Identity Manager 8.1 - Installation Guide

About this Guide One Identity Manager overview Installation prerequisites Installing One Identity Manager Installing and configuring the One Identity Manager Service Automatic updating of One Identity Manager Updating One Identity Manager Installing and updating an application server Installing the API Server Installing, configuring and maintaining the Web Portal Installing and updating the Manager web application Logging in to One Identity Manager tools Error handling Appendix: Creating a One Identity Manager database for a test or development environment from a database backup Appendix: Extended configuration of the Manager web application Appendix: Machine roles and installation packages Appendix: Settings for a new SQL Server database

Minimum system requirements for the service server

The One Identity Manager Service enables the distribution of the information administrated in the One Identity Manager database throughout the network. The One Identity Manager Service performs data synchronization between the database and any connected target systems and executes actions at the database and file level.

The following system prerequisites must be fulfilled to install the One Identity Manager Service on a server.

Table 9: Minimum System Requirements - Services Server

Processor

8 physical cores 2.5 GHz+

Memory

16 GB RAM

Hard drive storage

40 GB

Operating system

Windows operating system

Following versions are supported:

  • Windows Server 2016

  • Windows Server 2012 R2

  • Windows Server 2012

  • Windows Server 2008 R2 (non-Itanium based 64-bit) Service Pack 1 or later

Linux operating system

  • Linux operating system (64-bit), supported by the Mono project, or Docker images provided by the Mono project.

Additional software

Windows operating system

  • Microsoft .NET Framework Version 4.7.2 or later

    NOTE: Take the target system manufacturer's recommendations for connecting the target system into account.

Linux operating system

  • Mono 5.14 or higher
Related Topics

Minimum system requirements for the web server

The following system prerequisites must be fulfilled to install web applications on a web server.

Table 10: System requirements - web server

Processor

4 physical cores 1.65 GHz+

Memory

4 GB RAM

Hard drive storage

40 GB

Operating system

Windows operating system

Following versions are supported:

  • Windows Server 2016

  • Windows Server 2012 R2

  • Windows Server 2012

  • Windows Server 2008 R2 (non-Itanium based 64-bit) Service Pack 1 or later

Linux operating systems

  • Linux operating system (64-bit), supported by the Mono project, or Docker images provided by the Mono project. Note the operating system manufacturer's minimum requirements for Apache HTTP Server.

Additional software

Windows operating systems

  • Microsoft .NET Framework Version 4.7.2 or later

  • Microsoft Internet Information Services 10 or 8.5 or 8 or 7.5 or 7 with ASP.NET 4.7.2 and the Role Services:
    • Web Server > Common HTTP Features > Static Content
    • Web Server > Common HTTP Features > Default Document
    • Web Server > Application Development > ASP.NET
    • Web Server > Application Development > .NET Extensibility
    • Web Server > Application Development > ISAPI Extensions
    • Web Server > Application Development > ISAPI Filters
    • Web Server > Security > Basic Authentication
    • Web Server > Security > Windows Authentication
    • Web Server > Performance > Static Content Compression
    • Web Server > Performance > Dynamic Content Compression

Linux Operating systems

  • NTP - Client
  • Mono 5.14 or higher
  • Apache HTTP Server 2.0 or 2.2 with the following modules:
    • mod_mono
    • rewrite
    • ssl (optional)

Minimum system requirements for the application server

The application server provides a connection pool for accessing the database and stores business logic. The following system prerequisites must be fulfilled for installation of the application server.

Table 11: System Requirements - Application Server

Processor

8 physical cores 2.5 GHz+

Memory

8 GB RAM

Hard drive storage

40 GB

Operating system

Windows operating systems

Following versions are supported:

  • Windows Server 2016

  • Windows Server 2012 R2

  • Windows Server 2012

  • Windows Server 2008 R2 (non-Itanium based 64-bit) Service Pack 1 or later

Linux operating systems

  • Linux operating system (64-bit), supported by the Mono project, or Docker images provided by the Mono project. Note the operating system manufacturer's minimum requirements for Apache HTTP Server.

Additional software

Windows operating systems

  • Microsoft .NET Framework Version 4.7.2 or later

  • Microsoft Internet Information Services 10 or 8.5 or 8 or 7.5 or 7 with ASP.NET 4.7.2 and the Role Services:
    • Web Server > Common HTTP Features > Static Content
    • Web Server > Common HTTP Features > Default Document
    • Web Server > Application Development > ASP.NET
    • Web Server > Application Development > .NET Extensibility
    • Web Server > Application Development > ISAPI Extensions
    • Web Server > Application Development > ISAPI Filters
    • Web Server > Security > Basic Authentication
    • Web Server > Security > Windows Authentication
    • Web Server > Performance > Static Content Compression
    • Web Server > Performance > Dynamic Content Compression

Linux operating systems

  • NTP - Client
  • Mono 5.14 or higher
  • Apache HTTP Server 2.0 or 2.2 with the following modules:
    • mod_mono
    • rewrite
    • ssl (optional)

NOTE: In order to use the application server's REST API, the HTTP request methods POST, GET, PUT and DELETE must be permitted by the web server (IIS/Apache).

Users for One Identity Manager

Table 12: Users for One Identity Manager
Users Permissions

User for installing One Identity Manager

The installation user is needed for the initial installation of a One Identity Manager database using the Configuration Wizard. For more information, see Permissions for the One Identity Manager database.

User for administrative tasks in One Identity Manager

The administrative user is used by components of One Identity Manager that require authorizations at server level and database level, for example, the Configuration Wizard, the DBQueue Processor, or the One Identity Manager Service. For more information, see Permissions for the One Identity Manager database.

User for configuration tasks in One Identity Manager

The configuration user can execute configuration tasks within the One Identity Manager, for example, creating customer-specific schema extensions or working with the Designer. Configuration users require permissions at server level and database level. For more information, see Permissions for the One Identity Manager database.

End user for One Identity Manager

End users only receive permissions at database level, for example for performing tasks with the Manager or the Web Portal. For more information, see Permissions for the One Identity Manager database.

User for Logging into One Identity Manager

One Identity Manager uses different authentication modules for logging in to administration tools. Authentication modules identify the system users to be used and load the user interface and database resource editing permissions depending on their permission group memberships.

For detailed information about the One Identity Manager authentication modules, see the One Identity Manager Authorization and Authentication Guide.

User account for the One Identity Manager Service

The user account for One Identity Manager Service requires rights to carry out operations at file level, for example, assigning user rights and creating and editing directories and files.

The user account must belong to the Domain users group.

The user account must have the Login as a service extended user right

The user account requires access rights to the internal web service.

NOTE: If One Identity Manager Service runs under the network service (NT Authority\NetworkService), you can issue access rights for the internal web service with the following command line call:

netsh http add urlacl url=http://<IP address>:<port number>/ user="NT AUTHORITY\NETWORKSERVICE"

The user account needs full access to the One Identity Manager installation directory in order to automatically update One Identity Manager Service.

In the default installation the One Identity Manager is installed under:

  • %ProgramFiles(x86)%\One Identity (on 32-bit operating systems)
  • %ProgramFiles%\One Identity (on 64-bit operating systems)

NOTE: Other target system specific permissions may be required for synchronizing the One Identity Manager with each target system. These permissions are explained in the corresponding guide.

For more information, see Setting up permissions for creating an HTTP server.

Related Documents