NetIQ recommends that you review the following prerequisites and considerations before starting the installation process.
When installing Identity Reporting, consider the following prerequisites and considerations:
Requires a supported and configured version of the following Identity Manager components:
Identity applications, including the User Application driver
Sentinel installed on a separate Linux computer.
Driver for Data Collection Service
Driver for the Managed System Gateway service
For more information about required versions and patches for these components, see the latest Release Notes. For more information about installing the drivers, see Section 44.0, Managing the Drivers for Reporting.
Ensure that the Identity Vault includes the SecretStore module, and that the module is configured. For more information, see Adding SecretStore to the Identity Vault Schema.
Do not install Identity Reporting on a server in a clustered environment.
(Conditional) To run reports against an Oracle 12c database, you must install the appropriate JDBC file. For more information, see Running Reports on an Oracle Database.
(Conditional) You can use your own Tomcat installation program instead of the one provided in the Identity Manager installation kit. However, to use the Apache Log4j service with your version of Tomcat, ensure that you have the appropriate files installed. For more information, see Using the Apache Log4j Service to Log Sign-on.
Assign the Report Administrator role to any users that you want to access reporting functionality.
Ensure that all servers in your Identity Manager environment are set to the same time. If you do not synchronize the time on your servers, some reports might be empty when executed. For example, this issue can affect data related to new users when the servers hosting the Identity Manager engine and the Warehouse have different time stamps. If you create and then modify a user, the reports are populated with data.
The installation process modifies JAVA_OPTs or CATALINA_OPTS entries for JRE mapping in the setenv.sh file for Tomcat.
By default, the convenience installer for Tomcat places the setenv.sh file in the /opt/netiq/idm/apps/tomcat/bin/ directory. The installer also configures the JRE location in the file.
(Optional) You can configure Identity Reporting to work with NetIQ Access Manager 4.0 using SAML 2.0 authentication. For more information, see Section 49.0, Using SAML Authentication with NetIQ Access Manager for Single Sign-on.
This section provides information on how to identify different audit events required for Identity Manager reports and custom reports. You can unzip all report sources and run the following script to identify the audit events:
find . -name *.jrxml -print0 |xargs -0 grep -H "'000[B3]" | perl -ne '($file) = /^\.\/(.*?)\//;@a = /000[3B]..../g; foreach $a (@a) { print "$file;$a\n"}' |sort -u
The following section provides information on how to identify and select various audit events for identity Manager reports and custom reports:
Event Name |
Audit Flag |
---|---|
Authentication and Password Change |
Selecting Audit Flag using SSPR: Launch SSPR Configuration Editor > Audit Configuration > Select from the following audit flags:
Selecting Audit Flag using iManager: Go to iManager Roles and Tasks > eDirectory Auditing > > Audit Configuration > Novell Audit > Select from the following audit flags:
|
All other reporting events |
Go to NetIQ Identity Manager UserApp > Administration > Logging > Enable audit service |