the application pool.

    • SQL authentication

      Login is only possible through a user defined user accounts. Authentication is done using user name and password. This access data is saved in the web application configuration as computer specific encrypted.

  10. Click Next.

    If you have selected a direct database connection in step 4, the page Select application server appears. Application server data is required if you want to use full text search. You can enter the application server in the configuration file at a later date.

  11. (Optional) Configure the following settings on the Select application server page.

    NOTE: If you would like to use the full text search in the Web Portal, then you must specify an application server. You can enter the application server in the configuration file at a later date.

    NOTE: If using Windows authentication and the application server is located on a different host to that of the Web Portal, or if the application server uses a different user account for the application pool to that used by the Web Portal, then some further Active Directory settings must be configured (e.g. a Kerberos delegation).

    1. Click Select application server.

    2. In the dialog, enter the address of the application server on which the full text search service is installed into the URL field.

    3. Click OK.

  12. On the Select application server page, click Next.

  13. On the Installation source page, perform one of the following actions in the Installation source area:

    • to retrieve the installation data from the database, activate the Load from database option.

      - OR -

    • to retrieve the installation data from the installation media (e.g. from the hard drive), activate the Load from local folder option and enter the path.

  14. In the Web project list, select the desired web project and enter the authentication data if required:

    NOTE: If no further authentication settings are required, the message No authentication data required is displayed.

    1. Click .

    2. In the Authentication data dialog, click on a red project.

    3. Under Authentication method, specify the method and login data you would like to use.

    4. Repeat these steps for all other red projects.

    5. Click OK.

  15. On the Set update credentials page, specify the user account for automatic updating by activating one of the following options:

    NOTE: The user account is used to add or replace files in the application directory.

    • Use IIS credentials for update: Set this option to use the user account used by the application pool to run updates.

    • Use other credentials for updates: To use a different user account, set this option. Specify the domain, the user name, and the user password.

  16. Specify the user account for automatic updating on the Set update credentials page by activating one of the following options:

    NOTE: The user account is used to add or replace files in the application directory.

    • Use IIS credentials for update: Set this option to use the user account used by the application pool to run updates.

    • Use other credentials for updates: To use a different user account, set this option. Specify the domain, the user name, and the user password.

  17. Click Next.

    The Setup is running page opens and shows the progress of each installation step. The Web Installer generates the web application and the corresponding configuration files for each folder.

  18. Installation progress is displayed on the Setup is running page. The Web Installer generates the web application and the corresponding configuration files for each folder.

  19. Once installation is complete, click Next.

  20. On the Validate installation page, test the start of the web application. The base URL is displayed for mail distribution. If you wish to use a different URL, select this from the Change to field.

  21. Click Next.

  22. On the Wizard complete page, click Finish.

  23. Close the autorun program.

Related Topics

Updating the Web Portal

NOTE:

  • We recommend that you perform the automatic update only in specific maintenance windows, in which the application cannot be accessed by users and the application can be manually restarted with no risk.
  • The following permissions are required for automatic updating:
    • The user account for updating requires write permissions for the application directory.
    • The user account for updating requires the local security policy Log on as a batch job.
    • The user account running the application pool requires the local security policies Replace a process level token and Adjust memory quotas for a process.

The configuration settings for the automatic update of the web application are made in the configuration file web.config. You can do this using the Web Designer Configuration Editor.

To update the web application automatically

  1. Open the Runtime Monitor in the browser.

  2. On the Status tab, select one of the options Update now or Update when all user sessions are closed.

To update a web application manually

  • Uninstall the existing Web Portal and re-install the Web Portal.

Note that each write access to the web application's bin folder causes the web application to restart. This means that all active sessions in the application are closed and all unsaved data is lost. For this reason, you should only perform manual updates of the web application if no active session is running.

Related Topics

Uninstalling the Web Portal

To uninstall a web application

  1. Launch autorun.exe from the root directory of the One Identity Manager installation medium.

  2. On the start page o the installation wizard:

    1. Select the Installation tab.

    2. Select Web-based components and click Install.

      Starts the Web Installer.

  3. On the Web Installer start page, click Uninstall a One Identity Manager web application and click Next.

  4. The Uninstall a One Identity Manager web application page displays all installed web applications.

    1. Select the web application you want to remove by double-clicking it.

      The icon is displayed in front of the application.

    2. In the Authentication method area, select an authentication method and enter the corresponding login data.

    3. To start uninstalling the web application(s), click Next.

    1. Confirm the security prompt with Yes.

  5. The uninstall progress is displayed on the Setup is running page.

  6. Once installation is complete, click Next.

  7. On the Wizard complete page, click Finish.

  8. Close the autorun program.

Related Documents