Chat now with support
Chat with Support

Identity Manager 9.1.2 - Installation Guide

About this guide One Identity Manager overview Installation prerequisites Installing One Identity Manager Installing and configuring the One Identity Manager Service Automatic updating of One Identity Manager Updating One Identity Manager Installing additional modules for a existing One Identity Manager installation Installing and updating an application server Installing the API Server Installing, configuring, and maintaining the Web Designer Web Portal Installing and updating the Manager web application Logging in to One Identity Manager tools Troubleshooting Advanced configuration of the Manager web application Machine roles and installation packages Configuration parameters for the email notification system How to configure the One Identity Manager database using SQL Server AlwaysOn availability groups

Uninstalling application servers

To uninstall a web application

  1. Launch autorun.exe from the root directory of the One Identity Manager installation medium.

  2. On the start page of the installation wizard:

    1. Change to the Installation tab.

    2. In the Web-based components pane, click Install.

    This starts the Web Installer.

  3. On the Web Installer start page, click Uninstall a web application and click Next.

  4. On the Uninstall a web application page, double-click the application that you want to remove.

    The icon is displayed in front of the application.

  5. Click Next.

  6. On the Database connection page, select the database connection and authentication method and enter the corresponding login data.

  7. Click Next.

  8. Confirm the security prompt with Yes.

  9. The uninstall progress is displayed on the Setup is running page.

  10. Once installation is complete, click Next.

  11. On the Wizard complete page, click Finish.

  12. Close the autorun program.

Installing the API Server

The API Server hosts the API that you defined. Angular web applications can also be delivered over the API Server.

You can install the API Server with help from the Web Installer or the ImxClient command line program (the install-apiserver command). Read through the following sections for instructions on how to install the API Server on a Web Installer using the Windows Server and set it up with the default configuration. For more information about installing using the ImxClient command line program, see the One Identity Manager API Development Guide.

Detailed information about this topic

Installing the API Server

IMPORTANT: Start the API Server installation locally on the server.

NOTE: Before installation, ensure that the minimum hardware and software requirements are fulfilled on the server.

NOTE: On Linux operating systems, use of oneidentity/oneim-api docker images is recommended.

TIP: You can install the API Server using the ImxClient command line program (install-apiserver command). For more information, see the One Identity Manager API Development Guide.

To install the API Server

  1. Launch autorun.exe from the root directory of the One Identity Manager installation medium.

  2. On the installation wizard's home page, perform the following actions:

    1. Click Installation.

    2. In the Web-based components pane, click Install.

    This starts the Web Installer.

  3. On the Web Installer start page, click Install API Server.

  4. Click Next.

  5. On the Database connection page, do the following:

    TIP: One Identity recommend establishing a connection over an application server.

    • To use an existing connection to the One Identity Manager database, select it in the Select a database connection menu.

    • To create a new connection to the One Identity Manager database, click Add new connection and enter a new connection .

  6. Select the authentication method and enter the login data for the database under Authentication method.

  7. Click Next.

  8. On the Installation source page, do the following:

    • To retrieve the installation data from the database, activate the Database option.

    • to retrieve the installation data from the installation media (for example, from the hard drive), activate the File system option and enter the path.

  9. Click Continue.

  10. Configure the following settings on the Select setup target page.

    Table 28: Settings for the installation target
    Setting Description

    Application name

    Enter the name to use in the browser as the application name.

    Target in IIS

    Select the website on the Internet Information Services where the application is installed.

    Enforce SSL

    Select the check box if the API Server website can only be opened over an encrypted connection.

    URL

    Enter the application's URL.

    Install dedicated application pool

    Select the check box to install each application in its own application pool. This allows applications to be set up independently of one another. If this option is set, each application is installed in its own application pool.

    Application pool

    Select the application pool to use. This can only be entered if the option Install dedicated application pool is not set.

    If you use the default value DefaultAppPool, the application pool has the following syntax:

    <application name>_POOL

    Identity

    Specify the permissions for implementing the application pool. You can use a default identity or a custom user account.

    If you use the ApplicationPoolIdentity default value, the user account has the following syntax:

    IIS APPPOOL\<application name>_POOL

    You can authorize another user by clicking ... next to the box, enabling the option Custom account and entering the user and password.

    Web authentication

    Specify which type of authentication to use against the web application. You have the following options:

    • Windows authentication (single sign-on)

      The user is authenticated against the Internet Information Services using their Windows user account. The web application logs in the employee assigned to the user account as role-based. If single sign-on is not possible, the user is diverted to a login page. You can only select this authentication method is Windows authentication is installed.

    • Anonymous

      Login is possible without Windows authentication. The user is authenticated against the Internet Information Services and the web application anonymously. The web application is rerouted to a login page.

    Database authentication

    NOTE: You can only see this pane if you have selected an SQL database connection on the Database connection page.

    Specify which type of authentication to use against the One Identity Manager database. You have the following options:

    • Windows authentication

      The web application is authenticated against the One Identity Manager database with the same Windows user account that your application pool uses. Login is possible with a user-defined user account or a default identity for the application pool.

    • SQL authentication

      Login is only possible through a user-defined user account. Authentication is done using user name and password. This access data is saved in the web application configuration as computer specific encrypted.

  11. Click Next.

    If you have selected a direct database connection in step 4, the Select application server page appears.

  12. (Optional) Configure the following settings on the Select application server page.

    NOTE: If you would like to use the full text search, then you must specify an application server. You can enter the application server in the configuration file at a later date.

    1. Click Select application server.

    2. In the dialog, in the URL field, enter the web address of the application server.

    3. Click OK.

  13. Click Continue.

  14. On the Set session token certificate page, select the certificate for creating and checking session tokens.

    NOTE: The certificate must have a key length of at least 1024 bits.

    • To use an existing certificate, set the following:

      1. Session token certificate: Select the Use existing certificate entry.

      2. Select certificate: Select the certificate.

        NOTE: It is strongly recommended to use the certificate already in use in other application servers and API Servers.

    • To create a new certificate, set the following:

      1. Session token certificate: Select the Create new certificate entry.

      2. Certificate issuer: Enter the issuer of the certificate.

      3. Key length: Specify the key length for the certificate.

      The certificate is entered in the application server's certificate management.

      NOTE: It is strongly recommended to export this newly created certificate and use it in other application servers and API Servers as well, so that all these server components have and use the identical session certificate.

    • To create a new certificate file, set the following:

      1. Session token certificate: Select the Generate new certificate file entry.

      2. Certificate issuer: Enter the issuer of the certificate.

      3. Key length: Specify the key length for the certificate.

      4. Certificate file: Enter the directory path and name of the certificate file.

      The certificate file is stored in the specified directory of the web application.

      NOTE: It is strongly recommended to use this newly created certificate in other application servers and API Servers as well, so that all these server components have and use the identical session certificate.

  15. Click Next.
  16. On the Assign machine roles page, define the machine roles.

    The SCIM Provider machine role is required for the SCIM plugin in the API Server. For more information about the SCIM plugin, see the One Identity Manager Configuration Guide.

  17. Click Next.

  18. Specify the user account for automatic updating on the Set update credentials page by activating one of the following options:

    NOTE: The user account is used to add or replace files in the application directory.

    • Use IIS credentials for update: Set this option to use the user account used by the application pool to run updates.

    • Use other credentials for updates: To use a different user account, set this option. Specify the domain, the user name, and the user password.

  19. Click Next.

  20. On the Application token page, enter the application token for the API Server into the input field.

    TIP: To use a new token and therefore replace the existing token in the database, activate the option Replace the application token in the database. When doing so, note that the current token will become invalid and every location that uses it must be updated with the new token.

    NOTE: Handle the application token like a password. Once the application is saved in the database, it cannot be displayed in text form again. Make a note of the application token if necessary.

  21. Click Next.

    The Setup is running page opens and shows the progress of each installation step.

  22. Once installation is complete, click Next.

  23. On the Wizard complete page, click Finish.

  24. Close the autorun program.

Related topics

Uninstalling API Server

To uninstall a web application

  1. Launch autorun.exe from the root directory of the One Identity Manager installation medium.

  2. On the start page of the installation wizard:

    1. Change to the Installation tab.

    2. In the Web-based components pane, click Install.

    This starts the Web Installer.

  3. On the Web Installer start page, click Uninstall a web application and click Next.

  4. On the Uninstall a web application page, double-click the application that you want to remove.

    The icon is displayed in front of the application.

  5. Click Next.

  6. On the Database connection page, select the database connection and authentication method and enter the corresponding login data.

  7. Click Next.

  8. Confirm the security prompt with Yes.

  9. The uninstall progress is displayed on the Setup is running page.

  10. Once installation is complete, click Next.

  11. On the Wizard complete page, click Finish.

  12. Close the autorun program.

Related topics
Related Documents

The document was helpful.

Select Rating

I easily found the information I needed.

Select Rating