6.3 Prerequisites for Identity Governance

You can install Identity Governance and OSP in a stateless cluster. For more information about the installation requirements, see Section 2.3.4, Ensuring High Availability or Load Balancing for Identity Governance.

The Identity Governance server must include the supported versions of Zulu OpenJDK, and Apache Tomcat application server.

For best performance, do not install Identity Governance on the same server as the databases; however, the database server and the Identity Governance server must run in the same subnetwork.

Do not install Identity Governance or its database on a server that is already running components for Identity Manager. For example, do not install on the same server as Identity Manager Home and Provisioning Dashboard.

You must use Latin-1 characters in the installation path.

(Optional) If you want to enable auditing for Identity Governance, you must configure the audit server to use TLS before beginning the Identity Governance installation so that the Identity Governance installer can connect to the audit server and retrieve the audit server’s certificate to add to the Identity Governance keystore.

Do not use mixed case domains. Identity Governance utilizes OAuth2 for authentication. OAuth2 does not support mixed case domains. For more information, see RCF 3986 Section 6.2.1 Simple String Comparison.

To use an identity service as your data source for Identity Governance users, ensure that you have Active Directory or eDirectory already installed. For more information, see Adding Identity Governance Users in Identity Governance User and Administration Guide.

To integrate Identity Governance with Identity Manager, the Identity Manager component must already be installed and configured with OSP.

Ensure that the communication ports that you want to use are open in the firewall. For more information, see Section A.0, Ports Used in Identity Governance.