NetIQ Identity Manager Setup Guide

NetIQ Identity Manager Setup Guide

Overview of the Components of Identity Manager

Creating and Maintaining Your Identity Manager Environment

Designer for Identity Manager

Analyzer for Identity Manager

Role Administration

iManager

Managing Data in the Identity Manager Environment

Understanding Data Synchronization

Understanding Auditing, Reporting, and Compliance

Understanding the Components for Synchronizing Your Identity Data

Provisioning Users for Secure Access

Understanding the Attestation Process in Identity Manager

Understanding the Self-Service Process in Identity Manager

Understanding the Components for Managing User Provisioning

Using Self-Service Password Management in Identity Manager

Using Single Sign-on Access in Identity Manager

Planning to Install Identity Manager

Planning Overview

Planning Checklist

Understanding the Integrated and Standalone Installation Processes

Recommended Installation Scenarios and Server Setup

Understanding Licensing and Activation

Understanding Identity Manager Communication

Understanding Language Support

Downloading the Installation Files

Considerations and Prerequisites for Installation

Ensuring High Availability for Identity Manager

Minimum Space Requirement on Linux Servers

Installing Identity Manager on an RHEL 6.x or 7.x Server

Installing the Identity Vault

Planning to Install the Identity Vault

Checklist for Installing the Identity Vault

Prerequisites and Considerations for Installing the Identity Vault

Understanding Identity Manager Objects in eDirectory

Replicating the Objects that Identity Manager Needs on the Server

Using Scope Filtering to Manage Users on Different Servers

Understanding the Linux Packages in the Identity Vault Installation Kit

System Requirements for the Identity Vault

Preparing to Install the Identity Vault

Using Escape Characters when a Container Name Includes a Period (“.”)

Using OpenSLP or hosts.nds for Resolving Tree Names

Improving Identity Vault Performance

Using IPv6 Addresses on the Identity Vault Server

Using LDAP to Communicate with the Identity Vault

Installing NICI Manually on Workstations that have Management Utilities

Installing NMAS Client Software

Installing the Identity Vault on a Linux Server

Installing the Identity Vault as Root

Installing the Identity Vault as a Non-root User

Installing the Identity Vault on a Windows Server

Using the Wizard to Install the Identity Vault on a Windows Server

Silently Installing and Configuring the Identity Vault on a Windows Server

Configuring the Identity Vault after Installation

Modifying the eDirectory Tree and Replica Server with the ndsconfig Utility

Managing Instances with the ndsmanage Utility

Installing the Identity Manager Engine, Drivers, and Plug-ins

Planning to Install the Engine, Drivers, and Plug-ins

Checklist for Installing the Identity Manager Engine, Drivers, and Plug-ins

Understanding the Installation Program

Prerequisites and Considerations for Installing the Identity Manager Engine

System Requirements for the Identity Manager Engine

Preparing to Install the Engine, Drivers, and Plug-ins

Verifying Environment Variables (UNIX / Linux) for the Identity Manager Installation

Stopping and Starting Identity Manager Drivers

Installing the Engine, Drivers, and iManager Plug-ins

Using the Wizard to Install the Components

Performing a Silent Installation

Installing on a Server with Multiple Instances of Identity Vault

Completing a Non-root Installation

Installing and Managing the Remote Loader

Planning to Install the Remote Loader

Checklist for Installing the Remote Loader

Understanding the Remote Loader

Understanding the Installation Program

Using 32-bit and 64-bit Remote Loader on the Same Computer

Prerequisites and Considerations for Installing the Remote Loader

System Requirements for the Remote Loader

Installing Remote Loader

Using the Wizard to Install the Remote Loader

Performing a Silent Installation of the Remote Loader

Installing Java Remote Loader

Configuring the Remote Loader and Drivers

Creating a Secure Connection to the Identity Manager Engine

Understanding the Configuration Parameters for the Remote Loader

Configuring the Remote Loader for Driver Instances on UNIX or Linux

Configuring the Remote Loader for Driver Instances on Windows

Configuring the Java Remote Loader for Driver Instances

Configuring Identity Manager Drivers to Work with the Remote Loader

Verifying the Configuration

Starting and Stopping the Remote Loader

Starting a Driver Instance in the Remote Loader

Stopping a Driver Instance in the Remote Loader

Installing iManager

Planning to Install iManager

Checklist for Installing iManager

Understanding the Server and Client Versions of iManager

Understanding Installation for iManager Plug-ins

Prerequisites and Considerations for Installing iManager

System Requirements for iManager Server

System Requirements for iManager Workstation (Client Version)

Installing iManager Server and Workstation

Installing iManager and iManager Workstation on Linux

Installing iManager and iManager Workstation on Windows

Installing iManager Silently

Post-Installation Tasks for iManager

Replacing the Temporary Self-Signed Certificates for iManager

Configuring iManager for IPv6 Addresses after Installation

Specifying an Authorized User for eDirectory

Installing Designer for Identity Manager

Planning to Install Designer

Checklist for Installing Designer

Prerequisites for Installing Designer

System Requirements for Designer

Installing Designer

Using the Installation Command on Linux

Running the Windows Executable File

Using the Silent Installation Process

Modifying an Installation Path that Includes a Space Character

Installing PostgreSQL and Tomcat for Identity Manager

Planning to Install PostgreSQL and Tomcat

Checklist for Installing Tomcat and PostgreSQL

Understanding the Installation Process for PostgreSQL and Tomcat

Prerequisites for Installing PostgreSQL

Prerequisites for Installing Tomcat

System Requirements for PostgreSQL

System Requirements for Tomcat

Installing PostgreSQL and Tomcat

Using the Wizard to Install PostgreSQL and Tomcat

Silently Installing Tomcat and PostgreSQL for Identity Manager

Installing the Single Sign-on and Password Management Components

Planning to Install Single Sign-on and Password Management for Identity Manager

Checklist for Installing the Single Sign-on and Password Management Components

Prerequisites for Installing One SSO Provider

Prerequisites for Installing Self Service Password Reset

System Requirements for One SSO Provider

System Requirements for Self Service Password Reset

Using the Apache Log4j Service to Log Sign-on and Password Events

Installing Single Sign-on and Password Management for Identity Manager

Using the Wizard to Install the Single Sign-on and Password Management Components

Silently Installing the Single Sign-on and Password Management Components

Configuring OSP and SSPR for Clustering

Configuring Single Sign-on Access

Installing the Identity Applications

Planning to Install the Identity Applications

Checklist for Installing the Identity Applications

Understanding the Installation Files for the Identity Applications

Prerequisites and Considerations for Installing the Identity Applications

System Requirements for the Identity Applications

Preparing to Install the Identity Applications

Adding the User Application Schema to your Audit Server as a Log Application

Create a User Application Administrator Account

Configuring the Database for the Identity Applications

Configuring an Oracle Database

Configuring a PostgreSQL Database

Configuring a SQL Server Database

Preparing Your Environment for the Identity Applications

Specifying a Location for the Permission Index

Enabling the Permission Index for Clustering

Preparing Your Application Server for the Identity Applications

Preparing a Cluster for the Identity Applications

Installing the Identity Applications

Checklist for Installing the Identity Applications

Using the Guided Process to Install the Identity Applications

Silently Installing the Identity Applications

Post-Installation Steps for JBoss

Post-Installation Steps for Tomcat

Post-Installation Steps for WebSphere

Disabling the Prevent HTML Framing Setting for Integrating Identity Manager with SSPR

Starting the Identity Applications

Creating and Deploying the Drivers for the Identity Applications

Creating the User Application Driver

Configuring the User Application Driver for Clustering

Creating the Role and Resource Service Driver

Deploying the Drivers for the User Application

Completing the Installation of the Identity Applications

Checking the Health of the Server in a Clustered Environment

Manually Creating the Database Schema

Recording the Master Key

Configuring Localized User Names

Configuring the Identity Vault for the Identity Applications

Reconfiguring the WAR File for the Identity Applications

Configuring Forgotten Password Management

Configuring the Settings for the Identity Applications

Running the Identity Applications Configuration Utility

User Application Parameters

Authentication Parameters

SSO Clients Parameters

Reporting Parameters

Installing the Identity Reporting Components

Planning to Install Identity Reporting

Checklist for Installing Identity Reporting

Understanding the Installation Process for the Identity Reporting Components

Prerequisites for Installing the Identity Reporting Components

System Requirements for Identity Reporting

Installing the Event Auditing Service

Preparing the Environment for Event Auditing Service

Using the Wizard to Install Event Auditing Service

Installing Event Auditing Service Silently

Installing Identity Reporting

Using the Guided Process to Install Identity Reporting

Installing Identity Reporting Silently

Manually Generating the Database Schema

Configuring Identity Reporting

Configuring Identity Reporting for WebSphere

Running Reports on an Oracle Database

Deploying REST APIs for Identity Reporting

Managing the Drivers for Reporting

Configuring Drivers for Identity Reporting

Deploying and Starting Drivers for Identity Reporting

Backing Up the Schema for the Drivers

Configuring the Runtime Environment

Setting Auditing Flags for the Drivers

Installing Analyzer for Identity Manager

Planning to Install Analyzer

Checklist for Installing Analyzer

Prerequisites for Installing Analyzer

System Requirements for Installing Analyzer

Installing Analyzer

Using the Wizard to Install Analyzer

Installing Analyzer Silently

Adding XULrunner to Analyzer.ini on Linux Platforms

Installing an Audit Client for Analyzer

Configuring Single Sign-on Access in Identity Manager

Preparing for Single Sign-on Access

Using One SSO Provider for Single Sign-on Access in Identity Manager

Preparing eDirectory for Single Sign-on Access

Modifying the Basic Settings for Single Sign-on Access

Configuring Self Service Password Reset to Trust OSP

Using SAML Authentication with NetIQ Access Manager for Single Sign-on

Understanding Third-Party Authentication and Single Sign-On

Creating and Installing SSL Certificates

Configuring Identity Manager to Trust Access Manager

Configuring Access Manager to Work with Identity Manager

Updating the Login Pages for Access Manager

Using Kerberos for Single Sign-On

Configuring the Kerberos User Account in Active Directory

Configuring the Identity Applications Server

Configure the End-User Browsers to Use Integrated Windows Authentication

Verifying Single Sign-on Access for the Identity Applications

Using SSL for Secure Communication

Checklist for Ensuring SSL Connections

Updating the SSL Settings in the Configuration Utility

Updating the SSL Settings for Self Service Password Reset

Updating the SSL Settings for the Application Server

Creating a Keystore and Certificate Signing Request

Enabling SSL with a Self-signed Certificate

Enabling SSL with a Signed Certificate

Ensuring Client Workstations Have Certificates

Post-Installation Tasks

Configuring a Connected System

Creating and Configuring a Driver Set

Creating a Driver

Defining Policies

Managing Driver Activities

Activating Identity Manager

Upgrading Identity Manager

Preparing to Upgrade Identity Manager

Checklist for Upgrading Identity Manager

Understanding Upgrade and Migration

Backing Up the Current Configuration

Deleting the Telemetry Job

Upgrading Identity Manager Components

Upgrading Designer

Upgrading iManager

Upgrading the Remote Loader

Upgrading the Identity Manager Engine

Upgrading the Identity Reporting

Upgrading Analyzer

Upgrading the Identity Manager Drivers

Adding New Servers to the Driver Set

Restoring Custom Policies and Rules to the Driver

Applying Software Update to Identity Manager Components

Applying Software Update to the Identity Manager Engine and Remote Loader

Applying Software Update for an Identity Manager Driver

Migrating Identity Manager Data to a New Installation

Preparing to Migrate Identity Manager

Checklist for Performing a Migration

Stopping and Starting Identity Manager Drivers during Migration

Migrating Identity Manager to a New Server

Checklist for Migrating Identity Manager

Preparing Your Designer Project for Migration

Copying Server-specific Information for the Driver Set

Migrating the Identity Manager Engine to a New Server

Migrating the User Application Driver

Upgrading the Identity Applications

Completing the Migration of the Identity Applications

Uninstalling Identity Manager Components

Removing Objects from the Identity Vault

Uninstalling the Identity Manager Engine

Uninstalling the Remote Loader

Uninstalling the Roles Based Provisioning Module

Uninstalling the Identity Reporting

Uninstalling Role Mapping Administrator

Uninstalling Catalog Administrator

Uninstalling eDirectory

Uninstalling Analyzer

Uninstalling iManager

Uninstalling Designer

Troubleshooting

Locating Log Files

Troubleshooting the User Application and RBPM Installation

Troubleshooting Uninstallation

Troubleshooting SSPR Page Request Error

Sample Identity Manager Cluster Deployment Solution

Installation Procedure

Sample Identity Applications Cluster Deployment Solution on Tomcat

Installation Procedure