This section describes the process for installing Identity Reporting if you did not install it when you installed Identity Governance.
This procedure describes how to install Identity Reporting for Identity Governance using an installation wizard, either in GUI format or from the console. To perform a silent, unattended installation, see Installing Identity Reporting Silently.
To prepare for the installation, review the prerequisites and system requirements listed in Identity Reporting Server System Requirements. Also see the Release Notes accompanying the release.
Log in as root on Linux server or an administrator on Windows server where you want to install Identity Reporting.
NOTE:Identity Reporting requires you to log in as root on Linux server or an administrator on Windows server to complete the installation successfully.
Stop Tomcat. For examples, see Stopping, Starting, and Restarting Tomcat.
From the directory that contains the installation files, complete one of the following actions:
NOTE:To execute the file, you might need to use the chmod +x or sh command for Linux or log in to your Windows server as an administrator.
Linux: Use the following commands for Linux:
Console: Enter ./identity-governance-install-linux.bin -i console
GUI: Enter ./identity-governance-install-linux.bin
Windows: Use the following commands for Windows:
Console: Enter cmd /c "identity-governance-install-win.exe -i console"
GUI: Double-click identity-governance-install-win.exe
Accept the License Agreement, and then select Next.
Select the Identity Reporting install set.
To complete the guided process, specify values for the following parameters:
Select install location
Specifies the location for the installation files.
Tomcat installation
Represents the settings for the Tomcat installation that hosts Identity Governance. In a clustered environment, specify runtime values for each node where you install Identity Governance.
Specifies the path to the Tomcat installation. The installation process adds or modifies some files for Identity Governance to this folder. For example:
Linux: /opt/apache-tomcat-x.x.xx
Windows: c:\path\to\tomcat-x.x.xx
Specifies the DNS name or IP address for the Tomcat installation.
Specifies the port that Tomcat uses to listen for communication from Identity Governance or the load balancers.
In a non-clustered environment, you can specify the local server name.
In clustered environment, specifies the unique name for the current node. For example, node1 or ProdNode1. Do not use the server’s name, which might change according to a DHCP assignment.
Tomcat Java Home
Represents the path to the Oracle Java instance that Tomcat uses. The installation process adds some files for Identity Governance to the Tomcat home folder. For example:
Linux: /root/jdk1.x.x_xx
Windows: c:\path\to\jdk1.x.x.xx
Application address
Represents the settings of the URL that users need to connect to Identity Reporting on the application server. For example, https://myserver.mycompany.com:8443.
NOTE:If OSP runs on a different instance of the application server, you must also select Connect to an external authentication server and specify values for the OSP server.
Specifies whether you want to use http or https. To use SSL for communication, specify https.
Specifies the DNS name or IP address of the application server. Do not use localhost.
Specifies the port that you want the application server to use for communication with Identity Governance.
Specifies whether a different instance of the application server that hosts the authentication server (OSP). The authentication server contains the list of users who can log in to Identity Reporting.
If you select this setting, also specify values for the authentication server’s Protocol, Host name, and Port.
Application address
Applies only when the Identity Governance server location is unknown.
Represents the settings of the URL that users need to connect to the Identity Governance. For example, https://myserver.mycompany.com:8443.
Specifies whether you want to use http or https. To use Secure Sockets Layer (SSL) for communications, specify https.
Do not use localhost.
In a non-clustered environment, specifies the DNS name or IP address of the server hosting Identity Governance.
In a clustered environment, specifies the DNS name of the server that hosts the load balancer that you want to use. For more information about installing in a clustered environment, see Ensuring High Availability for Identity Governance.
Specifies the port that you want the server to use for communication with client computers. The default is 8080. To use SSL, the default is 8443.
When installing in a clustered environment, specify the port for the load balancer.
Authentication details
Represents the requirements for connecting Identity Governance to the LDAP authentication server (for example, OSP) that contains the list of users who can log in to the application. For more information about the authentication server, see Understanding Authentication for Identity Governance.
NOTE:In a clustered environment where the osp.war file resides behind the load balancer, specify the host and port for the load balancer’s server rather than the authentication server.
Specifies the password that you want to create for Identity Governance to use when connecting to the LDAP authentication server. Also referred to as the client secret.
Change this only when you choose to connect to an external authentication server.
Specifies whether you want to use http or https when connecting with the external LDAP authentication server. To use Secure Sockets Layer (SSL) for communications, specify https.
Change this only when you choose to connect to an external authentication server.
Specifies the IP address or DNS host name of the LDAP authentication server or load balancer. Do not use localhost.
Change this only when you choose to connect to an external authentication server.
Specifies the port that you want the LDAP authentication server or load balancer to use for communication with Identity Governance.
Database Type
Specifies the platform you want to use for the Identity Governance and reporting databases.
For more information about supported versions, see Database Server System Requirements.
Database details
Represents the settings for the Identity Governance and reporting databases. For more information, see Understanding the Identity Governance and Reporting Databases.
To connect to an existing database instance, you must specify the names of the existing databases to match with the operations, data collection, workflow, and analytics databases.
In a clustered environment, perform the configuration steps only on the primary node in the cluster. For more information about installing in a clustered environment, see Ensuring High Availability for Identity Governance.
Specifies that you want to configure your new or existing databases as part of the installation process.
NOTE:Ensure that you specified the correct names for the existing databases.
Specifies that you want to generate the SQL scripts that the database administrator can run in your database platform to create the databases and other artifacts.
The installation process stores the scripts in the following directory:
Linux: /opt/netiq/idm/apps/idgov/sql
Windows: c:\netiq\idm\apps\idgov\sql
If you are installing Identity Reporting at this time, the installation process stores the scripts in the following directory:
Linux: /opt/netiq/idm/apps/idrpt/sql
Windows: c:\netiq\idm\apps\idrpt\sql
For more information about using the files, see Section 7.0, Completing the Installation Process.
Specifies that you do not want to configure a new or existing database.
Use this setting when you install Identity Governance on a secondary node in the cluster. For more information, see Ensuring High Availability for Identity Governance.
Specifies the DNS name or the IP address of the server that hosts the Identity Governance databases.
Specifies the port of the server that hosts the Identity Governance databases. The default values are 1433 for MS SQL Server, 1521 for Oracle and 5432 for PostgreSQL.
Applies only when using an MS SQL Server database
Specifies the path to the JAR file for the MS SQL Server JDBC driver. Microsoft provides this file.
Applies only when using an Oracle database
Specifies the path to the JAR file for the Oracle JDBC driver. For example: /.
Linux: opt/oracle/ojdbc7.jar
Windows: c:\ProgramFiles\Oracle\ojbc7.jar
Oracle provides the driver JAR file, which represents the Thin Client JAR for the database server.
Applies only when using an Oracle database
Specifies the name of the database to which you want to add the Identity Governance databases. For example, Orclidentitygovernance.
Applies only when using an Oracle database
Specifies the name of the database storage unit for storing the schema for the Identity Governance databases. The default is USERS.
Applies only when using an Oracle database
Specifies the name of the temporary database storage unit for storing the schema. The default is TEMP.
Specifies the name of the database that stores operations data for Identity Governance. The default value is igops.
NOTE:If you created a blank database for the operations data, ensure that you specify the exact name of the existing, empty database.
Specifies the name of the database that stores data collection information for Identity Governance. The default value is igdcs.
NOTE:If you created a blank database for the data collection information, ensure that you specify the exact name of the existing, empty database.
Specifies the name of the database that stores workflow information for Identity Governance. The default value is igwf.
NOTE:If you created a blank database for the workflow data, ensure that you specify the exact name of the existing, empty database.
Specifies the name of the database that stores analytics information for Identity Governance. The default value is igara.
NOTE:If you created a blank database for the analytics data, ensure that you specify the exact name of the existing, empty database.
Specifies the password for the database account administrator that can create database tables, views, and other artifacts in the Identity Governance databases.
Specifies the account for a database user that has rights to the views related to reporting for Identity Governance. The default value is igrptuser.
The installation process creates this account if you select Configure database now and Update (rather than Use only existing).
Specifies the password for the reporting administrator.
Specifies the account for a database administrator that the installation process can use to configure the databases for Identity Governance.
WARNING:Do not use the default database administrator account (idmadmin) if that account was created when you installed PostgreSQL and Tomcat.
Specifies the password for the database administrator.
Applies only when you choose to configure the database during the installation.
Specifies whether you want to have the installation process migrate or create new databases or use existing, empty databases. Select Update if you are installing or upgrading Identity Governance.
NOTE:To use existing databases, the installation program drops known tables and views within each schema and then adds the needed tables and views that it needs for the current version.
Report default language
Specifies the language that you want to use for Identity Reporting.
Specifies the locale. Default selection is English.
Report email delivery
Represents the settings for the SMTP server that sends report notifications. To modify these settings after installation, use the configuration utility for Identity Governance.
Specifies the email address that you want Identity Reporting to use as the origin for email notifications.
Specifies the IP address or DNS name of the SMTP email host that Identity Reporting uses for notifications. Do not use localhost.
Specifies the port number for the SMTP server. The default value is 465.
Specifies whether you want to use SSL protocol for communication with the SMTP server.
Specifies whether you want to use authentication for communication with the SMTP server.
If you select this setting, also specify the credentials for the email server.
Applies only when you select Requires server authentication.
Specifies the name of a login account for the SMTP server.
Applies only when you select Requires server authentication.
Specifies the password of a login account for the SMTP server.
Report retention details
Represents the settings for maintaining completed reports.
Specifies the amount of time that Identity Reporting will retain completed reports before deleting them. For example, to specify six months, enter 6 and then select Month.
Specifies a path where you want to store the report definitions. For example:
Linux: /opt/netiq/IdentityReporting
Windows: c:\netiq\IdentityReporting
Identity Audit
Represents the settings for collecting auditing events that occur in the Identity Governance server. For more information, see Enabling Auditing.
Specifies whether you want to send Identity Governance log events to an auditing server.
If you select this setting, also specify the audit server details.
Applies only when you enable identity auditing.
Specifies the IP address or DNS name of the audit server.
Applies only when you enable identity auditing.
Specifies the port to use for sending log events to the audit server.
Applies only when you enable identity auditing.
Specifies the location of the cache directory on the Identity Governance server that you want to use to store log events. For example:
Linux: /opt/netiq/idm/apps/audit
Windows: C:\netiq\idm\apps\audit
Applies only when you enable identity auditing.
Specifies whether to use TLS (TCP using SSL). If not selected, events are sent using TCP.
Applies only when you want to use TLS for audit events.
Specifies the path to the keystore file location for trusting the audit server certificate. For example:
Linux: /opt/netiq/idm/apps/jre/lib/security/cacerts
Windows: C:\netiq\idm\apps\jre\lib\security\cacerts
Applies only when you want to use TLS for audit events.
Specifies the password for the trust store file.
Applies only when you want to use TLS for audit events.
Specifies whether to attempt to connect to the audit server and trust the retrieved certificate within a copy of the trust store file. The actual trust occurs during the installation process.
NOTE:Attempting a TLS connection on a TCP port results in a timeout after 5 seconds. Be sure to specify a secure audit port if you select to use TLS.
Review the information in the Pre-Installation Summary window, and then select Install.
When the installation process completes, continue to Section 7.0, Completing the Installation Process.
A silent (non-interactive) installation does not display a user interface or ask the user any questions. Instead, the system uses information from a silent properties file. You can run the silent installation after editing the file to customize the installation process for your environment. To perform a guided installation, see Using the Guided Process to Install Identity Reporting.
To prepare for the installation, review the prerequisites and system requirements listed in Identity Reporting Server System Requirements. Also see the Release Notes accompanying the release.
Log in as root on Linux server or an administrator on Windows server where you want to install Identity Reporting.
(Conditional) To avoid specifying passwords for the installation in the silent properties file for a silent installation, use the export or set command. For example:
export install_db_reporting_secret=myPassWord
The silent installation process reads the passwords from the environment, rather than from the silent properties file.
Specify the following passwords:
The installation program creates the user idm_rpt_cfg for the reporting schema.
The following are the default administrators installed with your database:
MS SQL Server: sa
Oracle: SYSTEM
PostgreSQL: postgres
Specify the password for the administrator for the reporting database.
Specify the password for idm_rtp_cfg which is used internally to support report administration during runtime.
(Conditional) To use authentication for email communications, specify the password for the default SMTP email user.
Specify the client ID password for authenticating using OSP.
(Conditional) Applies only when you are using secure communications.
Specify the password for the trust store.
To specify the installation parameters, complete the following steps:
Locate the sample identity-governance-install-silent.properties silent properties file, by default in the same directory as the installation scripts for Identity Governance.
In a text editor, open the silent properties file.
Specify the parameter values. For a description of the parameters, see Step 6.
Save and close the file.
Stop the application server, such as Tomcat. For examples, see Stopping, Starting, and Restarting Tomcat.
To launch the installation process, enter the following command:
Linux: ./identity-governance-install-linux.bin -i silent -f path_to_silent_properties_file
Windows: From a command line enter: identity-governance-install-win.exe -i silent -f path_to_silent_properties_file
NOTE:If the silent properties file resides in a different directory from the installation script, you must specify the full path to the file. The script unpacks the necessary files to a temporary directory and then launches the silent installation.
When the installation process completes, continue to Section 7.0, Completing the Installation Process.