Identity Manager 8.1 - Installation Guide

About this Guide One Identity Manager overview Installation prerequisites Installing One Identity Manager Installing and configuring the One Identity Manager Service Automatic updating of One Identity Manager Updating One Identity Manager Installing and updating an application server Installing the API Server Installing, configuring and maintaining the Web Portal Installing and updating the Manager web application Logging in to One Identity Manager tools Error handling Appendix: Creating a One Identity Manager database for a test or development environment from a database backup Appendix: Extended configuration of the Manager web application Appendix: Machine roles and installation packages Appendix: Settings for a new SQL Server database

Installing the API Server

The API Server hosts the API that you have defined in the API Designer. Angular web apps can also be delivered via the API Server.

To make full use of the API Designer, you must first install the API Server. You can use the Web Installer to help install the API Server. Read through the following sections for instructions on how to install the API Server on a Windows server and set it up with the default configuration.

Detailed information about this topic

Installing the API Server

The following describes how to the install the API Server.

NOTE: Before installation ensure that the minimum hardware and software requirements are fulfilled on the server.

IMPORTANT: Start the API Server installation locally on the server.

To install the API Server

  1. Launch autorun.exe from the root directory of the One Identity Manager installation medium.

  2. On the start page of the installation wizard, switch to the installation tab in the navigation on the left.

  3. Click on Install next to Web-based components.

    Starts the Web Installer.

  4. On the Web Installer start page, click Install API Server.

  5. Click Next.

  6. On the Database connection page, do the following:

    TIP: One Identity recommends using an AppServer connection.

    • To use an existing connection to the One Identity Manager database, select it in the Select a database connection menu.

      - OR -

    • To create a new connection to the One Identity Manager database, click Add new connection and enter a new connection .

  7. Select the authentication method and enter the login data for the database under Authentication method.

  8. Click Next.

  9. On the Installation source page, do the following:

    • To retrieve the installation data from the database, activate the Database option.

      - OR -

    • To retrieve the installation data from the installation media (e.g. from the hard drive), activate the File system option and enter the path.

  10. Configure the following settings on the Select setup target page.

    Table 37: Settings for the Installation Target
    Setting Description
    Application name Name used as application name, as in the title bar of the browser, for example.
    Target in IIS Internet Information Services web page on which to install the application.
    Enforce SSL

    Specifies, whether the API Server web page can only be opened over an encrypted connection.

    URL

    The application's Uniform Resource Locator (URL).

    Install dedicated application pool

    Specifies whether an application pool is installed for each application. This allows applications to be set up independently of one another. If this option is set, each application is installed in its own application pool.

    Application pool

    The application pool to use. This can only be entered if the option Install dedicated application pool is not set.

    If you use the default value DefaultAppPool, the application pool has the following syntax:

    <application name>_POOL

    Identity

    Permissions for executing an application pool. You can use a default identity or a custom user account.

    If you use the default value ApplicationPoolIdentity, the user account has the following syntax:

    IIS APPPOOL\<application name>_POOL

    You can authorize another user by clicking ... next to the box, enabling the option Custom account and entering the user and password.

    Web authentication

    Specifies the type for authentication against the web application. You have the following options:

    • Windows authentication (Single Sign-On)

      The user is authenticated against the Internet Information Services using their Windows user account and the web application logs in the employee assigned to the user account as role-based. If single sign-on is not possible, the user is diverted to a login page. You can only select this authentication method is Windows authentication is installed.

    • Anonymous

      Login is possible without Windows authentication. The user is authenticated against the Internet Information Services and the web application anonymously and the web application is directed to a login page.

    Database authentication

    NOTE: You can only see this pane if you have selected an SQL database connection on the Database connection page.

    Specifies the type for authentication against the One Identity Manager database. You have the following options:

    • Windows authentication

      The web application is authenticated against the One Identity Manager database with the same Windows user account that your application pool uses. Login is possible with a user defined user account or a default identity for the application pool.

    • SQL authentication

      Login is only possible through a user defined user account. Authentication is done using user name and password. This access data is saved in the web application configuration as computer specific encrypted.

  11. Click Next.

    If you have selected a direct database connection in step 4, the page Select application server appears. Application server data is required if you want to use full text search. You can enter the application server in the configuration file at a later date.

  12. (Optional) Configure the following settings on the Select application server page.

    NOTE: If you would like to use the full text search, then you must specify an application server. You can enter the application server in the configuration file at a later date.

    1. Click Select application server.

    2. Enter the application server's web address in the URL field.

    3. Click OK.

  13. On the Select application server page, click Next.

  14. On the Set session token certificate page, select the certificate for creating and checking session tokens. Perform one of the following tasks:

    • To use an existing certificate:

      1. In the Session token certificate list, select Use existing certificate.

      2. Select an existing certificate from the the Select certificate list.

    • To create a new certificate:

      1. In the Session token certificate list, select Create new certificate.

      2. In the Certificate issuer field, the name of the certificate issuer.

      3. Select the key length of the certificate from the Key length list.

    • To create a new certificate file:

      1. In the Session token certificate list, select Create new certificate file.

      2. In the Certificate issuer field, the name of the certificate issuer.

      3. Select the key length of the certificate from the Key length list.

      4. In the Certificate file field, enter the path and filename for the new certificate.

  15. Click Next.
  16. Specify the user account for automatic updating on the Set update credentials page by activating one of the following options:

    NOTE: The user account is used to add or replace files in the application directory.

    • Use IIS credentials for update: Set this option to use the user account used by the application pool to run updates.

    • Use other credentials for updates: To use a different user account, set this option. Specify the domain, the user name, and the user password.

  17. Click Next.

  18. On the Application token page, enter the application token for the API Server into the input field.

    TIP: To use a new token and therefore replace the existing token in the database, activate the option Replace the application token in the database. When doing so, please note that the current token will become invalid and every location that uses it must be updated with the new token.

  19. Click Next.

    The Setup is running page opens and shows the progress of each installation step.

  20. Once installation is complete, click Next.

  21. On the Wizard complete page, click Finish.

  22. Close the autorun program.

Related Topics

Installing and accessing HTML5 applications

To speed up initial installation, the Operations Support Web Portal is not installed automatically. If you want to provide the Operations Support Web Portal (or any other HTML application), you must follow these steps after installing the API Server.

To install and compile HTML applications

  1. Start the Designer.

  2. Connect to the relevant database.

  3. In the navigation, select Getting Started | Edit configuration parameters.

  4. On the Configuration parameters tab, enable the configuration parameter QBM | HtmlDevelopment | Compiler.

  5. Recompile the database.

    NOTE: Ensure that the workstation you are compiling on, can establish a connection to the website registry.npmjs.org:443.

To access all installed HTML5 applications

  • In a web browser, open the web address (URL) of your API server.

    All installed HTML5 applications are displayed.

Related Topics

Uninstalling the API Server

To uninstall a web application

  1. Launch autorun.exe from the root directory of the One Identity Manager installation medium.

  2. On the start page o the installation wizard:

    1. Select the Installation tab.

    2. Select Web-based components and click Install.

      Starts the Web Installer.

  3. On the Web Installer start page, click Uninstall a One Identity Manager web application and click Next.

  4. The Uninstall a One Identity Manager web application page displays all installed web applications.

    1. Select the web application you want to remove by double-clicking it.

      The icon is displayed in front of the application.

    2. In the Authentication method area, select an authentication method and enter the corresponding login data.

    3. To start uninstalling the web application(s), click Next.

    1. Confirm the security prompt with Yes.

  5. The uninstall progress is displayed on the Setup is running page.

  6. Once installation is complete, click Next.

  7. On the Wizard complete page, click Finish.

  8. Close the autorun program.

Related Topics
相关文档