Chat now with support
Chat with Support

Identity Manager 8.2.1 - Configuration Guide

About this guide One Identity Manager software architecture Customizing the One Identity Manager default configuration Customizing the One Identity Manager base configuration One Identity Manager schema basics Editing the user interface
Object definitions for the user interface User interface navigation Forms for the user interface Statistics in One Identity Manager Extending the Launchpad Task definitions for the user interface Applications for configuring the user interface Icons and images for configuring the user interface Using predefined database queries
Localization in One Identity Manager Process orchestration in One Identity Manager
Mapping processes in One Identity Manager Setting up Job servers
The One Identity Manager Service functionality Tracking changes with process monitoring Conditional compilation using preprocessor conditions Scripts in One Identity Manager
Visual Basic .NET scripts usage Notes on message output Notes on using date values Tips for using Windows PowerShell scripts Using dollar ($) notation Using base objects Calling functions Pre-scripts for use in processes and process steps Using session services Using #LD-notation Script library Support for processing scripts in the Script Editor Creating and editing scripts in the Script Editor Copying scripts in the Script Editor Testing scripts in the Script Editor Testing script compilation in the Script Editor Overriding scripts Permissions for running scripts Editing and testing script code with the System Debugger Extended debugging in the Object Browser
One Identity Manager query language Reports in One Identity Manager Adding custom tables or columns to the One Identity Manager schema Web service integration One Identity Manager as SCIM 2.0 service provider SOAP Web Service One Identity Manager as SPML provisioning service provider Processing DBQueue tasks One Identity Manager Service configuration files

EventLogLogWriter

The EventLogLogWriter writes messages from the One Identity Manager Service to an event log. To view the event log, you can use the results display in the Microsoft Management Console, for example.

Table 112: EventLogLogWriter parameters

Parameters

Description

EventLog

Name of the event log to which the messages are written. The messages are written to the application log with Application as the default value.

NOTE: If more than one One Identity Manager Service write event logs on a server, make sure that the first eight letters in the log name are unique on the server.

LogSeverity

Severity levels of the logged messages.

Permitted values are:

  • Info: All messages are written to the event log. The event log quickly becomes large and confusing.

  • Warning: Only warnings and exception errors are written to the event log (default).

  • Serious: Only exception messages are written to the event log.

EventID

The ID of the messages written to the event log.

Category

The category of the messages written to the event log.

Source

The name of the source of the messages written to the event log.

By default, the One Identity Manager Service only logs messages in the event log Application.

To use an event log with a different name

  1. On the Job server, manually add the file for theOne Identity Manager Service to write to. You can use Windows PowerShell, for example, to do this.

    1. Run Windows PowerShell as administrator on the Job server.

    2. Run the following CmdLet:

      New-EventLog -Source "Foobar" -LogName "<file name>"

  2. Enter this file name in the One Identity Manager Service configuration file, in the module EventLogWriter as the name for the event log.

  3. Restart the computer.

  4. Restart the One Identity Manager Service.

Related topics

FileLogWriter

The FileLogWriter writes messages from One Identity Manager Service to a log file. The log file can be displayed in a browser.

You call up the log file with the appropriate URL.

http://<server name>:<port number>

The default value is port 1880.

Table 113: FileLogWriter parameters

Parameters

Description

Log file (OutputFile)

Name of the log file, including the directory name. Log information for the One Identity Manager Service is written to this file.

IMPORTANT: The directory specified for the file must exist. If the file cannot be created, no error output is possible. Error messages then appear under Windows operating systems in the event log or under Linux operating systems in /var/log/messages.

Log rename interval (LogLifeTime)

In order to avoid unnecessarily large log files, the module supports the functionality of exchanging the log file with a history list. The LogLifeTime specifies the maximum life of a log file before it is renamed as backup. If the log file has reached its maximum age, the file is renamed (for example, as JobService.log_20040819-083554) and a new log file is started.

Timeout format:

day.hour:minutes:seconds

Process step log lifetime (JobLogLifeTime)

Retention time for process step logs. After this expires, the logs are deleted.

Timeout format:

day.hour:minutes:seconds

For test purposes, you can enable logging of individual process steps in the Job Queue Info. The processing messages of the process step is written to a separate log with the Debug NLog severity. The files are stored in the log directory.

Repository structure:

<Log directory>\JobLogs\<First 4 digits of the UID_Job>\Job_<UID_Job>_<yyyymmdd>_<Timestamp>.log

Number of history logs (HistorySize)

Maximum number of log files. If several log files exist, the oldest backup file is deleted when a new log file is created so that the limit is not exceeded.

Max. log file size (MB) (MaxLogSize)

Maximum size in MB of the log file. Once the log file has reached the limit, it is renamed as a backup file and a new log file is created.

Max. length of parameters (ParamMaxLength)

Maximum number of characters allowed in a process step parameter so that they are written to the log file.

LogSeverity

Severity levels of the logged messages.

Permitted values are:

  • Info: All messages are written to the event log. The event log quickly becomes large and confusing.

  • Warning: Only warnings and exception errors are written to the event log (default).

  • Serious: Only exception messages are written to the event log.

Add server name (AddServerName)

Specifies whether the server name is to be added to the log entries.

Dispatcher module

In a hierarchical server structure a server can be used as a proxy server for other servers. The proxy server makes requests at set time intervals for process steps to be processed on a server and sends them to the next server. If the request load needs to be minimized, a proxy server is recommended.

Table 114: Dispatcher module parameters

Parameters

Description

Acts as proxy for other servers (IsProxy)

Specifies whether the server is to act as a proxy server. Set this option if the server should be a proxy server.

ProxyInterval

Time interval in seconds, after which the proxy server acting as deputy for another server, should renew a request to the database.

The following guidelines can be used as orientation for the configuration of One Identity Manager Service polling intervals in a cascading environment:

Table 115: Polling interval guidelines for One Identity Manager Service
Parameters Root Server (direct connection to database) Leaf server (connected by HTTP or file)

JobServiceDestination.StartInterval

90 seconds

600 seconds

JobServiceDestination.Statisticinterval

360 seconds

600 seconds

Dispatcher.ProxyInterval

180 seconds

Dispatcher.IsProxy

True

False

The proxy mode of a root server ensures that, acting on behalf of the leaf server, process steps are queried in shorter proxy intervals. When the root server is restarted, it may take a while until all leaf servers have sent their first request (in this case a maximum of 600 seconds). However, the system then swings into action.

Figure 29: Dispatcher configuration example

Connection module

With this module you can set special configuration settings for the behavior of the One Identity Manager Service.

Table 116: Connection module parameters

Parameters

Description

Process generation log directory (JobGenLogDir)

Directory of log files in which the instructions for process generation generated by One Identity Manager Service are recorded.

Disable reload beep (NoReloadBeep)

When this parameter is set the beep is switched off that is made when buffered dialog data is loaded.

Log BLOB reads (LogBlobReads)

Specifies whether read operations on text and binary LOB (BLOB) should be written to the SQL log.

Cache type (CacheType)

Specifies how the data is cached. The default value is MultipleFiles.

Cache reload interval (CacheReloadInterval)

Time in seconds after which the local cache should be updated. This parameter overwrites the setting in the Common | CacheReload | Interval configuration parameter.

Regular expression for stack trace positions (ObjectDumpStackExpression)

This expression specifies when an extra stack trace is written to the object log. If the current row in the object log matches the regular expression, the stack trace is written in the object log.

Sample expression: "Lastname"

If the current row contains the value "Lastname", the stack trace is also copied to the log.

NOTE: This parameter is used for localizing errors. It is not recommended to set this parameter in normal working conditions on performance grounds.

TokenCertificateThumbprint

Thumbprint of the certificate used to verify the security token.

TokenCertificateFile

Certificate file of the certificate to be used to verify the security token. The certificate must support RSA encryption with SHA1, SHA256, or SHA512 and contain the private key.

Supports read-only replicas in Azure (SupportReadScaleOut)

Specifies whether a second pool for read-only queries is supported in Azure. If the option is set, read-only queries are supported This feature is available in Azure's Premium and Business Critical plans. For more information, see https://docs.microsoft.com/en-us/azure/azure-sql/database/read-scale-out.

Connect directly without availability check (DirectConnection)

Specifies whether to connect directly to the target database without testing availability or status first. This allows tools that do not allow database switching within the connection, to trace the connection.

NOTE: This option can affect migration because the connection is always open.

Related Documents

The document was helpful.

Select Rating

I easily found the information I needed.

Select Rating