NetIQ Identity Manager Setup Guide
- NetIQ Identity Manager Setup Guide
- Introduction
- Overview of the Components of Identity Manager
- Creating and Maintaining Your Identity Manager Environment
- Designer for Identity Manager
- Analyzer for Identity Manager
- Role Administration
- iManager
- Managing Data in the Identity Manager Environment
- Understanding Data Synchronization
- Understanding Auditing, Reporting, and Compliance
- Understanding the Components for Synchronizing Your Identity Data
- Provisioning Users for Secure Access
- Understanding the Attestation Process in Identity Manager
- Understanding the Self-Service Process in Identity Manager
- Understanding the Components for Managing User Provisioning
- Using Self-Service Password Management in Identity Manager
- Using Single Sign-on Access in Identity Manager
- Planning to Install Identity Manager
- Planning Overview
- Planning Checklist
- Understanding the Integrated and Standalone Installation Processes
- Recommended Installation Scenarios and Server Setup
- Understanding Licensing and Activation
- Understanding Identity Manager Communication
- Understanding Language Support
- Downloading the Installation Files
- Considerations and Prerequisites for Installation
- Ensuring High Availability for Identity Manager
- Minimum Space Requirement on Linux Servers
- Installing Identity Manager on SLES 12 SP1 or Later Servers
- Installing Identity Manager on RHEL 6.x or 7.x Servers
- Installing the Identity Vault
- Planning to Install the Identity Vault
- Checklist for Installing the Identity Vault
- Prerequisites and Considerations for Installing the Identity Vault
- Understanding Identity Manager Objects in eDirectory
- Replicating the Objects that Identity Manager Needs on the Server
- Using Scope Filtering to Manage Users on Different Servers
- Understanding the Linux Packages in the Identity Vault Installation Kit
- System Requirements for the Identity Vault
- Preparing to Install the Identity Vault
- Using Escape Characters when a Container Name Includes a Period (“.”)
- Using OpenSLP or hosts.nds for Resolving Tree Names
- Improving Identity Vault Performance
- Using IPv6 Addresses on the Identity Vault Server
- Using LDAP to Communicate with the Identity Vault
- Installing NICI Manually on Workstations that have Management Utilities
- Installing NMAS Client Software
- Working with eDirectory 9.0.2 or Later
- Installing the Identity Vault on a Linux Server
- Installing the Identity Vault as Root
- Installing the Identity Vault as a Non-root User
- Installing the Identity Vault on a Windows Server
- Using the Wizard to Install the Identity Vault on a Windows Server
- Silently Installing and Configuring the Identity Vault on a Windows Server
- Applying Hotfix 2 to the Identity Vault
- Prerequisites for Installing the Hotfix
- Installing the Hotfix as a Root User or an Administrator
- Installing the Hotfix as a Non-root User
- Configuring the Identity Vault after Installation
- Modifying the eDirectory Tree and Replica Server with the ndsconfig Utility
- Managing Instances with the ndsmanage Utility
- Installing and Managing Sentinel Log Management for Identity Governance and Administration
- Planning to Install Sentinel Log Management for IGA
- Checklist for Installing SLM for IGA
- Deciding When to Install SLM for IGA
- Understanding the Installation Process
- Prerequisites for Installing SLM for IGA
- System Requirements
- Installing SLM for IGA
- Performing an Interactive Installation
- Performing a Silent Installation
- Customizing your Configuration
- Installing the Identity Manager Engine, Drivers, and Plug-ins
- Planning to Install the Engine, Drivers, and Plug-ins
- Checklist for Installing the Identity Manager Engine, Drivers, and Plug-ins
- Understanding the Installation Program
- Prerequisites and Considerations for Installing the Identity Manager Engine
- System Requirements for the Identity Manager Engine
- Preparing to Install the Engine, Drivers, and Plug-ins
- Verifying Environment Variables (UNIX / Linux) for the Identity Manager Installation
- Stopping and Starting Identity Manager Drivers
- Installing the Engine, Drivers, and iManager Plug-ins
- Using the Wizard to Install the Components
- Performing a Silent Installation
- Installing on a Server with Multiple Instances of Identity Vault
- Completing a Non-root Installation
- Installing and Managing the Remote Loader
- Planning to Install the Remote Loader
- Checklist for Installing the Remote Loader
- Understanding the Remote Loader
- Understanding the Installation Program
- Using 32-bit and 64-bit Remote Loader on the Same Computer
- Prerequisites and Considerations for Installing the Remote Loader
- System Requirements for the Remote Loader
- Installing Remote Loader
- Using the Wizard to Install the Remote Loader
- Performing a Silent Installation of the Remote Loader
- Installing Java Remote Loader on Linux
- Installing Java Remote Loader on Windows
- Installing .NET Remote Loader on Windows
- Configuring the Remote Loader and Drivers
- Creating a Secure Connection to the Identity Manager Engine
- Understanding the Configuration Parameters for the Remote Loader
- Configuring the Remote Loader for Driver Instances on UNIX or Linux
- Configuring the Remote Loader for Driver Instances on Windows
- Configuring the Java Remote Loader for Driver Instances
- Configuring the .NET Remote Loader for Driver Instances on Windows
- Configuring Identity Manager Drivers to Work with the Remote Loader
- Configuring Mutual Authentication with the Identity Manager Engine
- Verifying the Configuration
- Starting and Stopping the Remote Loader
- Starting a Driver Instance in the Remote Loader
- Stopping a Driver Instance in the Remote Loader
- Installing iManager
- Planning to Install iManager
- Checklist for Installing iManager
- Understanding the Server and Client Versions of iManager
- Understanding Installation for iManager Plug-ins
- Prerequisites and Considerations for Installing iManager
- System Requirements for iManager Server
- System Requirements for iManager Workstation (Client Version)
- Installing iManager Server and Workstation
- Installing iManager and iManager Workstation on Linux
- Installing iManager and iManager Workstation on Windows
- Installing iManager Silently
- Post-Installation Tasks for iManager
- Replacing the Temporary Self-Signed Certificates for iManager
- Configuring iManager for IPv6 Addresses after Installation
- Specifying an Authorized User for eDirectory
- Installing Designer for Identity Manager
- Planning to Install Designer
- Checklist for Installing Designer
- Prerequisites for Installing Designer
- System Requirements for Designer
- Installing Designer
- Using the Installation Command on Linux
- Running the Windows Executable File
- Using the Silent Installation Process
- Modifying an Installation Path that Includes a Space Character
- Installing PostgreSQL and Tomcat for Identity Manager
- Planning to Install PostgreSQL and Tomcat
- Checklist for Installing Tomcat and PostgreSQL
- Understanding the Installation Process for PostgreSQL and Tomcat
- Prerequisites for Installing PostgreSQL
- Prerequisites for Installing Tomcat
- System Requirements for PostgreSQL
- System Requirements for Tomcat
- Installing PostgreSQL and Tomcat
- Using the Wizard to Install PostgreSQL and Tomcat
- Silently Installing Tomcat and PostgreSQL for Identity Manager
- Installing the Single Sign-on Component
- Planning to Install Single Sign-on for Identity Manager
- Checklist for Single Sign-on Component
- Prerequisites for Installing One SSO Provider
- System Requirements for One SSO Provider
- Using the Apache Log4j Service to Log Sign-on
- Installing Single Sign-on for Identity Manager
- Using the Wizard to Install One SSO Provider
- Silently Installing One SSO Provider
- Configuring Single Sign-on Access
- Installing the Password Management Component
- Planning to Install Password Management for Identity Manager
- Checklist for Installing Password Management Components
- Prerequisites for Installing Self Service Password Reset
- System Requirements for Self Service Password Reset
- Using the Apache Log4j Service for Password Event
- Installing Password Management for Identity Manager
- Using the Wizard to Install Self Service Password Request
- Silently Installing Self Service Password Reset
- Post-Installation Tasks
- Configuring OSP and SSPR for Clustering
- Installing the Identity Applications
- Planning to Install the Identity Applications
- Checklist for Installing the Identity Applications
- Understanding the Installation Files for the Identity Applications
- Prerequisites and Considerations for Installing the Identity Applications
- System Requirements for the Identity Applications
- Preparing the Identity Vault for the Identity Applications
- Adding the User Application Schema to your Audit Server as a Log Application
- Assign Rights to Identity Vault Administrator and User Application Administrator Account
- Configuring the Database for the Identity Applications
- Configuring an Oracle Database
- Configuring a PostgreSQL Database
- Configuring a SQL Server Database
- Preparing Your Environment for the Identity Applications
- Specifying a Location for the Permission Index
- Enabling the Permission Index for Clustering
- Preparing Your Application Server for the Identity Applications
- Preparing a Cluster for the Identity Applications
- Installing the Identity Applications
- Checklist for Installing the Identity Applications
- Using the Guided Process to Install the Identity Applications
- Silently Installing the Identity Applications
- Post-Installation Steps
- Disabling the Prevent HTML Framing Setting for Integrating Identity Manager with SSPR
- Starting the Identity Applications
- Creating and Deploying the Drivers for the Identity Applications
- Creating the User Application Driver
- Configuring the User Application Driver for Clustering
- Creating the Role and Resource Service Driver
- Deploying the Drivers for the User Application
- Completing the Installation of the Identity Applications
- Checking the Health of the Server in a Clustered Environment
- Manually Creating the Database Schema
- Recording the Master Key
- Configuring the Identity Vault for the Identity Applications
- Changing the Default Context Name for User Application
- Reconfiguring the WAR File for the Identity Applications
- Configuring Forgotten Password Management
- Configuring the Settings for the Identity Applications
- Running the Identity Applications Configuration Utility
- User Application Parameters
- Authentication Parameters
- SSO Clients Parameters
- Reporting Parameters
- Installing Identity Reporting
- Planning to Install Identity Reporting
- Checklist for Installing Identity Reporting
- Understanding the Installation Process for the Identity Reporting Components
- Prerequisites for Installing the Identity Reporting Components
- System Requirements for Identity Reporting
- Installing Identity Reporting
- Using the Guided Process to Install Identity Reporting
- Installing Identity Reporting Silently
- Manually Generating the Database Schema
- Connecting to a Remote PostgreSQL Database
- Configuring Identity Reporting
- Running Reports on an Oracle Database
- Deploying REST APIs for Identity Reporting
- Managing the Drivers for Reporting
- Configuring Drivers for Identity Reporting
- Deploying and Starting Drivers for Identity Reporting
- Configuring the Runtime Environment
- Setting Auditing Flags for the Drivers
- Installing Analyzer for Identity Manager
- Planning to Install Analyzer
- Checklist for Installing Analyzer
- Prerequisites for Installing Analyzer
- System Requirements for Installing Analyzer
- Installing Analyzer
- Using the Wizard to Install Analyzer
- Installing Analyzer Silently
- Adding XULrunner to Analyzer.ini on Linux Platforms
- Installing an Audit Client for Analyzer
- Configuring Single Sign-on Access in Identity Manager
- Preparing for Single Sign-on Access
- Using One SSO Provider for Single Sign-on Access in Identity Manager
- Preparing eDirectory for Single Sign-on Access
- Modifying the Basic Settings for Single Sign-on Access
- Configuring Self Service Password Reset to Trust OSP
- Using SAML Authentication with NetIQ Access Manager for Single Sign-on
- Understanding Third-Party Authentication and Single Sign-On
- Creating and Installing SSL Certificates
- Configuring Identity Manager to Trust Access Manager
- Configuring Access Manager to Work with Identity Manager
- Updating the Login Pages for Access Manager
- Using Kerberos for Single Sign-On
- Configuring the Kerberos User Account in Active Directory
- Configuring the Identity Applications Server
- Configure the End-User Browsers to Use Integrated Windows Authentication
- Verifying Single Sign-on Access for the Identity Applications
- Using SSL for Secure Communication
- Checklist for Ensuring SSL Connections
- Creating a Keystore and Certificate Signing Request
- Enabling SSL with a External CA Signed Certificate
- Enabling SSL with a Self-signed Certificate
- Enabling SSL Between Sentinel and Identity Manager Components
- Updating the SSL Settings for the Application Server
- Updating the SSL Settings in the Configuration Utility
- Updating the SSL Settings for Self Service Password Reset
- Post-Installation Tasks
- Configuring a Connected System
- Creating and Configuring a Driver Set
- Creating a Driver
- Defining Policies
- Managing Driver Activities
- Configuring Sentinel Log Management for IGA
- Activating Identity Manager
- Upgrading Identity Manager
- Preparing to Upgrade Identity Manager
- Checklist for Upgrading Identity Manager
- Understanding Upgrade and Migration
- Upgrade Order
- Supported Upgrade Paths
- Backing Up the Current Configuration
- Upgrading Identity Manager Components
- Upgrading Designer
- Upgrading iManager
- Upgrading the Remote Loader
- Upgrading the Identity Manager Engine
- Upgrading Identity Applications and Supporting Components
- Upgrading Identity Reporting
- Upgrading Analyzer
- Upgrading the Identity Manager Drivers
- Adding New Servers to the Driver Set
- Restoring Custom Policies and Rules to the Driver
- Switching from Advanced Edition to Standard Edition
- Applying a Software Update to Identity Manager Components
- Applying a Service Pack to Identity Manager Engine and Remote Loader
- Applying a Patch for an Identity Manager Driver
- Migrating Identity Manager Data to a New Installation
- Preparing to Migrate Identity Manager
- Checklist for Performing a Migration
- Stopping and Starting Identity Manager Drivers during Migration
- Migrating Identity Manager to a New Server
- Checklist for Migrating Identity Manager
- Preparing Your Designer Project for Migration
- Copying Server-specific Information for the Driver Set
- Migrating the Identity Manager Engine to a New Server
- Migrating the User Application Driver
- Migrating from Websphere or JBoss to Tomcat Web Application Server
- Upgrading the Identity Applications
- Completing the Migration of the Identity Applications
- Uninstalling Identity Manager Components
- Removing Objects from the Identity Vault
- Uninstalling the Identity Manager Engine
- Uninstalling the Remote Loader
- Uninstalling the Roles Based Provisioning Module
- Uninstalling the Identity Reporting
- Uninstalling eDirectory
- Uninstalling Analyzer
- Uninstalling iManager
- Uninstalling Designer
- Troubleshooting
- Troubleshooting the User Application and RBPM Installation
- Troubleshooting Uninstallation
- Troubleshooting Login
- Troubleshooting SSPR Page Request Error
- Troubleshooting an Issue When server.xml file Is Not Updated with a Non-Default Port Specified During Identity Reporting Installation
- Sample Identity Manager Cluster Deployment Solution on SLES
- Sample Cluster Deployment on SLES 12 SP1
- Sample Cluster Deployment on SLES 12 SP2
- Sample Identity Manager Cluster Deployment Solution on Windows
- Prerequisites
- Configuring NetIQ Identity Manager on eDirectory Cluster
- Clustering Remote Loader
- Sample Identity Applications Cluster Deployment Solution on Tomcat Application Server
- Prerequisites
- Installation Procedure
- Legal Notice