Required for Advanced Edition installation
Identity Applications are an interconnected set of browser-based Web applications. They enable your organization to manage the user accounts and permissions associated with the wide variety of roles and resources available to users. You can configure the identity applications to provide self-service support for your users, such as requesting roles or changing their passwords. You can also set up workflows to improve the efficiency in managing and assigning roles and resources. Identity Applications consists of Administration Console (for administration tasks), User Console (Dashboard), and REST services that help you perform these tasks.
NOTE:You must have the Identity Manager Engine installed before installing Identity Applications.
To install Identity Applications components, use the Identity Applications installation option of the installation program.
An Identity Applications installation comprises of the following components:
The User Application is a browser-based web application that gives users the ability to perform a variety of identity self-service and roles provisioning tasks. Some of the tasks that were performed by using the User Application interface in the previous versions of the product have been moved to the new user interface that includes an Administration Console and a User Console. The User Application continues to provide some of the functionality that does not yet exist in the new user interface. For more information, see the NetIQ Identity Manager - Administrator’s Guide to the Identity Applications.
The authentication service provides access to Identity Applications features. For more information about using Single Sign-on access in Identity Manager, see the NetIQ Identity Manager - Administrator’s Guide to the Identity Applications.
The authentication service is provided by the NetIQ One Single Sign-On Provider (OSP) component. Identity Applications requires a local installation of OSP. OSP is automatically installed with Identity Applications.
The self-service password management service provides access to self-service password management. Identity Applications include NetIQ Self Service Password Reset (SSPR) to help users who have access to the identity applications to reset their passwords without administrative intervention.
The Identity Applications installation process enables SSPR by default. However you can choose to install SSPR on a separate computer if your deployment needs it or if you are installing Standard Edition. When installing SSPR on a separate computer in Advanced Edition, you must define password management settings in the Identity Applications configuration file (ism-configuration.properties) after completing the installation of both components, either manually or by using the ConfigUpdate utility.
The application server provides the runtime framework in which the identity applications components execute. The identity applications are packaged as WAR (Web Application Resource or Web application ARchive) files. The installation process enables you to deploy the WAR files to the application server. The application server runs a Java™ virtual machine, providing the runtime environment for the application code. The following WAR files apply to the URL for a component of the identity applications:
IDMProv for the Application Programming Interfaces (APIs) to the User Application
idmdash for the Dashboard
idmadmin for Identity Applications Administration interface
When a user interacts with idmdash or idmadmin applications, these applications query the underlying IDMProv.war file and fetch the information for the user. IDMProv.war exposes the REST and SOAP APIs where idmdash and idmadmin contain the information that provides the user interface.
The identity applications run on an Apache Tomcat application server, included in the installation kit. To support the Tomcat application server, the installation program installs supported versions of JRE and Apache ActiveMQ.
The Identity Applications database maintains configuration data for the identity applications such as localized labels, entitlement values, and Email server configuration. It also stores workflow state data required by the Workflow Engine. The supported databases for Identity Applications are PostgreSQL, Oracle, and Microsoft SQL Server.
The Identity Applications installation program automatically installs a supported version of PostgreSQL database that acts as the default database for Identity Applications. If you do not want to use PostgreSQL as the database, you can configure a supported version of Oracle or MS SQL database with Identity Applications. Identity Applications require a Java Database Connectivity driver (JDBC type 4 driver) to communicate with the database. The installation program prompts for the location and name of the JDBC driver for the database. Therefore, you must obtain this JDBC driver from your database installation directory before starting the Identity Applications installation. The supported databases for Identity Reporting are PostgreSQL, Oracle, and MS SQL.
For PostgreSQL database, the driver is bundled with the Identity Manager installation program.
For Oracle database, you can download the driver from the Oracle web site.
For Microsoft SQL Server database, download the driver from the Microsoft web site.
The database can reside locally on the Identity Applications server or a remote computer. When using a remote database, you must configure a connection to the database.
The Identity Applications components require the following drivers:
Stores configuration information and notifies the Identity Applications whenever changes occur in the Identity Vault. You can configure the driver to allow events in the Identity Vault to trigger workflows. The driver can also report success or failure of a workflow’s provisioning activity to the User Application so that users can view the final status of their requests.
Manages all role assignments, starts workflows for role assignment requests that require approval, and maintains indirect role assignments according to group and container memberships. The driver grants and revokes entitlements for users based on their role memberships, and it performs cleanup procedures for requests that have been completed. The driver also maintains resource requests in addition to role requests.
The Identity Applications installation option of the installation program deploys the User Application driver and the Role and Resource Service driver to the Identity Vault.