Identity Governance provides additional features that increase the capabilities of Identity Governance. These features are Identity Reporting, Auditing, and email notifications. If you want this additional functionality, use the following information to prepare the server or servers to enable these features.
Identity Reporting is an optional feature for Identity Governance. The Identity Reporting installer is part of the Identity Governance installer. Depending on your environment, you can install Identity Reporting on the Identity Governance server or on a separate server. If you choose to install Identity Reporting on a separate server, you run the Identity Governance installation and select to only install Identity Reporting.
One of the first options the Identity Governance presents is whether you want to install Identity Governance, Identity Governance, and Identity Reporting, or only Identity Reporting. You must choose if you want to install Identity Reporting and how you want to install Identity Reporting before starting the Identity Governance installation. For more information, see Section 2.3, Recommended Production Environment Installation Scenarios.
Install Zulu OpenJDK. For more information, see Section 3.3, Installing Zulu OpenJDK.
Install Apache Tomcat. For more information, see Section 3.4, Installing the Apache Tomcat Application Server.
(Conditional) Configure Apache Tomcat for TLS/SSL communication if you choose to have secure communication between Identity Governance and Identity Reporting. For more information, see Section 3.8, Securing Connections with TLS/SSL.
The Identity Reporting installer prompts for the URL access information for the Identity Reporting server. You are asked for this information before you install Identity Reporting on the separate server. This is why you must have Zulu OpenJDK and Apache Tomcat installed on the separate server.
There are additional tasks you must perform on the separate server before starting the Identity Reporting installation. For more information, see Section 7.0, Installing Identity Reporting.
OSP, Identity Governance, and Identity Reporting provide CEF auditing files you can send to an audit server through syslog. The installers for OSP, Identity Governance, and Identity Reporting prompt you if you want to enable auditing. If you select to enable auditing, you must provide the DNS name and port to the audit server. The installers also prompt if you want to communicate securely.
You can enable auditing after the installation of OSP, Identity Governance, and Identity Reporting. If you have the audit server installed and configured for TLS/SSL communication before starting the installations, the installers prompt you for the connection information to the audit server and the installers can also import the certificates from the audit server to enable TLS/SSL. To enable auditing during the installations:
Install a supported audit server. For more information, see Section 2.4.5, Audit Server System Requirements.
(Conditional) Configure the audit server to communicate securely by enabling TLS/SSL on the audit server. For more information, see Section 3.8, Securing Connections with TLS/SSL.
To enable auditing after the installations complete, see Section 11.3, Enabling Auditing after the Installation.
Identity Governance can send email notifications to authorized users that must review and perform some action listed in the reports if you installed Identity Reporting. Identity Governance also sends out emails to alert you if something has happened to the system. To enable email notifications you must have an SMTP server installed and configured. To guarantee the delivery of the emails, you must install ActiveMQ on the server that runs Identity Governance.
The Identity Governance installer does not prompt for the SMTP server information. It adds default values that you can change through the Identity Governance Configuration Update utility. The Identity Reporting installer prompts you for the SMTP server information only if you select to install Identity Reporting. To configure the email notifications during the installation:
Install and configure an SMTP server.
Install ActiveMQ on the server that runs Identity Reporting.
(Conditional) Configure the SMTP server for secure communications over TLS/SSL. For more information, see Section 3.8, Securing Connections with TLS/SSL.
If only installing Identity Governance, the installer adds default values for the SMTP server that you change at a later time in the Identity Governance Configuration Update utility.
If you are installing Identity Governance and Identity Reporting, the installer prompts you for the SMTP server information during the Identity Reporting section.
To enable email notification after the installations complete, see Section 11.4, Enabling Email Notifications after the Installation.