Chat now with support
Chat with Support

Identity Manager 8.2 - Installation Guide

About this guide One Identity Manager overview Installation prerequisites Installing One Identity Manager Installing and configuring the One Identity Manager Service Automatic updating of One Identity Manager Updating One Identity Manager Installing additional modules for a existing One Identity Manager installation Installing and updating an application server Installing the API Server Installing, configuring, and maintaining the Web Designer Web Portal Installing and updating the Manager web application Logging in to One Identity Manager tools Troubleshooting Advanced configuration of the Manager web application Machine roles and installation packages Configuration parameters for the email notification system Configuring deployment of One Identity Manager with SQL Server AlwaysOn availability groups

Changing database keys and encrypting database information

NOTE:

  • To change a database key, you need the key file with the old database key. The key is change and saved in a new key file.

  • It is recommended that you create a backup before encrypting the database information in a database. Then you can restore the previous state if necessary.

To change a database key and encrypt the One Identity Manager database

  1. Start the Launchpad and log in to the One Identity Manager database.

  2. In the Installation overview pane, select the Encrypt the database and click Run.

    This starts the Crypto Configuration program.

  3. Click Next on the home page.

  4. On the New database connection page, enter the valid connection credentials for the One Identity Manager database.

  5. On the Select action page, select Create or change database key.

  6. Load the existing key on Private key.

    1. Select Encryption was enabled.

    2. Click Load key.

    3. Using the file browser, select the (*.key) file with the old database key.

    4. Click Open.

      The file browser is closed. The path and file name are shown.

    5. Click Next.

  7. Create a new key on New private key.

    1. Click Create key.

    2. Select the directory path for saving the file using the file browser and enter a name for the key file.

    3. Click Save.

      The (*.key) key file is generated. The file browser is closed. The path and filename are displayed under Private key.

    4. Click Next.

      This establishes which data is encrypted.

  8. The date to be encrypted is displayed on the Convert database page.

    1. Click Convert.

    2. Confirm the following two security questions with Yes.

      The data encryption is started. Conversion progress is displayed.

    3. Click Next.

  9. Click Finish on the last page to end the program.

Related topics

Reencrypting database information

Use this method when you mark more database columns with the option Encrypted and the database is already encrypted.

NOTE: It is recommended that you create a backup before encrypting the database information in a database. Then you can restore the previous state if necessary.

To repeat One Identity Manager database encryption using an existing database key

  1. Start the Launchpad and log in to the One Identity Manager database.

  2. In the Installation overview pane, select the Encrypt the database and click Run.

    This starts the Crypto Configuration program.

  3. Click Next on the home page.

  4. On the New database connection page, enter the valid connection credentials for the One Identity Manager database.

  5. On the Select action page, select Encrypt using existing key.

    This establishes which data is encrypted.

  6. The date to be encrypted is displayed on the Convert database page.

    1. Click Convert.

    2. Confirm the following two security questions with Yes.

      The data encryption is started. Conversion progress is displayed.

    3. Click Next.

  7. Click Finish on the last page to end the program.

Related topics

Decrypting database information

NOTE:

  • You need the file with the database key for this.

  • It is recommended that you create a backup before encrypting the database information in a database. Then you can restore the previous state if necessary.

To decrypt the One Identity Manager database

  1. Start the Launchpad and log in to the One Identity Manager database.

  2. In the Installation overview pane, select the Encrypt the database and click Run.

    This starts the Crypto Configuration program.

  3. Click Next on the home page.

  4. On the New database connection page, enter the valid connection credentials for the One Identity Manager database.

  5. On the Select action page, select Decrypt data.

    This establishes which data is encrypted.

  6. The date to be encrypted is displayed on the Convert database page.

    1. Click Convert.

    2. Confirm the following two security questions with Yes.

    3. Using the file browser, select the (*.key) file with the database key.

    4. Click Open.

      The file browser is closed. The data decryption is started. Conversion progress is displayed.

    5. Click Next.

  7. Click Finish on the last page to end the program.

Related topics

Tips for working with an encrypted One Identity Manager database

If you encrypt a One Identity Manager database, you must declare the database key to the One Identity Manager Service.

 CAUTION: If the One Identity Manager Service finds a private key in the installation directory on startup, it places the key in the Windows internal key container of its service account and deletes the file from the hard drive. So save the private key at another location in addition to the service install directory.

To declare the database key

  1. Declare the following information in the One Identity Manager Service configuration file. Use the Job Server Editor in the Designer or the Job Service Configuration program to edit the configuration file. For more detailed information, see the One Identity Manager Configuration Guide.

    Table 17: Configuring the One Identity Manager Service for encryption
    Configuration module Parameters Meaning

    JobServiceDestination

    Encryption method (EncryptionScheme)

    Encryption method used

    JobServiceDestination

    File with private key (PrivateKey)

    Enter the file with the encryption information. The default file is private.key.

    JobServiceDestination

    Private key identifier (PrivateKeyId)

    Identifier of the private key.

    Use this parameter if you work with several private keys, for example, if One Identity Manager Service data must be exchanged between two encrypted One Identity Manager databases.

    If no ID is specified, a search is performed for the private.key file.

    File with the private key.

     

    Private key identifier and path to private key file.

    The ID is expected in the JobServiceDestination in the Private key identifier parameter (PrivateKeyId) The default key has the ID Default.

  2. Save the key file created in the service’s install directory.

  3. Open the service management and restart the One Identity Manager Service.

NOTE:

  • The file with the private key must exist in the server's installation directory on all servers with an active One Identity Manager Service.

  • If you change the One Identity Manager Service user account, you must save the key file in the service’s install directory again.

Detailed information about this topic
Related Documents

The document was helpful.

Select Rating

I easily found the information I needed.

Select Rating