After installing Identity Reporting, you can modify many of the installation properties. To make changes, run the configuration update utility.
Linux: /opt/netiq/idm/apps/configupdate/configupdate.sh
Windows: C:\netiq\idm\apps\configupdate\configupdate.bat
If you change any setting for Identity Reporting with the configuration utility, you must restart the application server that hosts Identity Reporting for the changes to take effect. However, you do not need to restart the server after making changes in the web user interface for Identity Reporting.
For more information about installing this component, see Section 5.0, Installing Identity Reporting.
You can recreate the database tables after installation without having to reinstall.
Stop the application server, such as Tomcat. For more information, see Stopping, Starting, and Restarting Tomcat.
(Conditional) Delete the existing database.
(Conditional) Create a new database with the same name as the one that you deleted in Step 2.
(Conditional) Clear the database checksums.
Log in to your database as idm_rpt_cfg.
Execute the following command for PostgreSQL:
DO $do$ BEGIN IF EXISTS (select table_name from information_schema.tables where table_schema = 'public' and table_name = 'databasechangelog') THEN update databasechangelog set md5sum = null; END IF; END $do$
or
Execute the following command for Oracle:
BEGIN FOR i IN (select null from ALL_TABLES where OWNER = user and TABLE_NAME = 'DATABASECHANGELOG') LOOP EXECUTE IMMEDIATE 'update DATABASECHANGELOG set MD5SUM = NULL'; END LOOP; END;
or
Execute the following command for MSSQL:
IF EXISTS (SELECT * FROM INFORMATION_SCHEMA.TABLES WHERE TABLE_NAME = 'DATABASECHANGELOG') UPDATE idm_rpt_cfg.DATABASECHANGELOG SET MD5SUM = NULL
Define the JAVA_HOME variable. For example:
Linux: export JAVA_HOME=/opt/netiq/idm/apps/jre
Windows:
For instructions, see Add Paths to Zulu on Windows
.
Re-initialize the database using the installed script:
/opt/netiq/idm/apps/idrpt/bin/db-init.sh -password ***
/opt/netiq/idm/apps/idrpt/bin/db-init.sh -password *** -sql >
/opt/netiq/idm/apps/idrpt/sql/output.sql
Start the application server such as Tomcat. For more information, see Stopping, Starting, and Restarting Tomcat.
To access Identity Reporting you must assign the Report Administrator authorization and identify at least one data source. You assign the administrator authorization in Identity Governance. In general, your data source is the Identity Governance database.
To prepare Identity Reporting for daily use, complete the following activities:
You should also update to the latest version of the Identity Governance reports. For more information, see Using the Download Page
in NetIQ Identity Governance Identity Reporting Guide.
To verify installation and to initialize the Identity Reporting database, you must start the application server.
Log in to the application server that hosts Identity Reporting.
(Conditional) If this is the first time for starting Identity Reporting, complete the following steps:
Delete all files and folders in the following directories for your application server:
Linux: Temporary directory, located by default in
/opt/netiq/idm/apps/tomcat/temp
Catalina directory, located by default in /opt/netiq/idm/apps/tomcat/work/Catalina
Windows: Temporary directory, located by default in:
C:\netiq\idm\apps\tomcat\temp
Catalina directory, located by default in C:\netiq\idm\apps\tomcat\work\Catalina
Delete all log files from the logs directory of your application server, located by default in: .
Linux: /opt/netiq/idm/apps/tomcat/logs
Windows: C:\netiq\idm\apps\tomcat\logs
Start Tomcat. For examples, see Stopping, Starting, and Restarting Tomcat.
(Conditional) To observe the initialization process in Tomcat, enter the following command:
tail -f path_to_Tomcat_folder/logs/catalina.out
When the process completes, the file contains the following message:
Server startup in nnnn ms
To log in to Identity Reporting, you need an account with the Report Administrator authorization.
For more information, see Assigning the Report Administrator Authorization.
To log in to Identity Reporting, your account must have the Report Administrator authorization in Identity Governance.
Log in to Identity Governance as the Global Administrator.
Select Administration > Authorization Assignments.
Assign users or groups to the Report Administrator authorization.
Save the change.
Select Identity Manager System Connection Information.
For Identity Manager URL, specify the URL for Identity Reporting.
For example, http://myserver.mydomain.com:8080/IDMRPT.
Save the change, then refresh the browser to see the change.
As a Report Administrator, you can access Identity Reporting from the Identity Governance interface. You can also log in directly from the Identity Reporting URL. Only accounts with the Report Administrator authorization should be able to log in to Identity Reporting.
To verify that you can access Identity Reporting from Identity Governance, complete the following steps:
Log in to Identity Reporting, select Home in the upper right corner.
Select the Reporting module icon near your user name.
Verify that you are redirected to Identity Reporting.
To verify that other authorizations are denied access to Identity Reporting, complete the following steps:
Log in to Identity Governance, as a Global Administrator or Security Officer.
Remove the Report Administrator authorization from the account that successfully logged in to Identity Reporting.
Log in to Identity Reporting with that account, which no longer has the authorization.
You should attempt the log in from both Identity Governance and the reporting URL.
Verify you cannot access Identity Reporting.
You can also attempt to log in to Identity Reporting by using a Global Administrator or Security Officer account to verify that accounts with high-level privileges cannot access Identity Reporting without the Report Administrator authorization.
Identity Reporting runs reports against your connected data sources. Before you can run reports, you need to add the data sources.
NOTE:You must add the Identity Governance igops database as a data source in Identity Reporting.
Log in to Identity Reporting as the Report Administrator.
Select Data Sources.
Select Add.
Specify whether you want to select from the list of data sources or provide the details for the source.
(Conditional) If you selected Provide database details, specify the values for the data source. For example, database platform, the host name or IP address of the database server, and include the following settings:
Specifies the name of the database. For example, to add the Identity Governance database, specify igops for PostgreSQL and orcl or whatever name you gave the Oracle database.
Specifies an account that can access the tables and views in the database. For example, when adding the Identity Governance database, specify igrptuser.
(Optional) Test the connection to your data source.
Select Save.
Clean up the Tomcat folders as described in Step 2.
You might need to restart Tomcat.
Run a test report to verify functionality in Identity Reporting.
For more information about running reports, see [add xref to correct section in admin guide].
If you did not enable auditing for Identity Reporting during the installation, you must perform additional steps to enable auditing for Identity Reporting.
Stop the application server. For more information, see Stopping, Starting, and Restarting Tomcat.
Launch the configuration update utility:
Navigate to one of the following directories:
Linux: /opt/netiq/idm/apps/configupdate/configupdate.sh
Windows: C:\netiq\idm\apps\configupdate\configupdate.bat
Launch the configuration update utility:
Linux: ./configupdate.sh
Windows: configudate.bat
In GUI mode, click CEF Auditing > Auditing Settings, then click Send audit events.
In Console mode:
Enter the number for CEF Auditing. By default it is #4.
Enter the number for the Auditing settings. By default it is #1.
Enter number 1 to enable auditing.
Enter the destination host and port.
Enter the network protocol.
Enter whether to use TLS.
Enter the intermediate event store directory. This file location must exist.
Save and close the configuration update utility.
Edit the corresponding auditing file for Identity Reporting. For more information, see Enabling Auditing after the Installation.
Start the application server. For more information, see Stopping, Starting, and Restarting Tomcat.