Quick Start Guide for Installing and Upgrading NetIQ Identity Manager 4.8 Standard Edition

October 2019

1.0 Introduction

This document provides guidelines to install and configure Identity Manager 4.8 Standard Edition, and upgrade to this version.

2.0 Overview

Identity Manager 4.8 Standard Edition provides the following features:

  • Rule-based automated provisioning

  • Password management (Self-Service Password Reset)

  • Identity Reporting

  • Content packaging framework

  • Single sign-on (One SSO)

  • Analyzer

  • Designer

For installing, configuring, or upgrading Identity Manager Standard Edition, see the setup guide for your platform:

IMPORTANT:Identity Manager 4.8 Advanced and Standard Editions are available in the same ISO file. The integration modules continue to remain the same for both editions.

For information about new features, enhancements, and features that have changed or are no longer supported in this version, see NetIQ Identity Manager 4.8 Release Notes.

3.0 Installing Identity Manager 4.8 Standard Edition on Linux

Download the software from the Product Web site. The Identity_Manager_4.8_Linux.iso file contains the DVD image for installing the Identity Manager components on Linux.

The installation script is located in the directory where you have mounted the installation package. For information about the default installation locations, see NetIQ Identity Manager 4.8 Release Notes.

Table 1 Checklist for Identity Manager Standard Edition Installation on Linux

Task

Notes

  1. Prerequisites

  1. Plan your installation

See Planning to Install Identity Manager in the NetIQ Identity Manager Setup Guide for Linux.

  1. Order of installation and/or configuration

Ensure that you install the components in the following order because the installation programs for some components require information about previously installed components.

  1. Sentinel Log Management for Identity Governance and Administration (IGA)

  2. Identity Manager Server components

  3. Identity Reporting components (also installs single sign-on component)

  4. Self-Service Password Reset

  5. Designer for Identity Manager

  6. Analyzer for Identity Manager

  1. (Conditional) Install Sentinel Log Management for IGA

If you need audit-based reports, configure the Data Synchronization Policy in the Identity Manager Data Collection Services page to forward events to the reporting database.

For installation instructions, see Installing Sentinel Log Management for Identity Governance and Administration in the NetIQ Identity Manager Setup Guide for Linux.

  1. Install Identity Manager Server components Identity Reporting Components, and Password Management Component

From the mount directory of the .iso file, run the following command to install Identity Manager server and Identity Reporting components:

./install.sh

For more information on the installation steps, see one of the following resources in the NetIQ Identity Manager Setup Guide for Linux.

Identity Manager provides a separate installation program for installing SSPR. For installation instructions, see Installing SSPR or see Performing a Silent Installation of SSPR in the NetIQ Identity Manager Setup Guide for Linux.

NOTE:If you are installing Identity Reporting on a computer that has iManager installed, do not use port 8080 for Tomcat. If other ports are already in use, change them during installation.

The Identity Reporting installation process installs the authentication service for reporting. It also deploys the rptdoc.war and dcsdoc.war that contains the documentation of REST services needed for reporting. These .war files are automatically deployed on your application sever when Identity Reporting is installed.

NOTE:You must import the report definitions into Identity Reporting. To download them, use the Download page within the Reporting application.

  1. Configure the installed components (Identity Manager Server components, Identity Reporting Components, and Password Management Component)

Configure Identity Manager server components and Identity Reporting components by running configure.sh, located in the mount directory of the .iso file.

Before beginning the configuration process for all components, review the configuration options from Understanding the Configuration Parameters in the NetIQ Identity Manager Setup Guide for Linux.

For configuring SSPR, see Configuring SSPR in the NetIQ Identity Manager Setup Guide for Linux.

After you have configured the Identity Reporting component, assign the Report Administrator role to a user that you want to access reporting functionality. For more information, see Creating and Assigning rptadmin Role to a User.

  1. Install Designer

From the root directory of the Identity_Manager_Linux_LDAP_Designer.tar.gz file, run one of the following commands:

  • Console: ./install

  • GUI: ./install -i console

Follow the prompts and complete the installation. For more information, see Installing Designer in the NetIQ Identity Manager Setup Guide for Linux.

  1. Install Analyzer

From the root directory of the Identity_Manager_Linux_Analyzer.tar.gz file, run one of the following commands:

  • Console: ./install

  • GUI: ./install -i console

Follow the prompts and complete the installation. For more information, see Installing Analyzer in the NetIQ Identity Manager Setup Guide for Linux.

  1. Activating Identity Manager

Activate your Identity Manager components. For more information, see Activating Identity Manager in the NetIQ Identity Manager Setup Guide for Linux.

4.0 Installing Identity Manager 4.8 Standard Edition on Windows

Download the software from the Product Web site. The Identity_Manager_4.8_Windows.iso file contains the DVD image for installing the Identity Manager components.

The installation files are located in the respective directories in the Identity Manager installation package. For information about the default installation locations, see Executables and Default Installation Paths on Windows in the NetIQ Identity Manager 4.8 Release Notes.

Table 2 Checklist for Identity Manager Standard Edition Installation on Windows

Task

Notes

  1. Prerequisites

Review the system requirements for each component to ensure that your computer or virtual images meet the installation prerequisites. For more information, see Identity Manager System Requirements page.

  1. Plan your installation

See Planning to Install Identity Manager in the NetIQ Identity Manager Setup Guide for Windows.

  1. Order of installation

Ensure that you install the components in the following order because the installation programs for some components require information about previously installed components.

  1. Sentinel Log Management for Identity Governance and Administration (IGA)

    NOTE:This installation is supported only on Linux. For more information, see Installing Sentinel Log Management for Identity Governance and Administration in the NetIQ Identity Manager Setup Guide for Linux.

  2. Identity Manager Server components

  3. Identity Reporting components (also installs single sign-on component)

  4. Self-Service Password Reset

  5. Designer

  6. Analyzer

  1. Install and configure Identity Manager Server Components

For installation instructions, see Installation Procedures for Identity Manager Server, Identity Applications, and Identity Reporting in the NetIQ Identity Manager Setup Guide for Windows.

For configuration instructions, see the respective Identity Server component-specific configuration procedures in the NetIQ Identity Manager Setup Guide for Windows.

  1. Install and configure Identity Reporting components

For installation instructions, Installation Procedures for Identity Manager Server, Identity Applications, and Identity Reporting in the NetIQ Identity Manager Setup Guide for Windows:

For configuration instructions, see Configuring Identity Reporting in the NetIQ Identity Manager Setup Guide for Windows.

NOTE:You must import the report definitions into Identity Reporting. To download them, use the Download page within the Reporting application.

  1. Install and configuring the Password Management Component

For installation instructions, see Installing SSPR in the NetIQ Identity Manager Setup Guide for Windows.

For configuration instructions, see Configuring Self Service Password Reset for Identity Manager in the NetIQ Identity Manager Setup Guide for Windows.

  1. Activating Identity Manager

Activate your Identity Manager components. For more information, see Activating Identity Manager in the NetIQ Identity Manager Setup Guide for Windows.

5.0 Creating and Assigning rptadmin Role to a User

You create an Organizational Role object in the Identity Vault and then assign this role to a new user or an existing user by using iManager.

  1. Create an Organizational Role object.

    1. In NetIQ iManager, click View Objects.

    2. Click the Organizational Unit in which you want to create a new Report Administrator (reportAdmin) role.

    3. Click New > Create Object.

    4. From Available object classes, select Organizational Role and click OK.

    5. Type the name and context of the object or use the Object Selector to find it, then click OK.

    6. When the confirmation message appears, click OK.

  2. Assign reportAdmin role to a user object.

    1. In NetIQ iManager, click Roles and Tasks.

    2. Click Directory Administration > Modify Object.

    3. Specify the name and context of the user object or use the Object Selector to locate it, then click OK.

      The Content frame displays the user object’s property book.

    4. On the General tab, click the Other page.

    5. On the screen that appears, select Object Class from Valued Attributes.

    6. Click Edit to add a new attribute to the user object.

    7. Click +, then specify a name, nrfIdentity, for the attribute, and click OK.

    8. Click OK to save your changes.

    9. Select Object Class from Valued Attributes.

    10. From Unvalued Attributes, select nfrmemberof attribute, then click Right Arrow graphic to add this attribute to Valued Attributes.

    11. To specify a value for the attribute, browse to the reportAdmin role that you created in Step 1.

      If you are using Firefox, click the + symbol to add information instead of typing directly in the field.

    12. Click Apply or OK to save the changes.

6.0 Post-Installation Tasks

To modify installation properties after installation, run the configuration update utility depending on your platform.

  • Linux: Run configupdate.sh from /opt/netiq/idm/apps/configupdate.

  • Windows: Run configupdate.bat from C:\netiq\idm\apps\IDMReporting\bin.

If you change any setting for Identity Reporting through the configuration update utility, you must restart the Tomcat application server for the changes to take effect. However, you do not need to restart the application server after making changes in the web user interface for Identity Reporting.

7.0 Upgrading Identity Manager

NetIQ supports the following upgrade paths for upgrading to Identity Manager 4.8:

  • Identity Manager 4.7 Standard Edition to Identity Manager 4.8 Standard Edition

  • Identity Manager 4.7 Standard Edition to Identity Manager 4.8 Advanced Edition

    You cannot perform a direct upgrade from Identity Manager 4.7 Standard Edition to Identity Manager 4.8 Advanced Edition. However, you can choose one of the following approaches to complete the upgrade:

    • Upgrade Identity Manager 4.7 Standard Edition to Identity Manager 4.8 Standard Edition and then upgrade to Identity Manager 4.8 Advanced Edition.

    • Upgrade Identity Manager 4.7 Standard Edition to Identity Manager 4.7 Advanced Edition and then upgrade to Identity Manager 4.8 Advanced Edition.

7.1 Upgrading Identity Manager 4.7 Standard Edition to Identity Manager 4.8 Standard Edition

Before performing an upgrade, NetIQ recommends that you review Upgrading to Standard Edition section in the NetIQ Identity Manager 4.8 Release Notes and then complete the following tasks in the same sequence:

NOTE:The same steps apply if you are upgrading from 4.6.4 Standard Edition to 4.8 Standard Edition.

Table 3 Checklist for Upgrading form Identity Manager 4.7 Standard Edition to Identity Manager 4.8 Standard Edition

Task

Linux

Windows

  1. Review the differences between an upgrade and a migration

See Understanding Upgrade Process in the NetIQ Identity Manager Setup Guide for Linux.

See Understanding Upgrade and Migration in the NetIQ Identity Manager Setup Guide for Windows.

  1. Plan your upgrade

You cannot directly upgrade or migrate to the 4.8 version from versions before 4.6. For information on the supported upgrade paths, see Upgrading from Identity Manager 4.6.x versions in the Identity Manager 4.8 Release Notes.

You cannot directly upgrade or migrate to the 4.8 version from versions before 4.6. For information on the supported upgrade paths, see Upgrading from Identity Manager 4.6.x versions in the Identity Manager 4.8 Release Notes.

  1. Get the files needed for upgrade/migrate

Ensure that you have the latest installation kit to upgrade/migrate Identity Manager to 4.8 Standard Edition.

Ensure that you have the latest installation kit to upgrade/migrate Identity Manager to 4.8 Standard Edition.

  1. Interaction among Identity Manager components

See Considerations for Installing Identity Manager Components in the NetIQ Identity Manager Setup Guide for Linux.

See Installation and Configuration Process Overview in the NetIQ Identity Manager Setup Guide for Windows.

  1. System requirements

Ensure that your computers meet the hardware and software prerequisites for a newer version of Identity Manager. For more information, see the Identity Manager System Requirements page.

Ensure that your computers meet the hardware and software prerequisites for a newer version of Identity Manager. For more information, see the Identity Manager System Requirements page.

  1. Back up the current project, driver configuration, and databases

See Backing Up the Current Configuration in the NetIQ Identity Manager Setup Guide for Linux.

See Backing Up the Current Configurationin the NetIQ Identity Manager Setup Guide for Windows.

  1. Upgrade Analyzer

See Upgrading Analyzer in the NetIQ Identity Manager Setup Guide for Linux.

See Upgrading Analyzer in the NetIQ Identity Manager Setup Guide for Windows.

  1. Upgrade Designer

See Upgrading Designer in the NetIQ Identity Manager Setup Guide for Linux.

See Upgrading Designer in the NetIQ Identity Manager Setup Guide for Windows.

  1. Upgrade eDirectory

See Upgrading the Identity Vault in the NetIQ Identity Manager Setup Guide for Linux.

See Upgrading the Identity Vault in the NetIQ Identity Manager Setup Guide for Windows.

  1. Upgrade iManager

Upgrade iManager to the latest version. For upgrade instructions, see Upgrading iManager in the NetIQ Identity Manager Setup Guide for Linux.

Upgrade iManager to the latest version. For upgrade instructions, see Upgrading iManager in the NetIQ Identity Manager Setup Guide for Windows.

  1. Stop the drivers

See Stopping the Drivers in the NetIQ Identity Manager Setup Guide for Linux.

Stop the drivers that are associated with the server where you installed the Identity Manager engine. For more information, see Stopping and Starting Identity Manager Drivers in the NetIQ Identity Manager Setup Guide for Windows.

  1. Upgrade the Identity Manager Server Components

See Upgrading Identity Manager Engine in the NetIQ Identity Manager Setup Guide for Linux.

See Upgrading the Identity Manager Engine Components in the NetIQ Identity Manager Setup Guide for Windows.

  1. (Conditional) Upgrade the packages

This is only required if a newer version of a package is available and there is a new functionality included in the policies for a driver that you want to add to your existing driver.

This is only required if a newer version of a package is available and there is a new functionality included in the policies for a driver that you want to add to your existing driver.

  1. Apply Identity Manager 4.8 Standard Edition activation key

In iManager, make sure that you apply the Identity Manager 4.8 Standard Edition activation. If you do not apply the activation, Identity Manager engine and drivers run in the evaluation mode.

In iManager, make sure that you apply the Identity Manager 4.8 Standard Edition activation. If you do not apply the activation, Identity Manager engine and drivers run in the evaluation mode.

  1. Upgrade Identity Reporting

See Upgrading Identity Reporting in the NetIQ Identity Manager Setup Guide for Linux.

See Upgrading Identity Reporting in the NetIQ Identity Manager Setup Guide for Windows.

  1. Start the drivers

Start the drivers associated with the Identity Reporting and Identity Manager engine. For more information, see Starting the Drivers in the NetIQ Identity Manager Setup Guide for Linux.

Start the drivers associated with the Identity Reporting and Identity Manager engine. For more information, see Starting the Drivers in the NetIQ Identity Manager Setup Guide for Windows.

  1. (Conditional) Restore your custom settings

If you have custom policies and rules, restore your custom settings. For more information, see Restoring Custom Policies and Rules to the Driver in the NetIQ Identity Manager Setup Guide for Linux.

If you have custom policies and rules, restore your custom settings. For more information, see Restoring Custom Policies and Rules to the Driver in the NetIQ Identity Manager Setup Guide for Windows.

  1. (Conditional) Upgrade Sentinel

If you are using NetIQ Sentinel, ensure that you are running the latest service pack. For more information about upgrading Sentinel, see the NetIQ Sentinel Installation and Configuration Guide.

Sentinel installation is not supported on Windows.

7.2 Upgrading Identity Manager 4.7 Standard Edition to Identity Manager 4.8 Advanced Edition

Upgrading Identity Manager 4.7 Standard Edition to Identity Manager 4.8 Advanced Edition involves configuration changes for the Identity Manager components. You do not need to run the Identity Manager installation program to perform this upgrade.

The Identity Manager 4.8 Advanced Edition includes all the features included in the Standard Edition along with additional features such as identity applications. The NetIQ Identity Manager 4.8 Release Notesincludes brief details of the new features in Identity Manager 4.8.

To perform the upgrade, NetIQ recommends that you complete the steps in the below checklist in the given order:

NOTE:The same steps apply if you are upgrading from 4.6.4 Standard Edition to 4.8 Advanced Edition.

Table 4 Checklist for Upgrading form Identity Manager 4.7 Standard Edition to Identity Manager 4.8 Advanced Edition

Task

Linux

Windows

  1. Review the differences between an upgrade and a migration

Review the differences between an upgrade and a migration. For more information, see Understanding Upgrade Process in the NetIQ Identity Manager Setup Guide for Linux.

Review the differences between an upgrade and a migration. For more information, see Understanding Upgrade and Migration in the NetIQ Identity Manager Setup Guide for Windows.

  1. Plan your upgrade

You cannot directly upgrade or migrate to the 4.8 version from versions before 4.6. For information on the supported upgrade paths, see Upgrading from Identity Manager 4.6.x versions in the Identity Manager 4.8 Release Notes.

You cannot directly upgrade or migrate to the 4.8 version from versions before 4.6. For information on the supported upgrade paths, see Upgrading from Identity Manager 4.6.x versions in the Identity Manager 4.8 Release Notes.

  1. Get the files needed for upgrade/migrate

Ensure that you have the latest installation kit to upgrade Identity Manager to 4.8 Advanced Edition.

Ensure that you have the latest installation kit to upgrade Identity Manager to 4.8 Advanced Edition.

  1. Learn about the interaction among Identity Manager components

For more information, see Planning Your Installation in the NetIQ Identity Manager Setup Guide for Linux.

For more information, see Planning Your Installation in the NetIQ Identity Manager Setup Guide for Windows.

  1. System requirements

Ensure that your computers meet the hardware and software prerequisites for a newer version of Identity Manager. For more information, see the Identity Manager System Requirements page.

Ensure that your computers meet the hardware and software prerequisites for a newer version of Identity Manager. For more information, see the Identity Manager System Requirements page.

  1. Stop the application server where Identity Reporting is installed

Stop Tomcat.

Stop Tomcat.

  1. Uninstall Identity Reporting

Uninstall the Identity Reporting WAR files from your application server. To do this, follow the instructions in the documentation specific to your application server. For more information, see Uninstalling Identity Reporting in the NetIQ Identity Manager Setup Guide for Linux.

Uninstall the Identity Reporting WAR files from your application server. To do this, follow the instructions in the documentation specific to your application server. For more information, see Uninstalling Identity Reporting in the NetIQ Identity Manager Setup Guide for Windows.

  1. Apply the Identity Manager 4.8 Advanced Edition activation key

In iManager, ensure that you apply the Identity Manager 4.8 Advanced Edition activation key. Otherwise, Identity Manager engine upgrade does not proceed.

In iManager, ensure that you apply the Identity Manager 4.8 Advanced Edition activation key. Otherwise, Identity Manager engine upgrade does not proceed.

  1. Install and configure the identity applications

For installation instructions, see Performing an Interactive Installation or Performing a Silent Installation in the NetIQ Identity Manager Setup Guide for Linux.

For configuration instructions, see Configuring the Identity Manager Components in the NetIQ Identity Manager Setup Guide for Linux.

For installation instructions, see Installation Procedures for Identity Manager Server, Identity Applications, and Identity Reporting in the NetIQ Identity Manager Setup Guide for Windows.

For configuration instructions, see Configuring Identity Applications in the NetIQ Identity Manager Setup Guide for Windows.

  1. Install and configure Identity Reporting

For installation instructions, see Performing an Interactive Installation or Performing a Silent Installation in the NetIQ Identity Manager Setup Guide for Linux.

For configuration instructions, see Configuring the Identity Manager Components in the NetIQ Identity Manager Setup Guide for Linux.

For installation instructions, see Installation Procedures for Identity Manager Server, Identity Applications, and Identity Reporting in the NetIQ Identity Manager Setup Guide for Windows.

For configuration instructions, see Configuring Identity Reporting in the NetIQ Identity Manager Setup Guide for Windows.

  1. (Conditional) Restore your custom settings

If you have custom policies and rules, restore your custom settings. For more information, see Restoring Custom Policies and Rules to the Driver in the NetIQ Identity Manager Setup Guide for Linux.

If you have custom policies and rules, restore your custom settings. For more information, see Restoring Custom Policies and Rules to the Driver in the NetIQ Identity Manager Setup Guide for Windows.

  1. (Conditional) Upgrade Sentinel

(Conditional) If you are using NetIQ Sentinel, ensure that you are running the latest service pack. For more information about upgrading Sentinel, see the NetIQ Sentinel Installation and Configuration Guide.

Sentinel installation is only supported on Linux.

(Conditional) If you are using NetIQ Sentinel, ensure that you are running the latest service pack. For more information about upgrading Sentinel, see the NetIQ Sentinel Installation and Configuration Guide.

7.3 Updating the Configuration Information of the Data Collection Service Driver

  1. Launch Designer, then go to DCS Driver Configuration > Driver Parameters > Driver Options.

  2. In the Managed System Gateway Registration section, change the settings as below:

  3. Save the settings, then deploy the DCS driver.

  4. Restart the DCS driver.

    Upgrading the Identity Reporting might not immediately show the Advanced Version. The version change occurs after the next batch of events is processed.

8.0 Uninstalling Identity Manager 4.8 Standard Edition

Some components of Identity Manager have prerequisites for uninstallation. Ensure that you review all the information for each component before beginning the uninstallation process. For more information, see Uninstalling Identity Manager Components in the NetIQ Identity Manager Setup Guide for Linux or Uninstalling Identity Manager Components in the NetIQ Identity Manager Setup Guide for Windows.

9.0 Legal Notice

For information about NetIQ legal notices, disclaimers, warranties, export and other use restrictions, U.S. Government restricted rights, patent policy, and FIPS compliance, see https://www.netiq.com/company/legal/.

Copyright (C) 2019 NetIQ Corporation. All rights reserved.