Chat now with support
与支持团队交流

Identity Manager 8.1 - Installation Guide

About this Guide One Identity Manager overview Installation prerequisites Installing One Identity Manager Installing and configuring the One Identity Manager Service Automatic updating of One Identity Manager Updating One Identity Manager Installing and updating an application server Installing the API Server Installing, configuring and maintaining the Web Portal Installing and updating the Manager web application Logging in to One Identity Manager tools Error handling Appendix: Creating a One Identity Manager database for a test or development environment from a database backup Appendix: Extended configuration of the Manager web application Appendix: Machine roles and installation packages Appendix: Settings for a new SQL Server database

Disabling vendor notification

NOTE: You can only configure vendor notification in Launchpad on a One Identity Manager database with the Live environment staging level.

To disable a vendor notification

  1. Start the Launchpad and log in on the One Identity Manager database.
  2. Select Configure vendor notification and click Start.

    This starts the Designer and opens the Configuration Parameter Editor.

  3. Disable the configuration parameter Common | MailNotification | VendorNotification.

  4. Select Database | Save to database and click Save.
Related Topics

Setting up the email notification system

The One Identity Manager sends email notifications about various actions taken within the system. Thus, various notifications are sent to requester and approver within the request process. In the same way, notifications about attestation cases are sent or reports delivered by email. Notifications are sent when an actions is successfully or unsuccessfully executed during process handling.

You can implement custom notifications in addition to predefined notification processes.

To use the notification system

  1. Use the Job Server Editor to set up a Job server as a SMTP host for mail distribution.

  2. Check the configuration parameters for the email notification system in the Base data | General | Configuration parameters category in Designer and customize the values.

    NOTE: In addition to the configuration parameters listed in the following, other configuration parameters may be necessary for different notification processes. Some configuration parameters are only available if the module is installed.

Table 22: General configuration parameters for mail notification

Configuration parameter

Meaning

Common | InternationalEMail

This parameter specifies whether international domain names and unicode characters are supported in email addresses.

IMPORTANT: The mail server must also support this function. If necessary, you must override the script VID_IsSMTPAddress

Common | MailNotification

Notification data.

Common | MailNotification | AcceptSelfSignedCert

If this configuration parameter is set, self-signed TLS connection certificates are accepted.

Common | MailNotification | AllowServerNameMismatchInCert

If this configuration parameter is set, server names that do not match are permitted by TLS connection certificates.

Common | MailNotification | DefaultAddress

Default email address (recipient) for sending notifications.

Common | MailNotification | DefaultCulture

Default language that emails are sent in if no language can be determined for a recipient.

Common | MailNotification | DefaultLanguage

Default language for sending messages.

Common | MailNotification | DefaultSender

Default email address (sender) for sending notifications.

Common | MailNotification | Encrypt

Specifies whether emails are encrypted.

Common | MailNotification | Encrypt | ConnectDC

Domain controller to use.

Common | MailNotification | Encrypt | ConnectPassword

User password. This is optional.

Common | MailNotification | Encrypt | ConnectUser

User account for querying Active Directory. This is optional.

Common | MailNotification | Encrypt | DomainDN

Distinguished name of the domain to search through.

Common | MailNotification | Encrypt | EncryptionCertificateScript

Script, which supplies a list of encrypted certificates (default: QBM_GetCertificates).

Common | MailNotification | NotifyAboutWaitingJobs

Specifies whether a message should be sent if the process steps have a particular execution state in the job queue.

Common | MailNotification | SignCertificateThumbprint

SHA1 thumbprint of the certificate to use for the signature. This can be in the computer's or the user's My Store.

Common | MailNotification | SMTPAccount

User account name for authentication on an SMTP server.

Common | MailNotification | SMTPDomain

User account domain for authentication on the SMTP server.

Common | MailNotification | SMTPPassword

User account password for authentication on the SMTP server.

Common | MailNotification | SMTPPort

Port for SMTP services on the SMTP server (default: 25).

Common | MailNotification | SMTPRelay

SMTP server for sending notifications.

Common | MailNotification | SMTPUseDefaultCredentials

If this parameter is set, the One Identity Manager Service login credentials are used for authentication on the SMTP server. If the configuration parameter is not set, the login data defined in the Common | MailNotification | SMTPDomain and Common | MailNotification | SMTPAccount or Common | MailNotification | SMTPPassword configuration parameters is used.

Common | MailNotification | TransportSecurity

This configuration parameter defined the encryption method for sending notification by email. If none of the following options are given, the port is used to define the behavior (port: 25 = no encryption, port: 465 = with SSL/TLS encryption).

Table 23: Permitted values

Value

Meaning

Auto

Identifies the encryption method automatically.

SSL

Encrypts the entire session with SSL/TLS.

STARTTLS

Uses the STARTLS mail server extension.

Switches TLS encryption after the 'greeting' and loading the server capabilities. The connection fails if the server does not support the STARTTLS extension.

STARTTLSWhenAvailable

Uses the STARTTLS mail server extension if available.

Switches on TLS encryption after the 'greeting' and loading the server capabilities, however, only if it supports the STARTTLS extension.

None

No security for the transport layer. All data is sent as plain text.

Common | MailNotification | VendorNotification

Enables the email address of your company's contact person. The email address is used as the return address for notifying vendors.

If the configuration parameter is set, One Identity Manager generates a list of system settings once a month and sends the list to One Identity. This list does not contain any personal data. You can check the latest system information at any time by selecting Help | Info in the menu. The list will be reviewed by our customer support team who will look for material changes in a proactive effort to identify potential issues before they materialize on your system. The lists may be used by our R&D staff for analysis, diagnosis, and replication for testing purposes. We will keep and refer to this information for as long as your company remains on support for this product.

Table 24: Additional Parameters for Email Notifications
Configuration parameter Description

QER | Attestation | DefaultSenderAddress

This configuration parameter contains the sender email address for messages automatically generated for attestation.

QER | ComplianceCheck | EmailNotification | DefaultSenderAddress

This configuration parameter contains the sender email address for automatically generated messages during rule checking.

QER | ITShop | DefaultSenderAddress

This configuration parameter contains the sender email address for automatically generated messages within the IT Shop.

QER | Policy | EmailNotification | DefaultSenderAddress

This configuration parameter contains the sender email address for automatically generated messages within company policy checking.

QER | RPS | DefaultSenderAddress

This configuration parameter contains the sender email address for automatically generated notifications.

TargetSystem | ADS | DefaultAddress

The configuration parameter contains the recipient's default email address for sending notifications about actions in the target system Active Directory.

TargetSystem | ADS | Exchange2000 | DefaultAddress

The configuration parameter contains the recipient's default email address for sending notifications about actions in the target system Microsoft Exchange.

TargetSystem | ADS | MemberShipRestriction | MailNotification

This configuration parameter contain the default email address for sending warnings by email.

TargetSystem | AzureAD | DefaultAddress

The configuration parameter contains the recipient's default email address for sending notifications about actions in the target system Azure Active Directory.

TargetSystem | AzureAD | ExchangeOnline | DefaultAddress

The configuration parameter contains the recipient's default email address for sending notifications about actions in the target system Exchange Online.

TargetSystem | CSM | DefaultAddress

The configuration parameter contains the recipient's default email address for sending notifications about actions in the cloud target system.

TargetSystem | EBS | DefaultAddress

The configuration parameter contains the recipient's default email address for sending notifications about actions in the target system.

TargetSystem | LDAP | DefaultAddress

The configuration parameter contains the recipient's default email address for sending notifications about actions in the target system LDAP.

TargetSystem | NDO | DefaultAddress

The configuration parameter contains the recipient's default email address for sending notifications about actions in the target system IBM Notes.

TargetSystem | SAPR3 | DefaultAddress

The configuration parameter contains the recipient's default email address for sending notifications about actions in the target system SAP R/3.

TargetSystem | SharePoint | DefaultAddress

The configuration parameter contains the recipient's default email address for sending notifications about actions in the target system SharePoint.

TargetSystem | Unix | DefaultAddress

The configuration parameter contains the recipient's default email address for sending notifications about actions in the Unix target system.

TargetSystem | UNS | DefaultAddress

The configuration parameter contains the recipient's default email address for sending notifications about actions in the custom target system.

TargetSystem | PAG| DefaultAddress

The configuration parameter contains the recipient's default email address for sending notifications about actions in the Privileged Account Management system.

Related Topics

Installing and configuring the One Identity Manager Service

The One Identity Manager Service handles defined processes. The service has to be installed on the One Identity Manager network server to execute the processes. The server must be declared as a "Job server" in the One Identity Manager database.

Setting up a Job server requires the following steps:

  • Create an entry for the Job server in the One Identity Manager database.

  • Specify the machine roles and server functions for the Job server.

    Installation packages to be installed on the Job server are found, depending on the selected machine roles. The server function defines the functionality of a server in One Identity Manager. One Identity Manager processes are handled depending on the server function.

  • Install the One Identity Manager Service.

  • Configure the One Identity Manager Service.

  • Start the One Identity Manager Service.

Related Topics

Setting up Job servers

Each One Identity Manager Service within the network must have a unique queue identifier. The process steps are requested by the Job queue using exactly this queue name.

  • Enter this queue name in the One Identity Manager Service configuration file.

  • A Job server must be known in the One Identity Manager database for each queue.

There are several methods for setting up a Job server:

  • For the initial schema installation with the Configuration Wizard, you already set up a Job server with the server functions SQL processing server and Update server. Use the Configuration Wizard to configure the service and install the service remotely on a server.

  • To configure further Job servers, use the Server Installer program.

    Using the Server Installer, you create the Job server with its machine roles and server functions in the database. Use the Server Installer to configure the service and install the service remotely on a server.

  • You can create Job servers in the Designer.

    In Designer, you can create a Job server with the machine roles and server functions, configure the service on the server and install the service remotely. For detailed information, see One Identity Manager Configuration Guide.

  • If a remote installation is not possible, you can install and configure the service locally on a server.

    • Install the service components on the server using the installation wizard.

    • Configure the service using the Job Service Configuration program. For more detailed information about configuring the One Identity Manager Service, see the One Identity Manager Configuration Guide.

    • If the configuration parameter Common | Jobservice | AutoCreateServerFromQueues is enabled, in response to queries from the One Identity Manager Service for unknown queues, new Job servers are created in the database. Information about machine roles and server functions is transferred to the database.

NOTE: If you subsequently change server functions for a Job server in the database, for example using the Designer, the system checks whether the required components are installed on the server, and updates the server if necessary. To enable this, automatic software updates must be active.

Related Topics
相关文档