Identity Governance provides additional features that increase the capabilities of Identity Governance. These features are Identity Reporting, Workflow Engine, Auditing, and email notifications. If you want this additional functionality, use the following information to prepare the server or servers to enable these features.
Identity Reporting is an optional feature for Identity Governance. The Identity Reporting installer is part of the Identity Governance installer. Depending on your environment, you can install Identity Reporting on the Identity Governance server or on a separate server. If you choose to install Identity Reporting on a separate server, run the Identity Governance installation and be sure that you select only the option to install Identity Reporting.
One of the first options the Identity Governance presents is whether you want to install Identity Governance, Identity Governance and Identity Reporting, or only Identity Reporting. You must choose if you want to install Identity Reporting and how you want to install Identity Reporting before starting the Identity Governance installation. For more information, see Section 2.3, Recommended Production Environment Installation Scenarios.
Install Zulu OpenJDK. For more information, see Section 3.3, Installing Zulu OpenJDK.
Install Apache Tomcat. For more information, see Section 3.4, Installing the Apache Tomcat Application Server.
(Conditional) Configure Apache Tomcat for TLS/SSL communication if you choose to have secure communication between Identity Governance and Identity Reporting. For more information, see Section 3.8, Securing Connections with TLS/SSL.
The Identity Reporting installer prompts for the URL access information for the Identity Reporting server. You are asked for this information before you install Identity Reporting on the separate server. This is why you must have Zulu OpenJDK and Apache Tomcat installed on the separate server.
There are additional tasks you must perform on the separate server before starting the Identity Reporting installation. For more information, see Section 7.0, Installing Identity Reporting.
The Workflow Engine is an optional feature for Identity Governance. The Workflow Engine installer is part of the Identity Governance installer. Depending on your environment, you can install the Workflow Engine on the Identity Governance server or a separate server. If you choose to install the Workflow Engine on a separate server, run the Identity Governance installation and be sure that you select only the option to install Workflow Engine.
The Identity Governance installer presents the following options for installation:
Identity Governance only
Identity Governance and Identity Reporting
Identity Reporting only
Workflow Engine only
Identity Reporting and Workflow Engine
Identity Governance and Workflow Engine
Identity Governance, Identity Reporting, and Workflow Engine
You must determine whether to install the Workflow Engine and how you want to install it before starting the Identity Governance installation. For more information, seeSection 2.3.1, Identity Governance in a New Environment.
Install Zulu OpenJDK. For more information, see Section 3.3, Installing Zulu OpenJDK.
Install Apache Tomcat. For more information, see Section 3.4, Installing the Apache Tomcat Application Server.
(Conditional) Configure Apache Tomcat for TLS/SSL communication if you choose to have secure communication between Identity Governance and Identity Reporting. For more information, see Section 3.8, Securing Connections with TLS/SSL.
Install ActiveMQ. For more information, see Section 3.0, Installing Required Components.
There are additional tasks you must perform on the separate server that will host the Workflow Engine before starting the Workflow Engine installation. For more information, see Section 8.0, Installing Workflow Engine.
OSP, Identity Governance, Identity Reporting, and Workflow Engine provide CEF auditing files you can send to an audit server through syslog. The installers for OSP, Identity Governance, Identity Reporting, and Workflow Engine prompt you if you want to enable auditing. If you select to enable auditing, you must provide the DNS name and port to the audit server. The installers also prompt if you want to communicate securely.
You can enable auditing after the installation of OSP, Identity Governance, Identity Reporting, and Workflow Engine. If you have the audit server installed and configured for TLS/SSL communication before starting the installations, the installers prompt you for the connection information to the audit server and the installers can also import the certificates from the audit server to enable TLS/SSL. To enable auditing during the installations:
Install a supported audit server. For more information, see Section 2.4.6, Audit Server System Requirements.
(Conditional) Configure the audit server to communicate securely by enabling TLS/SSL on the audit server. For more information, see Section 3.8, Securing Connections with TLS/SSL.
To enable auditing after the installations complete, see Section 12.3, Configuring Auditing after the Installation.
Identity Governance sends email notifications to authorized users who can take action through those notifications. To enable email notifications you must have an SMTP server installed and configured. The Identity Governance installer allows you to configure the SMTP server while installing Identity Governance, Identity Reporting or the Workflow Engine. To guarantee the delivery of the emails, you must install ActiveMQ on the server that runs Identity Governance.
You can enable email notification after the installation of the products. However, if you do not provide configuration details during installation, the Identity Governance installer adds default values that you can change through the Identity Governance Configuration Update utility. To configure the email notifications during the installation:
Install and configure an SMTP server.
(Conditional) Configure the SMTP server for secure communications over TLS/SSL. For more information, see Section 3.8, Securing Connections with TLS/SSL.
If you are installing Identity Governance, Identity Reporting, and Workflow Engine together the installer prompts you for the SMTP server information only once.
To enable email notification after the installation is complete, see Section 12.4, Enabling Email Notifications after the Installation.