This procedure describes how to install Identity Reporting for Identity Governance using an installation wizard, either in GUI format or from the console. To perform a silent, unattended installation, see Section 5.5, Installing Identity Reporting Silently.
To prepare for the installation, review the prerequisites and system requirements listed in Section 1.9.3, Identity Reporting Server System Requirements. Also see the Release Notes accompanying the release.
Log in as root on Linux server or an administrator on Windows server where you want to install Identity Reporting.
NOTE:Identity Reporting requires you to log in as root on Linux server or an administrator on Windows server to complete the installation successfully.
Stop Tomcat. For examples, see Stopping, Starting, and Restarting Tomcat.
From the directory that contains the installation files, complete one of the following actions:
NOTE:To execute the file, you might need to use the chmod +x or sh command for Linux or use Run as administrator if you did not log in to your Windows server as an administrator.
Linux: Use the following commands for Linux:
Console: Enter ./identity-governance-install-linux.bin -i console
GUI: Enter ./identity-governance-install-linux.bin
Windows: Use the following commands for Windows:
Console: Enter cmd /c "identity-governance-install-win.exe -i console"
GUI: Double-click identity-governance-install-win.exe
Accept the License Agreement, and then select Next.
Select the Identity Reporting install set.
To complete the guided process, specify values for the following parameters:
Select install location
Specifies the location for the installation files.
Tomcat installation
Represents the settings for the Tomcat installation that hosts Identity Governance. In a clustered environment, specify runtime values for each node where you install Identity Governance.
Specifies the path to the Tomcat installation. The installation process adds or modifies some files for Identity Reporting to this folder. For example:
Linux: /opt/apache-tomcat-x.x.xx
Windows: c:\path\to\tomcat-x.x.xx
Tomcat Java Home
Represents the path to the Java instance that Tomcat uses. For example:
Linux: /root/jdk1.x.x_xx
Windows: c:\path\to\jdk1.x.x.xx
Trust store details
Specifies the password for the trust store. The password must be 6 characters and must not contain spaces.
Authentication provider
Specifies the authentication service you are using, either OSP or Access Manager.
Application address
Represents the settings of the URL that users need to connect to Identity Governance or Identity Reporting. For example, https://myserver.mycompany.com:8443.
Specifies whether you want to use http or https. To use Secure Sockets Layer (SSL) for communications, specify https.
Do not use localhost.
In a non-clustered environment, specifies the DNS name or IP address of the server hosting Identity Governance.
In a clustered environment, specifies the DNS name of the server that hosts the load balancer that you want to use. For more information about installing in a clustered environment, see Section 1.7.5, Ensuring High Availability for Identity Governance.
Specifies the port that you want the server to use for communication with client computers. The default is 8080. To use SSL, the default is 8443.
When installing in a clustered environment, specify the port for the load balancer.
Select to use OSP as the authentication service. Do not select to use Access Manager as the authentication service.
The following apply only when using OSP as the authentication service.
Specifies whether you want to use http or https. To use Secure Sockets Layer (SSL) for communications, specify https.
In a non-clustered environment, specifies the DNS name or IP address of the authentication server. In a clustered environment, specifies the DNS name of the server that hosts the load balancer.
Specifies the port that you want the server to use for communication with client computers. The default is 8080. To use SSL, the default is 8443.
When installed in a clustered environment, specify the port for the load balancer.
The following apply only when using Access Manager as the authentication service.
In a non-clustered environment, specifies the DNS name or IP address of the authentication server. In a clustered environment, specifies the DNS name of the server that hosts the load balancer.
Specifies the port that you want the server to use for communication with client computers.
When installed in a clustered environment, specify the port for the load balancer.
In a non-clustered environment, specifies the DNS name or IP address of the Access Manager administration console. In a clustered environment, specifies the DNS name of the server that hosts the load balancer.
Specifies the port that you want the server to use for communication with the Access Manager administration console.
When installed in a clustered environment, specify the port for the load balancer.
Specifies the URL settings that connect to the Identity Governance client on the server that hosts Tomcat.
Specifies whether you want to use http or https. To use Secure Sockets Layer (SSL) for communications, specify https.
In a non-clustered environment, specifies the DNS name or IP address of the server hosting Identity Governance.
In a clustered environment, specifies the DNS name of the server that hosts the load balancer.
Specifies the port that you want the server to use for communication with client computers. The default is 8080. To use SSL, the default is 8443.
When installing in a clustered environment, specify the port for the load balancer.
Authentication details
Represents the requirements for connecting Identity Governance to the LDAP authentication server (for example, OSP or Access Manager) that contains the list of users who can log in to the application. For more information about the authentication server, see Section 1.2, Understanding Authentication for Identity Governance.
NOTE:In a clustered environment, specify the host and port for the load balancer’s server rather than the authentication server.
Change this only when you choose to connect to an external authentication server.
Specifies whether you want to use http or https when connecting with the external LDAP authentication server. To use Secure Sockets Layer (SSL) for communications, specify https.
Change this only when you choose to connect to an external authentication server.
Specifies the IP address or DNS host name of the LDAP authentication server or load balancer. Do not use localhost.
Change this only when you choose to connect to an external authentication server.
Specifies the port that you want the LDAP authentication server or load balancer to use for communication with Identity Governance.
Specifies the password that you want to create for Identity Governance to use when connecting to the LDAP authentication server. Also referred to as the client secret.
Database Type
Specifies the platform you want to use for the reporting database.
For more information about supported versions, see Section 1.9.2, Database Server System Requirements.
Database details
Represents the settings for the reporting database. For more information, see Section 1.3, Understanding the Identity Governance Databases.
To connect to an existing database instance, you must specify the name of the existing reporting database.
In a clustered environment, perform the configuration steps only on the primary node in the cluster. For more information about installing in a clustered environment, see Section 1.7.5, Ensuring High Availability for Identity Governance.
Specifies that you want to configure your new or existing database as part of the installation process.
NOTE:Ensure that you specified the correct name for the existing database.
Specifies that you want to generate the SQL scripts that the database administrator can run in your database platform to create the databases and other artifacts.
The installation process stores the scripts in the following directory:
Linux: /opt/netiq/idm/apps/idrpt/sql
Windows: c:\netiq\idm\apps\idrpt\sql
For more information about using the files, see Section 6.0, Completing the Installation Process.
Specifies that you do not want to configure a new or existing database.
Use this setting when you install Identity Reporting on a secondary node in the cluster. For more information, see Section 1.7.5, Ensuring High Availability for Identity Governance.
Specifies the DNS name or the IP address of the server that hosts the Identity Reporting database.
Specifies the port of the server that hosts the Identity Reporting database. The default values are 1433 for MS SQL Server, 1521 for Oracle and 5432 for PostgreSQL.
Applies only when using an MS SQL Server database
Specifies the path to the JAR file for the MS SQL Server JDBC driver. Microsoft provides this file.
Applies only when using an Oracle database
Specifies the path to the JAR file for the Oracle JDBC driver. For example:
Linux: opt/oracle/ojdbc8.jar
Windows: c:\ProgramFiles\Oracle\ojbc8.jar
Oracle provides the driver JAR file, which represents the Thin Client JAR for the database server.
Applies only when using an Oracle database
Specifies the name of the database to which you want to add the Identity Governance databases. For example, Orclidentity.
Applies only when using an Oracle database
Specifies the name of the database storage unit for storing the schema for the Identity Reporting database. The default is USERS.
Applies only when using an Oracle database
Specifies the name of the temporary database storage unit for storing the schema. The default is TEMP.
Specifies the account for a database administrator that the installation process can use to configure the databases for Identity Governance.
WARNING:Do not use the default database administrator account (idmadmin) if that account was created when you installed PostgreSQL and Tomcat.
Specifies the password for the database administrator.
Checks that the installation program can connect to the Identity Reporting database.
Does not apply when using an Oracle database
Specifies the name of the Identity Reporting database. The default name is igrpt.
Specifies the password for the reporting database user, idm_rpt_cfg.
Applies only when you choose to configure the database during the installation.
Specifies whether you want to have the installation process migrate or create new databases or use existing, empty databases. Select Update if you are installing or upgrading Identity Reporting.
NOTE:To use existing databases, the installation program drops known tables and views within each schema and then adds the needed tables and views that it needs for the current version.
Report default language
Specifies the language that you want to use for Identity Reporting.
Specifies the locale. Default selection is English.
Report email delivery
Represents the settings for the SMTP server that sends report notifications. To modify these settings after installation, use the configuration utility for Identity Governance.
Specifies the email address that you want Identity Reporting to use as the origin for email notifications.
Specifies the IP address or DNS name of the SMTP email host that Identity Reporting uses for notifications. Do not use localhost.
Specifies the port number for the SMTP server. The default value is 465.
Specifies whether you want to use SSL protocol for communication with the SMTP server.
Specifies whether you want to use authentication for communication with the SMTP server.
If you select this setting, also specify the credentials for the email server.
Applies only when you select Requires server authentication.
Specifies the name of a login account for the SMTP server.
Applies only when you select Requires server authentication.
Specifies the password of a login account for the SMTP server.
Report retention details
Represents the settings for maintaining completed reports.
Specifies the amount of time that Identity Reporting will retain completed reports before deleting them. For example, to specify six months, enter 6 and then select Month.
Specifies a path where you want to store the report definitions. For example:
Linux: /opt/netiq/IdentityReporting
Windows: c:\netiq\IdentityReporting
Identity Audit
Represents the settings for collecting auditing events that occur in the Identity Reporting server. For more information, see Enabling Auditing.
Specifies whether you want to send Identity Reporting log events to an auditing server.
If you select this setting, also specify the audit server details.
Applies only when you enable identity auditing.
Specifies the IP address or DNS name of the audit server.
Applies only when you enable identity auditing.
Specifies the port to use for sending log events to the audit server.
Applies only when you enable identity auditing.
Specifies the location of the cache directory on the Identity Governance server that you want to use to store log events. For example:
Linux: /opt/netiq/idm/apps/audit
Windows: C:\netiq\idm\apps\audit
Applies only when you enable identity auditing.
Specifies whether to use TLS (TCP using SSL). If not selected, events are sent using TCP.
Applies only when you want to use TLS for audit events.
Specifies whether to attempt to connect to the audit server and trust the retrieved certificate within a temporary trust store file. The actual trust occurs immediately before the summary pages display.
NOTE:Attempting a TLS connection on a TCP port results in a timeout after 5 seconds. Be sure to specify a secure audit port if you select to use TLS.
Review the pre-installation summary.
(Conditional) Stop Tomcat if it is still running. For examples, see Stopping, Starting, and Restarting Tomcat.
(Conditional) If prompted, accept or reject any untrusted certificates and acknowledge any errors.
The installer checks to see if you specified SSL for LDAP or audit. If so, the installer creates the trust store and attempts to retrieve the certificates. Untrusted certificates result in a prompt to accept or reject each certificate chain, with tabs showing extra certificates in the chain. The installer adds accepted certificates to the trust store.
The installer displays errors in the following conditions:
A single warning about potential future failures for all rejected certificates
A single warning for any errors when connecting to the secured servers
Start the installation process.
When the installation process completes, select Done.
Continue to Section 6.0, Completing the Installation Process.
NOTE:Do not start Tomcat.