This document provides guidelines to install and configure Identity Manager 4.8 Standard Edition, and upgrade to this version.
Identity Manager 4.8 Standard Edition provides the following features:
Rule-based automated provisioning
Password management (Self-Service Password Reset)
Identity Reporting
Content packaging framework
Single sign-on (One SSO)
Analyzer
Designer
For installing, configuring, or upgrading Identity Manager Standard Edition, see the setup guide for your platform:
IMPORTANT:Identity Manager 4.8 Advanced and Standard Editions are available in the same ISO file. The integration modules continue to remain the same for both editions.
For information about new features, enhancements, and features that have changed or are no longer supported in this version, see NetIQ Identity Manager 4.8 Release Notes.
Download the software from the Product Web site. The Identity_Manager_4.8_Linux.iso file contains the DVD image for installing the Identity Manager components on Linux.
The installation script is located in the directory where you have mounted the installation package. For information about the default installation locations, see NetIQ Identity Manager 4.8 Release Notes.
Table 1 Checklist for Identity Manager Standard Edition Installation on Linux
Task |
Notes |
---|---|
|
|
|
See Planning to Install Identity Manager in the NetIQ Identity Manager Setup Guide for Linux. |
|
Ensure that you install the components in the following order because the installation programs for some components require information about previously installed components.
|
|
If you need audit-based reports, configure the Data Synchronization Policy in the Identity Manager Data Collection Services page to forward events to the reporting database. For installation instructions, see Installing Sentinel Log Management for Identity Governance and Administration in the NetIQ Identity Manager Setup Guide for Linux. |
|
From the mount directory of the .iso file, run the following command to install Identity Manager server and Identity Reporting components: ./install.sh For more information on the installation steps, see one of the following resources in the NetIQ Identity Manager Setup Guide for Linux. Identity Manager provides a separate installation program for installing SSPR. For installation instructions, see Installing SSPR or see Performing a Silent Installation of SSPR in the NetIQ Identity Manager Setup Guide for Linux. NOTE:If you are installing Identity Reporting on a computer that has iManager installed, do not use port 8080 for Tomcat. If other ports are already in use, change them during installation. The Identity Reporting installation process installs the authentication service for reporting. It also deploys the rptdoc.war and dcsdoc.war that contains the documentation of REST services needed for reporting. These .war files are automatically deployed on your application sever when Identity Reporting is installed. NOTE:You must import the report definitions into Identity Reporting. To download them, use the Download page within the Reporting application. |
|
Configure Identity Manager server components and Identity Reporting components by running configure.sh, located in the mount directory of the .iso file. Before beginning the configuration process for all components, review the configuration options from Understanding the Configuration Parameters in the NetIQ Identity Manager Setup Guide for Linux. For configuring SSPR, see Configuring SSPR in the NetIQ Identity Manager Setup Guide for Linux. After you have configured the Identity Reporting component, assign the Report Administrator role to a user that you want to access reporting functionality. For more information, see Creating and Assigning rptadmin Role to a User. |
|
From the root directory of the Identity_Manager_Linux_LDAP_Designer.tar.gz file, run one of the following commands:
Follow the prompts and complete the installation. For more information, see Installing Designer in the NetIQ Identity Manager Setup Guide for Linux. |
|
From the root directory of the Identity_Manager_Linux_Analyzer.tar.gz file, run one of the following commands:
Follow the prompts and complete the installation. For more information, see Installing Analyzer in the NetIQ Identity Manager Setup Guide for Linux. |
|
Activate your Identity Manager components. For more information, see Activating Identity Manager in the NetIQ Identity Manager Setup Guide for Linux. |
Download the software from the Product Web site. The Identity_Manager_4.8_Windows.iso file contains the DVD image for installing the Identity Manager components.
The installation files are located in the respective directories in the Identity Manager installation package. For information about the default installation locations, see Executables and Default Installation Paths on Windows in the NetIQ Identity Manager 4.8 Release Notes.
Table 2 Checklist for Identity Manager Standard Edition Installation on Windows
Task |
Notes |
---|---|
|
Review the system requirements for each component to ensure that your computer or virtual images meet the installation prerequisites. For more information, see Identity Manager System Requirements page. |
|
See Planning to Install Identity Manager in the NetIQ Identity Manager Setup Guide for Windows. |
|
Ensure that you install the components in the following order because the installation programs for some components require information about previously installed components.
|
|
For installation instructions, see Installation Procedures for Identity Manager Server, Identity Applications, and Identity Reporting in the NetIQ Identity Manager Setup Guide for Windows. For configuration instructions, see the respective Identity Server component-specific configuration procedures in the NetIQ Identity Manager Setup Guide for Windows. |
|
For installation instructions, Installation Procedures for Identity Manager Server, Identity Applications, and Identity Reporting in the NetIQ Identity Manager Setup Guide for Windows: For configuration instructions, see Configuring Identity Reporting in the NetIQ Identity Manager Setup Guide for Windows. NOTE:You must import the report definitions into Identity Reporting. To download them, use the Download page within the Reporting application. |
|
For installation instructions, see Installing SSPR in the NetIQ Identity Manager Setup Guide for Windows. For configuration instructions, see Configuring Self Service Password Reset for Identity Manager in the NetIQ Identity Manager Setup Guide for Windows. |
|
Activate your Identity Manager components. For more information, see Activating Identity Manager in the NetIQ Identity Manager Setup Guide for Windows. |
You create an Organizational Role object in the Identity Vault and then assign this role to a new user or an existing user by using iManager.
Create an Organizational Role object.
In NetIQ iManager, click View Objects.
Click the Organizational Unit in which you want to create a new Report Administrator (reportAdmin) role.
Click New > Create Object.
From Available object classes, select Organizational Role and click OK.
Type the name and context of the object or use the Object Selector to find it, then click OK.
When the confirmation message appears, click OK.
Assign reportAdmin role to a user object.
In NetIQ iManager, click Roles and Tasks.
Click Directory Administration > Modify Object.
Specify the name and context of the user object or use the Object Selector to locate it, then click OK.
The Content frame displays the user object’s property book.
On the General tab, click the Other page.
On the screen that appears, select Object Class from Valued Attributes.
Click Edit to add a new attribute to the user object.
Click +, then specify a name, nrfIdentity, for the attribute, and click OK.
Click OK to save your changes.
Select Object Class from Valued Attributes.
From Unvalued Attributes, select nfrmemberof attribute, then click Right Arrow graphic to add this attribute to Valued Attributes.
To specify a value for the attribute, browse to the reportAdmin role that you created in Step 1.
If you are using Firefox, click the + symbol to add information instead of typing directly in the field.
Click Apply or OK to save the changes.
To modify installation properties after installation, run the configuration update utility depending on your platform.
Linux: Run configupdate.sh from /opt/netiq/idm/apps/configupdate.
Windows: Run configupdate.bat from C:\netiq\idm\apps\IDMReporting\bin.
If you change any setting for Identity Reporting through the configuration update utility, you must restart the Tomcat application server for the changes to take effect. However, you do not need to restart the application server after making changes in the web user interface for Identity Reporting.
NetIQ supports the following upgrade paths for upgrading to Identity Manager 4.8:
Identity Manager 4.7 Standard Edition to Identity Manager 4.8 Standard Edition
Identity Manager 4.7 Standard Edition to Identity Manager 4.8 Advanced Edition
You cannot perform a direct upgrade from Identity Manager 4.7 Standard Edition to Identity Manager 4.8 Advanced Edition. However, you can choose one of the following approaches to complete the upgrade:
Upgrade Identity Manager 4.7 Standard Edition to Identity Manager 4.8 Standard Edition and then upgrade to Identity Manager 4.8 Advanced Edition.
Upgrade Identity Manager 4.7 Standard Edition to Identity Manager 4.7 Advanced Edition and then upgrade to Identity Manager 4.8 Advanced Edition.
Before performing an upgrade, NetIQ recommends that you review Upgrading to Standard Edition section in the NetIQ Identity Manager 4.8 Release Notes and then complete the following tasks in the same sequence:
NOTE:The same steps apply if you are upgrading from 4.6.4 Standard Edition to 4.8 Standard Edition.
Table 3 Checklist for Upgrading form Identity Manager 4.7 Standard Edition to Identity Manager 4.8 Standard Edition
Task |
Linux |
Windows |
---|---|---|
|
See Understanding Upgrade Process in the NetIQ Identity Manager Setup Guide for Linux. |
See Understanding Upgrade and Migration in the NetIQ Identity Manager Setup Guide for Windows. |
|
You cannot directly upgrade or migrate to the 4.8 version from versions before 4.6. For information on the supported upgrade paths, see Upgrading from Identity Manager 4.6.x versions in the Identity Manager 4.8 Release Notes. |
You cannot directly upgrade or migrate to the 4.8 version from versions before 4.6. For information on the supported upgrade paths, see Upgrading from Identity Manager 4.6.x versions in the Identity Manager 4.8 Release Notes. |
|
Ensure that you have the latest installation kit to upgrade/migrate Identity Manager to 4.8 Standard Edition. |
Ensure that you have the latest installation kit to upgrade/migrate Identity Manager to 4.8 Standard Edition. |
|
See |
See |
|
Ensure that your computers meet the hardware and software prerequisites for a newer version of Identity Manager. For more information, see the Identity Manager System Requirements page. |
Ensure that your computers meet the hardware and software prerequisites for a newer version of Identity Manager. For more information, see the Identity Manager System Requirements page. |
|
See |
See Backing Up the Current Configurationin the NetIQ Identity Manager Setup Guide for Windows. |
|
See |
See Upgrading Analyzer in the NetIQ Identity Manager Setup Guide for Windows. |
|
See |
See Upgrading Designer in the NetIQ Identity Manager Setup Guide for Windows. |
|
See Upgrading the Identity Vault in the NetIQ Identity Manager Setup Guide for Linux. |
See Upgrading the Identity Vault in the NetIQ Identity Manager Setup Guide for Windows. |
|
Upgrade iManager to the latest version. For upgrade instructions, see Upgrading iManager in the NetIQ Identity Manager Setup Guide for Linux. |
Upgrade iManager to the latest version. For upgrade instructions, see Upgrading iManager in the NetIQ Identity Manager Setup Guide for Windows. |
|
See Stopping the Drivers in the NetIQ Identity Manager Setup Guide for Linux. |
Stop the drivers that are associated with the server where you installed the Identity Manager engine. For more information, see Stopping and Starting Identity Manager Drivers in the NetIQ Identity Manager Setup Guide for Windows. |
|
See Upgrading Identity Manager Engine in the NetIQ Identity Manager Setup Guide for Linux. |
See Upgrading the Identity Manager Engine Components in the NetIQ Identity Manager Setup Guide for Windows. |
|
This is only required if a newer version of a package is available and there is a new functionality included in the policies for a driver that you want to add to your existing driver. |
This is only required if a newer version of a package is available and there is a new functionality included in the policies for a driver that you want to add to your existing driver. |
|
In iManager, make sure that you apply the Identity Manager 4.8 Standard Edition activation. If you do not apply the activation, Identity Manager engine and drivers run in the evaluation mode. |
In iManager, make sure that you apply the Identity Manager 4.8 Standard Edition activation. If you do not apply the activation, Identity Manager engine and drivers run in the evaluation mode. |
|
See Upgrading Identity Reporting in the NetIQ Identity Manager Setup Guide for Linux. |
See Upgrading Identity Reporting in the NetIQ Identity Manager Setup Guide for Windows. |
|
Start the drivers associated with the Identity Reporting and Identity Manager engine. For more information, see Starting the Drivers in the NetIQ Identity Manager Setup Guide for Linux. |
Start the drivers associated with the Identity Reporting and Identity Manager engine. For more information, see Starting the Drivers in the NetIQ Identity Manager Setup Guide for Windows. |
|
If you have custom policies and rules, restore your custom settings. For more information, see Restoring Custom Policies and Rules to the Driver in the NetIQ Identity Manager Setup Guide for Linux. |
If you have custom policies and rules, restore your custom settings. For more information, see Restoring Custom Policies and Rules to the Driver in the NetIQ Identity Manager Setup Guide for Windows. |
|
If you are using NetIQ Sentinel, ensure that you are running the latest service pack. For more information about upgrading Sentinel, see the NetIQ Sentinel Installation and Configuration Guide. |
Sentinel installation is not supported on Windows. |
Upgrading Identity Manager 4.7 Standard Edition to Identity Manager 4.8 Advanced Edition involves configuration changes for the Identity Manager components. You do not need to run the Identity Manager installation program to perform this upgrade.
The Identity Manager 4.8 Advanced Edition includes all the features included in the Standard Edition along with additional features such as identity applications. The NetIQ Identity Manager 4.8 Release Notesincludes brief details of the new features in Identity Manager 4.8.
To perform the upgrade, NetIQ recommends that you complete the steps in the below checklist in the given order:
NOTE:The same steps apply if you are upgrading from 4.6.4 Standard Edition to 4.8 Advanced Edition.
Table 4 Checklist for Upgrading form Identity Manager 4.7 Standard Edition to Identity Manager 4.8 Advanced Edition
Task |
Linux |
Windows |
---|---|---|
|
Review the differences between an upgrade and a migration. For more information, see Understanding Upgrade Process in the NetIQ Identity Manager Setup Guide for Linux. |
Review the differences between an upgrade and a migration. For more information, see Understanding Upgrade and Migration in the NetIQ Identity Manager Setup Guide for Windows. |
|
You cannot directly upgrade or migrate to the 4.8 version from versions before 4.6. For information on the supported upgrade paths, see Upgrading from Identity Manager 4.6.x versions in the Identity Manager 4.8 Release Notes. |
You cannot directly upgrade or migrate to the 4.8 version from versions before 4.6. For information on the supported upgrade paths, see Upgrading from Identity Manager 4.6.x versions in the Identity Manager 4.8 Release Notes. |
|
Ensure that you have the latest installation kit to upgrade Identity Manager to 4.8 Advanced Edition. |
Ensure that you have the latest installation kit to upgrade Identity Manager to 4.8 Advanced Edition. |
|
For more information, see |
For more information, see |
|
Ensure that your computers meet the hardware and software prerequisites for a newer version of Identity Manager. For more information, see the Identity Manager System Requirements page. |
Ensure that your computers meet the hardware and software prerequisites for a newer version of Identity Manager. For more information, see the Identity Manager System Requirements page. |
|
Stop Tomcat. |
Stop Tomcat. |
|
Uninstall the Identity Reporting WAR files from your application server. To do this, follow the instructions in the documentation specific to your application server. For more information, see Uninstalling Identity Reporting in the NetIQ Identity Manager Setup Guide for Linux. |
Uninstall the Identity Reporting WAR files from your application server. To do this, follow the instructions in the documentation specific to your application server. For more information, see Uninstalling Identity Reporting in the NetIQ Identity Manager Setup Guide for Windows. |
|
In iManager, ensure that you apply the Identity Manager 4.8 Advanced Edition activation key. Otherwise, Identity Manager engine upgrade does not proceed. |
In iManager, ensure that you apply the Identity Manager 4.8 Advanced Edition activation key. Otherwise, Identity Manager engine upgrade does not proceed. |
|
For installation instructions, see Performing an Interactive Installation or Performing a Silent Installation in the NetIQ Identity Manager Setup Guide for Linux. For configuration instructions, see Configuring the Identity Manager Components in the NetIQ Identity Manager Setup Guide for Linux. |
For installation instructions, see Installation Procedures for Identity Manager Server, Identity Applications, and Identity Reporting in the NetIQ Identity Manager Setup Guide for Windows. For configuration instructions, see Configuring Identity Applications in the NetIQ Identity Manager Setup Guide for Windows. |
|
For installation instructions, see Performing an Interactive Installation or Performing a Silent Installation in the NetIQ Identity Manager Setup Guide for Linux. For configuration instructions, see Configuring the Identity Manager Components in the NetIQ Identity Manager Setup Guide for Linux. |
For installation instructions, see Installation Procedures for Identity Manager Server, Identity Applications, and Identity Reporting in the NetIQ Identity Manager Setup Guide for Windows. For configuration instructions, see Configuring Identity Reporting in the NetIQ Identity Manager Setup Guide for Windows. |
|
If you have custom policies and rules, restore your custom settings. For more information, see Restoring Custom Policies and Rules to the Driver in the NetIQ Identity Manager Setup Guide for Linux. |
If you have custom policies and rules, restore your custom settings. For more information, see Restoring Custom Policies and Rules to the Driver in the NetIQ Identity Manager Setup Guide for Windows. |
|
(Conditional) If you are using NetIQ Sentinel, ensure that you are running the latest service pack. For more information about upgrading Sentinel, see the NetIQ Sentinel Installation and Configuration Guide. |
Sentinel installation is only supported on Linux. (Conditional) If you are using NetIQ Sentinel, ensure that you are running the latest service pack. For more information about upgrading Sentinel, see the NetIQ Sentinel Installation and Configuration Guide. |
Launch Designer, then go to DCS Driver Configuration > Driver Parameters > Driver Options.
In the Managed System Gateway Registration section, change the settings as below:
Set Register Manage System Gateway to Yes.
Change the MSGW Driver DN. For example, CN=Managed System Gateway Driver,cn=driverset1,o=system.
Change the User DN. For example, cn=admin,ou=sa,o=system.
Specify the password for the User DN.
For more information on configuring the driver, see Configuring the Data Collection Services Driver to Collect Data from the Identity Applications in the NetIQ Identity Manager Setup Guide for Windows.
Save the settings, then deploy the DCS driver.
Restart the DCS driver.
Upgrading the Identity Reporting might not immediately show the Advanced Version. The version change occurs after the next batch of events is processed.
Some components of Identity Manager have prerequisites for uninstallation. Ensure that you review all the information for each component before beginning the uninstallation process. For more information, see Uninstalling Identity Manager Components in the NetIQ Identity Manager Setup Guide for Linux or Uninstalling Identity Manager Components in the NetIQ Identity Manager Setup Guide for Windows.
For information about NetIQ legal notices, disclaimers, warranties, export and other use restrictions, U.S. Government restricted rights, patent policy, and FIPS compliance, see https://www.netiq.com/company/legal/.
Copyright (C) 2019 NetIQ Corporation. All rights reserved.