Chat now with support
Chat with Support

Identity Manager 8.2.1 - Installation Guide

About this guide One Identity Manager overview Installation prerequisites Installing One Identity Manager Installing and configuring the One Identity Manager Service Automatic updating of One Identity Manager Updating One Identity Manager Installing additional modules for a existing One Identity Manager installation Installing and updating an application server Installing the API Server Installing, configuring, and maintaining the Web Designer Web Portal Installing and updating the Manager web application Logging in to One Identity Manager tools Troubleshooting Advanced configuration of the Manager web application Machine roles and installation packages Configuration parameters for the email notification system How to configure the One Identity Manager database using SQL Server AlwaysOn availability groups

Enabling other login languages

Any language for which the Select in front-end option is activated can be used as a login language.

To enable an additional login language

  1. In the Designer, select the Base data > Localization > Languages category.

  2. In the List Editor, select the language.

  3. In the Properties view, set the Select in front-end property to True.

  4. Save the changes.

  5. Select the Database > Save to database and click Save.

Related topics

Password expiry

There are different ways to inform users that their password is going to expire:

  • Users are alerted about their password expiring when they log in to One Identity Manager and can change their password if necessary.

  • For employee-based authentication modules, the system sends reminder notifications in relation to expiring passwords as of seven days in advance of the password expiry date.

    • You can adjust the time in days in the Common | Authentication | DialogUserPasswordReminder configuration parameter. Edit the configuration parameter in the Designer.

    • The notifications are triggered in accordance with the Reminder system user password expires schedule and use the Employee - system user password expires mail template. You can adjust the schedule and mail template in the Designer if required.

TIP: To prevent passwords expiring for service account, for example, you can set Password never expires (DialogUser.PasswordNeverExpires) in the Designer for the affected system users.

Checking authentication

When a user logs in, a validity check is run. Use the settings to configure additional options.

  • The system runs additional validity checks to prevent users from working with established connections, if they were deactivated after they logged in. The check takes place with next action on the connection after a fixed interval of 20 minutes.

    You can adjust the interval in the Common | Authentication | CheckInterval configuration parameter. In the Designer, edit the configuration parameter.

  • The number of session that a user can open within a short time is limited to 10 session a minute.

    If this number is exceeded, the user is sent an error message.

    You have logged in too often in the last minute. Please wait a moment before you log in again.

    This check is done for each front-end if the login is local. If the login is on the application server, it is checked for each application server.

    You can modify the number of sessions in the Common | Authentication | SessionsPerUserAndMinute configuration parameter. In the Designer, edit the configuration parameter.

  • Use the QBM | AppServer | SessionTimeout configuration parameter to add the timeout in hours, after which inactive application server sessions are closed. The default value is 24 hours. In the Designer, edit the configuration parameter.

Connection pool for separate sessions for reading and writing on different database servers

To be able to use separate session for reading and writing to different databases servers, you need to adjust the connection data of the Data Source property.

The Data Source property can contain a pipe (|) delimited server list. The first server specified is the primary server used for write access. All other servers are read-only copies with read access only. The prerequisite for this is that the database name and the credentials on the secondary servers are identical to the primary server.

NOTE: In the connection dialog you can reach the property through the Options > Advanced options setting.

The internal physical read sessions are distributed randomly over the read-only copies and the primary server. With one primary server and two secondary servers, the primary server receives approximately 1/3 of the connections for read operations.

NOTE: The connection pool does not open a new connection for each operation. If no new parallel requests come, all requests run over the same connection and therefore on the same server.

The procedure relies on replication taking place between the servers and the data always being up to date in the copies as well.

Related topics
Related Documents

The document was helpful.

Select Rating

I easily found the information I needed.

Select Rating