Use the following worksheets to help collect the information that you need to specify when configuring the Identity Manager components.
Use the following worksheet to help collect the information that you need to specify when configuring Identity Manager Engine.
Table 3-2 Identity Manager Engine Settings
|
Parameter |
Description |
|---|---|
|
Identity Vault DIB Location |
Specify the Identity Vault DIB location. |
|
Create a New Tree |
Select this option if you want to create a new Identity Vault tree. |
|
Tree Name |
Applies only if you have selected the Create a New Tree option. Specify the Identity Vault tree name. |
|
Add to an Existing Tree |
Select this option if you want to connect to an Identity Vault tree existing on a remote server. You must only specify an IP address; hostname or FQDN is not supported. |
|
Host |
Applies only if you have selected the Add to an Existing Tree option. Specify the IP address for your Identity Vault. |
|
Secure LDAP Port |
Applies only if you have selected the Add to an Existing Tree option. Specifies the port on which the Identity Vault listens for LDAP requests using Secure Sockets Layer (SSL) protocol. The default value is 636. If a service already loaded on the server (before you install eDirectory) uses the default port, you must specify a different port. |
|
Administrator DN |
Specify the administrator name for Identity Manager engine. The default value is cn=admin,ou=sa,o=system. |
|
Administrator Password |
Specify the password for the Administrator object. For example, password. |
|
Identity Vault Server Context (in LDAP format) |
Specify the DN for the server container. The default value is ou=servers, o=system |
|
Identity Vault Driver Set (in LDAP format) |
Specify the context DN for the driver set. The default value is cn=DriverSet, o=system. |
|
Clear Text LDAP Port |
Specify the port on which the Identity Vault listens for LDAP requests in clear text. The default value is 389. |
|
Secure LDAP Port |
Specify the port on which the Identity Vault listens for LDAP requests using Secure Sockets Layer (SSL) protocol. The default value is 636. If a service already loaded on the server (before you install eDirectory) uses the default port, you must specify a different port. |
|
Clear Text HTTP Port |
Specify the port on which the HTTP stack operates in clear text.The default value is 8028. |
|
Secure HTTP Port |
Specify the port on which the HTTP stack operates using TLS/SSL protocol. The default value is 8030. |
|
RSA Key Size |
Applies only if you have selected the Create a New Tree option. Specify the key size for RSA certificates. Allowed values are 2048, 4096, and 8192 bits. The default value is 4096. |
|
EC Curve |
Applies only if you have selected the Create a New Tree option. Specify the elliptical curve (EC) limit for EC certificates. Allowed values are P256, P384, and P521. The default value is P384. |
|
Certificate Lifetime |
Applies only if you have selected the Create a New Tree option. Specify the certificate life in years. |
|
iManager HTTP Port |
Specify the HTTP port for Tomcat Application server. The default value is 8080. |
|
iManager SSL Port |
Specify the HTTPS port for Tomcat Application server. The default value is 8443. |
Use the following worksheet to help collect the information that you need to specify when configuring Identity Applications.
Table 3-3 Identity Applications Settings
|
Parameter |
Description |
|---|---|
|
Install Self-Service Password Reset |
Specify whether you want to install the SSPR component. |
|
Host |
Specify the IP address of the server where Identity Vault is installed. |
|
Secure LDAP Port |
Specify the port on which the Identity Vault listens for LDAP requests using Secure Sockets Layer (SSL) protocol. The default value is 636. If a service already loaded on the server (before you install eDirectory) uses the default port, you must specify a different port. |
|
Administrator DN |
Specify the administrator name for Identity Manager engine. The default value is cn=admin,ou=sa,o=system. |
|
Administrator Password |
Applies only when installing a new authentication server. Specify the password for the administrator account of the LDAP authentication server. |
|
Root Container DN |
Specify the root container. The default value is o=data. |
|
User Container DN |
Applies only when installing a new authentication server. Specify the container in the LDAP authentication server where you store the user accounts that can log in to Access Review. For example, o=data. |
|
Administrator Container DN |
Applies only when installing a new authentication server. Specify the container in the LDAP authentication server where you store the administrator accounts. |
|
Driver Set DN |
Specify the driver set DN. |
|
Deploy Identity Applications Drivers |
Select this option if you want to deploy the User Application driver and the Roles and Resources Services driver. |
|
Select the Database Platform for Identity Applications |
Select the database that you want use with the Identity Applications. The options are PostgreSQL, Oracle, and Microsoft SQL Server. |
|
New PostgreSQL Server |
Select this option if you want to install a new instance of the PostgreSQL database. |
|
Existing PostgreSQL Server |
Select this option if you want to connect to an existing PostgreSQL database server. |
|
Database Host |
Specify the name or IP address of the server. |
|
Database Port |
Specify the port that you want the server to use for communication with the User Application. By default, the value is set to 5432. |
|
Identity Applications Database Name |
Specify the name of the database for identity applications. |
|
Workflow Engine Database Name |
Specify the name of the database for workflow engine. |
|
Database User |
Specify the name of an account that allows the User Application to access and modify data in the databases. |
|
Database User Password |
Specify the database user password. |
|
Database Driver Jar |
Specify the JAR file for the database platform. The database vendor provides the driver JAR file, which represents the Thin Client JAR for the database server. For example, for PostgreSQL, you might specify postgresql-9.4-1212.jdbc42.jar, by default in the C:\NetIQ\idm\apps\Postgres folder.NetIQ does not support driver JAR files from third-party vendors. |
|
When would you like the schema to be created |
Specify when you want to create the database schema as part process. The available options are Now, At Application Startup, and Write SQL to a File. |
|
Application Server Host |
Specify the IP address where Tomcat is installed. |
|
Application Server HTTPS Port |
Specify the port where Tomcat is installed. By default the value is set to 8543. |
|
Login Screen Name |
Specify the custom name that you want to display on user login screen. The default value is Identity Access. When you upgrade Identity Applications, the login screen name automatically changes to NetIQ Access. |
|
Identity Applications Administrator |
Specify the DN for an administrator account of the LDAP authentication server. For example, cn=uaadmin,ou=sa,o=data |
|
Administrator Password |
Specify the Identity Applications administrator password. |
|
Set this password as a common password for other settings |
Select this option if you want to set a common password. NOTE:The default password for Tomcat keystore is changeit. |
|
OAuth Keystore Password |
Applies only if you have selected the Set this password as a common password for other settings check box. Specify the OAuth keystore password. |
|
SSO Client Password |
Applies only if you have selected the Set this password as a common password for other settings check box. Specify the SSO client password. |
|
SSPR Configuration Password |
Applies only if you have selected the Set this password as a common password for other settings check box. Specify the SSPR configuration password. |
|
Form Renderer HTTPS Port |
Specify the form renderer HTTPS port. By default the value is set to 8600. |
|
Workflow Engine ID |
Specify a unique value for the Workflow Engine ID. |
Use the following worksheet to help collect the information that you need to specify when configuring Identity Reporting.
Table 3-4 Identity Reporting Settings
|
Parameter |
Description |
|---|---|
|
Host |
Specify the IP address of the server where Identity Vault is installed. |
|
Secure LDAP Port |
Specify the port on which the Identity Vault listens for LDAP requests using Secure Sockets Layer (SSL) protocol. The default value is 636. If a service already loaded on the server (before you install eDirectory) uses the default port, you must specify a different port. |
|
Administrator DN |
Specify the administrator name for Identity Manager engine. The default value is cn=admin,ou=sa,o=system. |
|
Administrator Password |
Specify the password for the administrator account of the LDAP authentication server. |
|
User Container DN |
Applies only when installing a new authentication server. Specify the container in the LDAP authentication server where you store the user accounts that can log in to Access Review. For example, o=data. |
|
Administrator Container DN |
Applies only when installing a new authentication server. Specify the container in the LDAP authentication server where you store the administrator accounts. |
|
Driver Set DN |
Specify the driver set DN. |
|
Deploy Identity Reporting Drivers |
Select this option if you want to deploy the Data Collection Services driver and the Managed System Gateway services driver. |
|
Select the Database Platform for Identity Reporting |
Select the database that you want to use with the Identity Reporting. The options are PostgreSQL, Oracle, and Microsoft SQL Server. |
|
New PostgreSQL Server |
Select this option if you want to install a new instance of the PostgreSQL database. |
|
Existing PostgreSQL Server |
Select this option if you want to connect to an existing PostgreSQL database server. |
|
Database Host |
Specify the name or IP address of the server. |
|
Database Port |
Specify the port that you want the server to use for communication with Identity Reporting. By default, the value is set to 5432. |
|
Database Name |
Specify the database name for Identity Reporting. |
|
Database User Password |
Specify the database user password. |
|
Database Account Password |
Specify the database account password for Identity Reporting. |
|
Application Server Host |
Specify the IP address where Tomcat is installed. |
|
Application Server HTTPS Port |
Specify the port where Tomcat is installed. By default the value is set to 8543. |
|
External OSP Server |
Select this option if you want to connect to an external OSP server. For example, use this option if you want to connect to a remote OSP which is used by Identity Applications. |
|
OSP Server Host |
Applies only if you have selected the External OSP Server option. Specify the IP address of the server where OSP is installed. |
|
OSP Server Port |
Applies only if you have selected the External OSP Server option. Specify the OSP server port. |
|
OSP Keystore |
Applies only if you have selected the External OSP Server option. Specify the location of the OSP keystore file. |
|
OSP Keystore Password |
Applies only if you have selected the External OSP Server option. Specify the OSP keystore password. |
|
OSP Client Password |
Applies only if you have selected the External OSP Server option. Specify the OSP client password. |
|
Identity Reporting Administrator |
Specifies the administrator name for Identity Reporting. The default value is cn=uaadmin,ou=sa,o=data. |
|
Identity Reporting Administrator password |
Specifies the administrator password for Identity Reporting. |
|
Set this password as a common password for other settings |
Select this option if you want to set a common password. |
Use the following worksheet to help collect the information that you need to specify when configuring Self-Service Password Reset (SSPR).
This section applies only when you want to install Identity Applications and SSPR on separate computers.
Table 3-5 SSPR Settings
|
Parameter |
Description |
|---|---|
|
Host |
Specify the IP address of the server where Identity Vault is installed. |
|
Secure LDAP Port |
Specify the port on which the Identity Vault listens for LDAP requests using Secure Sockets Layer (SSL) protocol. The default value is 636. If a service already loaded on the server (before you install eDirectory) uses the default port, you must specify a different port. |
|
Administrator DN |
Specify the administrator name for Identity Manager engine. The default value is cn=admin,ou=sa,o=system. |
|
Administrator Password |
Specify the password for the administrator account of the LDAP authentication server. |
|
User Container DN |
Applies only when installing a new authentication server. Specify the container in the LDAP authentication server where you store the user accounts that can log in to Access Review. For example, o=data. |
|
Administrator Container DN |
Applies only when installing a new authentication server. Specify the container in the LDAP authentication server where you store the administrator accounts. |
|
Application Server Host |
Specify the IP address where Tomcat is installed. |
|
Application Server HTTPS Port |
Specify the port where Tomcat is installed. By default the value is set to 8543. |
|
Identity Applications Administrator |
Specify the DN for an administrator account of the LDAP authentication server. For example, cn=uaadmin,ou=sa,o=data |
|
Administrator Password |
Specify the Identity Applications administrator password. |
|
Authentication Server Host |
Specify the IP address of the server where OSP is installed. |
|
Authentication Server HTTPS Port |
Specify the OSP server HTTPS port. |
|
Authentication Server Client Password |
Specify the OSP client password. |