立即与支持人员聊天
与支持团队交流

Identity Manager 9.2 - Installation Guide

About this guide One Identity Manager overview Installation prerequisites Installing One Identity Manager Installing and configuring the One Identity Manager Service Automatic updating of One Identity Manager Updating One Identity Manager Installing additional modules for a existing One Identity Manager installation Installing and updating an application server Installing the API Server Installing, configuring, and maintaining the Web Designer Web Portal Installing and updating the Manager web application Logging in to One Identity Manager tools Troubleshooting Advanced configuration of the Manager web application Machine roles and installation packages Configuration parameters for the email notification system How to configure the One Identity Manager database using SQL Server AlwaysOn availability groups

Installing the Web Designer Web Portal

The following describes how to the install the Web Designer Web Portal. Please note the following information:

NOTE:

  • Before installation ensure that the minimum hardware and software prerequisites are fulfilled on the server.

  • Prepare an application server on which the search service for the Web Designer Web Portal is installed.

  • Start the Web Designer Web Portal installation locally on the server.

  • If you install the Web Designer Web Portal with HTTPS, the transfer method for cookies is configured to use HTTPS in the Web Installer.

  • If you change the SSL settings for the Web Designer Web Portal at a later time, you must manually update the value in the Web Portal's web.config configuration file.

  • Default values are used for the configuration settings during installation. You can keep these values. Check the settings using the Web Designer Configuration Editor.

    To make a modification

    • Example: Enter the value <httpCookies requireSSL="true"> in the web.config under element <system.web>.

NOTE: On Linux operating systems, use of oneidentity/oneim-web docker images is recommended.

To install the Web Designer Web Portal

  1. Launch autorun.exe from the root directory of the One Identity Manager installation medium.

  2. On the installation wizard's home page, perform the following actions:

    1. Change to the Installation tab.

    2. In the Web-based components pane, click Install.

    This starts the Web Installer.

  3. On the start page of the Web Installer, click Install Web Portal and click Next.

  4. On the Database connection page, do the following.

    • To use an existing connection to the One Identity Manager database, select it in the Select a database connection menu.

      - OR -

    • To create a new connection to the One Identity Manager database, click Add new connection and enter a new connection. For more information, see Configuring database connections.

  5. Select the authentication method and enter the login data for the database under Authentication method.

  6. Click Continue.

  7. Configure the following settings on the Select setup target page.

    Table 30: Settings for the installation target
    Setting Description

    Application name

    Enter the name to use in the browser as the application name.

    Target in IIS

    Select the website on the Internet Information Services where the application is installed.

    Enforce SSL

    Specifies whether secure or insecure websites are available to install.

    If the option is set, only sites secured by SSL can be used for installing. This setting is the default value.

    If this option is not set, insecure websites can be used for installing.

    URL

    Enter the application's URL.

    Install dedicated application pool

    Enable this option if you want to install a separate application pool for each application. This allows applications to be set up independently of one another. If this option is set, each application is installed in its own application pool.

    Application pool

    Select the application pool to use. This can only be entered if the Install dedicated application pool option is not set.

    If you use the DefaultAppPool default value, the application pool has the following syntax:

    <application name>_POOL

    Identity

    Specify the permissions for implementing the application pool. You can use a default identity or a custom user account.

    If you use the ApplicationPoolIdentity default value, the user account has the following syntax:

    IIS APPPOOL\<application name>_POOL

    You can authorize another user by clicking ... next to the box, enabling the option Custom account and entering the user and password.

    Assign file permissions for application pool identity

    Specify whether the identity that the application pool was running with obtains the file permissions.

    Web authentication

    Specify which type of authentication to use against the web application. You have the following options:

    • Windows authentication (single sign-on)

      The user is authenticated against the Internet Information Services using their Windows user account and the web application logs in the identity assigned to the user account as role-based. If single sign-on is not possible, the user is diverted to a login page. You can only select this authentication method if Windows authentication is installed.

    • Anonymous

      Login is possible without Windows authentication. The user is authenticated against the Internet Information Services and the web application anonymously, and the web application is directed to a login page.

    Database authentication

    NOTE: You can only see this section if you have selected an SQL database connection on the Database connection page.

    Specify which type of authentication to use against the One Identity Manager database. You have the following options:

    • Windows authentication

      The web application is authenticated against the One Identity Manager database with the same Windows user account that your application pool uses. Login is possible with a user-defined user account or a default identity for the application pool.

    • SQL authentication

      Authentication is completed with a SQL Server login and password. The SQL Server login from the database connection is used. Use the [...] button to enter a different SQL login, for example, if the application is run with a access level for end users. This access data is saved in the web application configuration as computer specific encrypted.

  8. Click Continue.

    If you have selected a direct database connection in step 4, the page Select application server appears.

  9. (Optional) On the Select application server page, configure the following settings.

    NOTE: If you would like to use the full text search in the Web Designer Web Portal, then you must specify an application server. You can enter the application server in the configuration file at a later date.

    NOTE: If you are using Windows authentication and the application server is located on a different host to that of the Web Designer Web Portal, or if the application server uses a different user account for the application pool to that used by the Web Designer Web Portal, then some further Active Directory settings must be configured (like a Kerberos delegation).

    1. Click Select application server.

    2. In the dialog, in the URL field, enter the application server's address that is running the search service for full-text search.

    3. Click OK.

  10. On the Select application server page, click Next.

  11. On the Installation source page, perform one of the following actions in the Installation source pane.

    • To retrieve the installation data from the database, activate the Load from database option.

      - OR -

    • To retrieve the installation data from the installation media (e.g. from the hard drive), activate the Load from local folder option and enter the path.

  12. In the Web Project section, select the desired web project in the Web Project menu and specify the authentication data, if necessary.

    NOTE: If no further authentication settings are required, the message No authentication data required is displayed.

    1. Click .

    2. In the Authentication data dialog, click a red project.

    3. Under Authentication method, specify the method and login data you would like to use.

    4. Repeat these steps for all other red projects.

    5. Click OK.

  13. In the Set update credentials section, specify the user account for automatic updating by enabling one of the following options:

    NOTE: The user account is used to add or replace files in the application directory.

    • Use IIS credentials for update: Set this option to use the user account used by the application pool to run updates.

    • Use other credentials for updates: To use a different user account, set this option. Specify the domain, the user name, and the user password.

  14. Click Continue.

  15. Click Continue.

    The Setup is running page opens and shows the progress of each installation step. The Web Installer generates the web application and the corresponding configuration files for each folder.

  16. Once installation is complete, click Next.

  17. On the Validate installation page, test the start of the web application. The base URL is displayed for mail distribution. If you wish to use a different URL, select this from the Change to field.

  18. Click Continue.

  19. On the Wizard complete page, click Finish.

  20. Close the autorun program.

Related topics

Updating the Web Designer Web Portal

NOTE:

  • We recommend that you perform the automatic update only in specific maintenance windows, in which the application cannot be accessed by users and the application can be manually restarted with no risk.

  • The following permissions are required for automatic updating:

    • The user account for updating requires write permissions for the application directory.

    • The user account for updating requires the local security policy Log on as a batch job.

    • The user account running the application pool requires the Replace a process level token and Adjust memory quotas for a process local security policies.

The configuration settings for the automatic update of the web application are made in the configuration file web.config. You can do this using the Web Designer Configuration Editor.

To update the web application automatically

  1. Open the Runtime Monitor in the browser.

  2. On the Status tab, select either the Update now or the Update when all user sessions are closed options.

To update a web application manually

  • Uninstall the existing Web Designer Web Portal and re-install the Web Designer Web Portal.

Note that each write access to the web application's bin folder causes the web application to restart. This means that all active sessions in the application are closed and all unsaved data is lost. For this reason, you should only perform manual updates of the web application if no active session is running.

Related topics

Uninstalling the Web Designer Web Portal

Perform the following steps to uninstall the web application.

To uninstall a web application

  1. Launch autorun.exe from the root directory of the One Identity Manager installation medium.

  2. On the start page of the installation wizard:

    1. Change to the Installation tab.

    2. In the Web-based components pane, click Install.

    This starts the Web Installer.

  3. On the Web Installer start page, click Uninstall a web application and click Next.

  4. On the Uninstall a web application page, double-click the application that you want to remove.

    The icon is displayed in front of the application.

  5. Click Next.

  6. On the Database connection page, select the database connection and authentication method and enter the corresponding login data.

  7. Click Next.

  8. Confirm the security prompt with Yes.

  9. The uninstall progress is displayed on the Setup is running page.

  10. Once installation is complete, click Next.

  11. On the Wizard complete page, click Finish.

  12. Close the autorun program.

Configuring the Web Designer Web Portal

Web Designer Web Portal configuration covers a number of settings. The configuration is saved in the web.config, NLog.config, and monitor.config web application configuration files, which are found in the base directory of the web application, and in the table QBMWebApplication of the One Identity Manager database.

Use the Web Designer Configuration Editor (WebDesigner.ConfigFileEditor.exe) to edit the web.config configuration file.

Connection strings and login data are automatically encrypted in the configuration files noted above with the default Microsoft ASP.NET cryptography.

To configure a web application

  1. Start the WebDesigner.ConfigFileEditor.exe program from the installation directory of the web application.

  2. Select the web.config configuration file in the Open configuration file view and click Open.

  3. Select the required authentication procedure and log on.

Make the configuration settings in the individual areas of the Web Designer Configuration Editor.

Detailed information about this topic
相关文档

The document was helpful.

选择评级

I easily found the information I needed.

选择评级