立即与支持人员聊天
与支持团队交流

Identity Manager 9.2 - Installation Guide

About this guide One Identity Manager overview Installation prerequisites Installing One Identity Manager Installing and configuring the One Identity Manager Service Automatic updating of One Identity Manager Updating One Identity Manager Installing additional modules for a existing One Identity Manager installation Installing and updating an application server Installing the API Server Installing, configuring, and maintaining the Web Designer Web Portal Installing and updating the Manager web application Logging in to One Identity Manager tools Troubleshooting Advanced configuration of the Manager web application Machine roles and installation packages Configuration parameters for the email notification system How to configure the One Identity Manager database using SQL Server AlwaysOn availability groups

One Identity Manager tools

Different tools are provided for different tasks. For example, the tool used to manage identities differs from the configuration tool. The content displayed and its editability are dependent on the permissions of the logged in user.

Table 1: Overview of One Identity Manager tools
Tool Short description

Launchpad

The Launchpad is the central tool for starting One Identity Manager administration tools and configuration tools. You can use the Launchpad to check the existing One Identity Manager installation and start One Identity Manager tools to run individual tasks.

The Launchpad can be customized. In the Designer, you can define your own menu items and actions for the Launchpad.

Web Portal

The Web Portal is a web-based application for all One Identity Manager users. The Web Portal provides stringent workflows for the following actions:

  • Changing your own main data and password.

  • Editing or entering identity main data of direct reports.

  • Searching, requesting, canceling, or renewing products in the IT Shop.

  • Delegating own roles.

  • Editing assigned approvals, attestation cases, and rule violations.

In the information system, you may see several evaluations, for example, about your own requests and attestation cases, employee numbers, approvals, rule violations, or the Unified Namespace.

The Web Portal is made available over the API Server. Through a web browser, users can access the website that has been dynamically set up and customized for them.

The Web Designer Web Portal is deployed for compatibility reasons. The Web Designer Web Portal requires a web server.

Password Reset Portal

The Password Reset Portal allows users to securely reset passwords of the user accounts they manage.

The Password Reset Portal is made available over the API Server. The necessary security is guaranteed by multi-factor authentication.

Operations Support Web Portal

The Operations Support Web Portal helps you to manage and use your web applications. You can use the Operations Support Web Portal to monitor the handling of processes and DBQueue tasks. You can also create passcodes for your colleagues.

The Operations Support Web Portal is made available over the API Server.

Manager

The Manager is the main administration tool for setting up all identity data. It displays and maintains all the data required for the administration of identities, their user accounts, permissions, and company-specific roles in a One Identity Manager network. Company resources required to carry out tasks can be configured and assigned to identities.

You can also use the Manager to:

  • Define custom IT policies.

  • Set up an IT Shop from which company resources and assignments can be requested.

  • Set up special approval processes for authorizing requests and checking compliance to IT policy.

  • Set up attestation procedures for regularly testing the correctness of data about identities or roles and their assignments.

By implementing One Identity Manager application roles, every One Identity Manager user obtains only those permissions they require to fulfill necessary administrative duties.

Manager functionality can be provided by web applications.

Synchronization Editor

You use the Synchronization Editor to connect different target systems to One Identity Manager. Use this tool to configure data synchronization for any target system and specify which target system data is mapped to the One Identity Manager database. You also define the object properties mapping and the synchronization sequence as a workflow.

Analyzer

Use the Analyzer to automatically detect and analyze data correlations in the database. This information can be used to replace, for example, direct permissions assignments with indirect assignments, therefore reducing the administration effort.

Job Queue Info

The Job Queue Info helps you check the current status of the services running in a One Identity Manager network. It displays, in a detailed and comprehensive manner, the tasks in the Job queue and the different One Identity Manager Service requests on the servers. The tool provides on-the-fly status information and makes fast error detection possible.

Configuration Wizard

The Configuration Wizard is used to set up the database on a SQL Server for use in a One Identity Manager network. All the One Identity Manager schema tables, data types, and database procedures are loaded into the database with the Configuration Wizard. SQL Server logins and database users are created with permissions for the One Identity Manager schema.

Automatic version control is integrated into One Identity Manager, ensuring that One Identity Manager components are always consistent with each other and with the database. If program updates are implemented that change the structure (for example, table extensions), database migration is then necessary. The Configuration Wizard runs this schema installation depending on the current status of the schema.

Designer

The Designer is the main tool for configuring One Identity Manager. The program offers an overview of the entire One Identity Manager data model. It enables the configuration of global system settings, for example, language, or configuration parameters, as well as customizing the user interface for the various administration tools. You use the Designer to specify permissions for the different administrative tasks of individual users and user groups. Another important task is the definition of workflows for technically illustrating the administration procedures in a company. The Designer provides various editors for the One Identity Manager system configuration. The range of functions and the operating methods of the editors are tailored to the differing configuration requirements.

Web Designer

Use the Web Designer to configure and extend the Web Designer Web Portal. It includes functions for adapting Web Designer Web Portal workflows and developing new workflows.

Data Import

With the Data Import program, One Identity Manager offers a simple way to import data from other systems. Use this program if you want to import company resource data from external sources into your database. The program supports importing from files and importing directly from other database systems. You can import data immediately. You also have the option to import data from customized processes using the import scripts that are created. The import definition is saved so that you can use it for future data imports.

Crypto Configuration

In certain circumstances it is necessary store encrypted information in the database. Use the Crypto Configuration program to carry out encryption. This program creates a code file and converts the contents of the affected database column. The coded information is stored in the database.

Database Compiler

You must compile the One Identity Manager database after making changes to configuration data. After a migration package or full custom configuration package is imported, database compiling begins immediately from the Configuration Wizard or Database Transporter.

The Database Compiler compiles the One Identity Manager database after you import hotfixes or when changes have been made to processes, scripts, formatting rules, object definitions, task definitions, or preprocessor-relevant configuration parameters.

Report Editor

With the Report Editor, you can group One Identity Manager object data together into reports. You can group, accumulate, and graphically represent this data. Predefined reports are supplied though migration but you can also create your own reports with the Report Editor.

Schema Extension

The Schema Extension is implemented to extend the One Identity Manager schema by custom tables and columns. Using the object technology in One Identity Manager, you can customize the application data model at database level so that the extensions are available with full functionality at object level.

System Debugger

The System Debugger allows you to process and test scripts. Existing scripts in your One Identity Manager database are imported into a Visual Studio script library. There, you can edit and test the scripts. Subsequently, you decide whether your changes should be transferred to the One Identity Manager database.

Database Transporter

The Database Transporter transfers objects and custom changes as well as custom database procedures, triggers, functions, and sets from the One Identity Manager database (source) to another One Identity Manager database (target).

Job Service Configuration

Use the Job Service Configuration to create and customize the configuration file for the One Identity Manager Service. The One Identity Manager Service and its plug-ins are configured with this file. The configuration file is necessary both for One Identity Manager Service on a Windows based operating system and also for the Linux daemon.

License Meter

Using the License Meter, you can track and maintain the licenses in your One Identity Manager database. The wizard creates a report with license-relevant information.

Software Loader

Use the Software Loader to load new or modified files, for example custom form archives, in the One Identity Manager database in order to distribute them to One Identity Manager network workstations and Job servers using automatic software updating.

Server Installer

Use the Server Installer to install and configure the One Identity Manager Service. Use the Server Installer to install the One Identity Manager Service locally or remotely.

API Server

The API Server deploys the Web Portal, the Password Reset Portal as well as the Operations Support Web Portal and your HTML5 web applications. It also provides an API.

Related topics

Which components and front-ends work with an application server?

The following list shows you which One Identity Manager components work against an application server. Some front-ends have only limited functionality to work with an application server.

Table 2: One Identity Manager components and application servers
Component Connection through application server? Restrictions

Launchpad

Yes

Certain application, which you can start from the Launchpad, require a direct connection to the database.

Web Portal

Yes

 

Password Reset Portal

Yes

 

Operations Support Web Portal

Yes

 

Manager

Yes

The consistency check is not supported.

Compliance rule simulation is not supported.

Some forms are not supported.

Manager web application

Yes

Some forms are not supported.

Synchronization Editor

Yes

 

Analyzer

Yes

 

Job Queue Info

No

 

Configuration Wizard

No

 

Designer

Yes

The consistency check is not supported.

Process simulation is not supported.

Database compilation is not supported.

Web Designer

Yes

 

Data Import

Yes

 

Crypto Configuration

No

 

Database Compiler

No

 

Report Editor

Yes

SQL query testing is not supported.

Schema Extension

No

 

System Debugger

No

Database Transporter

No

 

License Meter

Yes

 

Software Loader

Yes

 

One Identity Manager Service

Yes

 

Server Installer

Yes

 

API Server

Yes

 

Database Agent Service

No

Installation prerequisites

The following installation prerequisites represent only the minimum requirements for installing and unlimited operation of One Identity Manager. These prerequisites can be used as a starting point for other planning, depending on the size of the project and which business processes and business transactions are supported. Determining hardware capacities and any further development is part of project planning and dependent on the Identity Management project specification. Particular attention must be paid to I/O performance (in throughput and latency) and in SAN environments in particular, a targeted performance analysis of the specify infrastructure is recommended before implementation.

Every One Identity Manager installation can be virtualized. Ensure that performance and resources are available to the respective One Identity Manager component according to system requirements. Ideally, resource assignments for the database server are fixed. Virtualization of a One Identity Manager installation should only be attempted by experts with strong knowledge of virtualization techniques. For more information about virtual environments, see Product Support Policies.

NOTE: Other system requirements for individual One Identity Manager models are listed in the corresponding documentation for those specific modules.

Detailed information about this topic

Supported database systems

One Identity Manager supports the following database systems:

  • SQL Server

  • Managed instances in Azure SQL Database

  • Azure SQL Database

  • Amazon Relational Database Service (Amazon RDS)

Detailed information about this topic
相关文档

The document was helpful.

选择评级

I easily found the information I needed.

选择评级