Gather the information listed in the following worksheet before starting the Identity Reporting installation. Use the information in the worksheet when you install Identity Reporting on a separate server from Identity Governance. If you are installing Identity Governance and Identity Reporting on the same server, follow the Identity Governance installation procedure. For more information, see Section 6.0, Installing Identity Governance.
Table 7-1 Identity Reporting Installation Worksheet
|
Item |
Description |
Value |
|---|---|---|
|
Installation location |
Specify the installation path for Identity Reporting. WARNING:Spaces in the path are not supported. The default directory is:
|
|
|
(Conditional) Workflow Engine Installation Location |
If you are installing the Workflow Engine on the same server as Identity Reporting, specify the installation path. WARNING:Spaces in the path are not supported. The default directory is:
|
|
|
Tomcat installation location |
Specify the path to the Apache Tomcat home directory. The installation process adds some files for Identity Reporting to this folder. WARNING:Spaces in the path are not supported. The default location is:
|
|
|
JRE home folder |
Specify the path to the Zulu JRE directory. The Zulu JRE is installed when you install the Zulu OpenJDK. The installation process uses Java for several processes, such as running commands and creating security stores. WARNING:Spaces in the path are not supported. The default location is:
|
|
|
(Conditional) Encryption Keystore |
If Identity Reporting is not installed at the same time as Identity Governance, then you must specify the encryption keystore file. You must always select the Use existing option so that you can select the encrypt-keys.pkcs12 file that was created while installing OSP. If OSP is on a separate server, copy the encrypt-keys.pkcs12 file from the installed location of the first server to the second server. Then during installation, navigate to the location where you had copied the file and then select the file. If OSP is on the same server, navigate to the /opt/netiq/idm/apps/tomcat/conf folder and select the encrypt-keys.pkcs12 file. Select the Create new option if you do not have an existing encryption key from a previous OSP or Identity Governance installation. |
|
|
Encryption Keystore Password |
Enter the encryption keystore password that you have created while installing OSP or enter a new password when using Access Manager as your authentication method. |
|
|
Trust store password |
If you have a trust store that contains the certificates for TLS communication, specify that password, otherwise, specify a password that is six characters or longer and has no spaces. The installer creates the trust store for you using this password. For more information, see Section 3.9, Securing Connections with TLS/SSL. |
|
|
Authentication Service |
Use the following sections to gather information about your OSP deployment or your Access Manager deployment. You must use one of these services to deploy Identity Reporting. |
|
|
Access Manager or OSP |
Select the appropriate authentication service for your environment. Depending on your choices, there are different options presented that you must populate with the information for the specific authentication service. The options are OSP or Access Manager. |
|
|
(Conditional) OSP > Application address |
If you selected Access Manager, skip the sections about OSP. Specify the URL connection information the clients use to access Identity Reporting. |
|
|
OSP > Identity Reporting Protocol |
Select if you want to use http or https for Identity Reporting. If you select https, you must have configured Apache Tomcat for TLS/SSL communication on the Identity Reporting server. For more information, see Section 3.9, Securing Connections with TLS/SSL. |
|
|
OSP > Identity Reporting Host name |
WARNING:Use the fully qualified domain name (FQDN) rather than localhost or an IP address. In a non-clustered environment, specifies the DNS name of the Identity Reporting server. In a clustered environment, specifies the DNS name of the server that hosts the load balancer or the reverse proxy. |
|
|
OSP > Identity Reporting Port |
Specify the port you want the Identity Reporting server to use for communication with client computers. The default is 8080. To use TLS/SSL, the default is 8443. When installing in a clustered environment or when using a reverse proxy, specify the port of the load balancer or of the reverse proxy. |
|
|
(Conditional) OSP > Connect to an external OSP server |
If you have OSP installed on a separate server from Identity Reporting, select this option and the define the protocol, host name, and port for the external OSP server. |
|
|
OSP > OSP authentication server protocol |
If OSP is on a separate server from Identity Reporting, select whether the clients that connect to OSP use http or https. To use https, ensure that you have configured the Apache Tomcat instance on the OSP server to use SSL/TLS. For more information, see Section 3.9, Securing Connections with TLS/SSL. |
|
|
OSP > OSP authentication server host name |
WARNING:Use the fully qualified domain name (FQDN) rather than localhost or an IP address of the external OSP server. In a non-clustered environment, specifies the DNS name of the OSP server. In a clustered environment, specifies the DNS name of the server that hosts the load balancer or the reverse proxy for OSP. |
|
|
OSP > OSP authentication server port |
Specify the port that the clients use to access OSP. For http, the default port 8080. For https, the default port is 8443. |
|
|
(Conditional) Access Manager > Application address |
If you selected OSP, skip the following sections about Access Manager. |
|
|
Identity Reporting protocol |
Select if you want to use http or https for Identity Reporting. |
|
|
Identity Reporting host name |
WARNING:Use the fully qualified domain name (FQDN) rather than localhost or an IP address of the Apache Tomcat instance for Identity Reporting. |
|
|
Identity Reporting port |
Specify the port that Identity Reporting uses. The default port for http is 8080. The default port for https is 8443. |
|
|
Access Manager IDP Host name |
WARNING:Use the fully qualified domain name (FQDN) rather than localhost or an IP address. Specify the DNS name of the Access Manager identity provider server. |
|
|
Access Manager IDP Port |
Specify the port the Access Manager identity provider uses. The default port is 443. |
|
|
Access Manager Console host name |
Specify the DNS name of the Access Manager administration console. |
|
|
Access Manager Console port |
WARNING:Use the fully qualified domain name (FQDN) rather than localhost or an IP address. Specify the port of the Access Manager administration console. The default port is 443. |
|
|
Identity Governance details |
If you are installing Identity Reporting after you have installed Identity Governance, you must provide information about the protocol, server, and port. |
|
|
Identity Governance protocol |
Provide information about the communication protocol. |
|
|
Identity Governance server information |
Provide the Identity Governance host name. |
|
|
Identity Governance port number |
Provide the Identity Governance port information. |
|
|
Service Password |
This is an OAuth 2.0 password that allows users to single sign-on to Identity Reporting. Specify this password and remember it for later use. You can change this password after the installation completes through the configuration utilities. |
|
|
(Conditional) Access Manager > Bootstrap Administrator Details |
|
|
|
Bootstrap admin DN |
Specify the DN of the LDAP bootstrap administrator for Identity Governance. You must have an LDAP bootstrap administrator to integrate with Access Manager. For more information, see Section 4.1.1, Using the Bootstrap Administrator. |
|
|
Bootstrap admin password |
Specify the password of the LDAP bootstrap administrator account for Identity Governance. |
|
|
Access Manager admin DN |
Specify the DN of an Access Manager administrator account. |
|
|
Access Manager admin password |
Specify the password for the Access Manager administrator account. |
|
|
Database Details |
Collect the following information for the database type that you have selected to use. Ensure that you install the database before starting the Identity Reporting installation. For more information, see Section 5.8, Creating the Databases before Installing Identity Governance. |
|
|
Database type: |
Select the type of database that you are using.
For a list of the supported database versions, see Section 2.4.2, Database Requirements. |
|
|
Database Configuration Details |
Select one of the following three options: |
|
|
Database details > Configure database now |
Select this option to have the installer create and populate the database. You select this option if you are performing an upgrade or a new installation. For more information, see Section 5.4, Using the Identity Governance Installer to Create and Populate the Databases. |
|
|
Database details > Generate SQL for later |
Select this option to have your database administrator create and populate the database for Identity Reporting using the SQL scripts generated and stored by the installer in the following default directory for Identity Reporting:
If you install the Workflow Engine at the same time, the Workflow Engine files are located in the following default directory:
For more information about using the SQL files, see Section 5.11, Configuring the Databases Using the SQL Scripts. |
|
|
Database details > No database configuration |
Select this option to do nothing. You would select this option if you were installing the second node in a cluster. For more information, see Section 2.3.4, Ensuring High Availability or Load Balancing for Identity Governance. |
|
|
Host |
WARNING:Use the fully qualified domain name (FQDN) rather than localhost or an IP address. Specify the DNS name of the database server. |
|
|
Port |
Specify the port the database server uses to communicate. The default port is:
|
|
|
(Conditional) Microsoft SQL Server JDBC JAR |
If you are using the Microsoft SQL Server, specify the path to the Microsoft SQL Server JDBC JAR file. For more information, see Section 5.7, Adding the JDBC File to the Application Server. |
|
|
(Conditional) Oracle Database Details |
If you are using an Oracle database, gather the following information to complete the Identity Reporting installation. |
|
|
Oracle JDBC JAR |
Specify the path to the Oracle JDBC JAR file. For more information, see Section 5.7, Adding the JDBC File to the Application Server. |
|
|
Oracle Database name |
Specify the name of the Oracle database where the installer will add the schema for Identity Reporting. For example, oracleidgov. |
|
|
Oracle User tablespace |
Specify the name of the database storage unit for storing the schema for the Identity Reporting databases. The default is USERS. |
|
|
Oracle Temporary tablespace |
Specify the name of the temporary database storage unit for storing the schema. The default name is TEMP. |
|
|
Database credentials |
Specify the credentials for accessing the various databases. |
|
|
(Conditional) Database Administrator user and password |
Specify the credentials of a database account that can access and modify data in the databases. This account must be able to create databases, tables, views, and other artifacts. You can test the connection to the database. |
|
|
Reporting database user’s password |
Specify the password for the reporting database user that you created during the Identity Governance installation. The default user name is igrptuser. |
|
|
(Conditional) Reporting database name |
Specify the name of the required database for Identity Reporting. The default name is igrpt. |
|
|
(Conditional) Workflow Engine database name |
If you are installing the Workflow Engine with Identity Reporting, then specify the name of the database for the Workflow Engine. The default name is igaworkflowdb. |
|
|
(Conditional) Workflow Engine database user name |
Specify the user name of the Workflow Engine database. The default name is igawfadmin. |
|
|
(Conditional) Workflow Engine database user’s password |
Specify the password of the Workflow Engine database. |
|
|
Update or Only use existing |
Applies only when you choose to configure the database during the installation. Select whether the installer creates the database name, creates the schema, creates users, creates roles, assigns permissions to roles, and populates the database with this information. Select this option for new installations or upgrades. Or select to use existing databases with your database name and user. |
|
|
Operation user database and password |
Specify the name of the operations database and the password for the operations database. The default name is igops. |
|
|
(Conditional) Different database vendor than Identity Governance |
Select this option if you have a different database type for the Identity Reporting database than what you used for Identity Governance. You can use the same database type for the two components or you can use separate, supported database types. |
|
|
Database host |
Specify the DNS name of the separate database from the database Identity Governance uses. |
|
|
Database port |
Specify the port the separate database server uses to communicate. The default port is:
|
|
|
Database type: |
Select the type of database that you are using:
For a list of the supported database versions, see Section 2.4.2, Database Requirements. |
|
|
(Conditional) Microsoft SQL Server JDBC JAR |
If you are using Microsoft SQL Server, specify the path to the Microsoft SQL Server JDBC JAR file. For more information, see Section 5.7, Adding the JDBC File to the Application Server. |
|
|
(Conditional) Oracle Database Details |
If you are using an Oracle database, gather the following information to complete the Identity Reporting installation. |
|
|
Oracle JDBC JAR |
Specify the path to the Oracle JDBC JAR file. For more information, see Section 5.7, Adding the JDBC File to the Application Server |
|
|
Oracle Database name |
Specify the name of the Oracle database where you will add the Oracle schema for Identity Reporting. For example, oracleidrpt. |
|
|
Identity Reporting Settings |
Gather the information to define the settings for Identity Reporting. |
|
|
Target Locale |
Select the language Identity Reporting uses to generate the reports. The default is English. |
|
|
Email Delivery |
Gather the following information for the SMTP server that delivers the email notifications about the Identity Reporting reports. |
|
|
Default email address |
Specify the email address that you want Identity Reporting to use as the origin of email notifications. |
|
|
SMTP Server |
Specify the DNS name of the SMTP server that Identity Reporting uses. |
|
|
SMTP Server Port |
Specify the port number for the SMTP server. The default value is 465. |
|
|
(Conditional) Use SSL for SMTP |
Select whether you want to use secure communications with the SMTP server. If you select this option, you must configure your SMTP server for TLS/SSL communication. For more information, see Section 3.9, Securing Connections with TLS/SSL. |
|
|
(Conditional) Require server authentication |
Select whether you want to use authentication for communication with the SMTP server. If you select this option, you must provide the SMTP server credentials. |
|
|
SMTP user name and password |
Specify the credentials for a login account to the SMTP server. |
|
|
Keep finished reports for |
Specify the amount of time that Identity Reporting retains completed reports before deleting them. For example, to specify six months, enter 6, then select Month. |
|
|
Location of report definitions |
Specify a path where you want to store the report definitions. The default directory is:
|
|
|
(Conditional) Auditing Details |
Gather the following information if you want to enable auditing for Identity Reporting. |
|
|
Enable auditing |
Select whether you want to enable auditing. |
|
|
Audit server |
Specify the DNS name of the audit server. |
|
|
Audit port |
Specify the port the audit server uses to communicate. The default port is 6514. |
|
|
Audit cache location |
Specify a local directory on the Identity Reporting server for caching of audit events before they are sent to the audit server. The default directory is:
|
|
|
Secure layer |
Select if you are using TLS communication to the audit server. If you are, you can test the connection before you proceed. For more information, see Section 3.9, Securing Connections with TLS/SSL. |
|
|
ConfigUpdate details |
Specify the directory where the installer installs the Identity Governance Configuration Update utility, if it is not already installed. |
|