Identity Manager WEB 5.x Installation Guide

About this guide

This document gives an overview of the installation of PhenixID Identity Manager. Additional information is found on PhenixID web site or through PhenixID support.

If you are installing a previous version of Identity Manager, please click the following link:
Installation of previous version of Identity Manager

Audience

This document is primarily written for system administrators. The guides describes installation and basic configuration of Identity Manager.

Installation

Prerequisite

Download

Installation media is provided through PhenixID support together with a required license.

Server

Platform support is constantly updated. Contact PhenixID support to get the most accurate list of supported platforms.
PhenixID Identity Manager (PIM) supports Window server or Linux servers.

LICENSE

You need a license file for PIM to start the service. If you do not have a license file, please contact PhenixID Support.

Ports, protocols and service account

There are some ports, servers and clients communication to understand and verify that it is place before starting the installation.

LDAP

Since PIM reads and writes all data in LDAP you need to verify following:

  • LDAP port 636 is open to one or several LDAP servers from PIM server
  • A service account to read and write in LDAP. This is an account in the LDAP directory and it needs all permission that all roles in PIM should be able to do.

HTTP

PIM is an application running on Apache Tomcat. All clients will be browsing the PIM server on the HTTP port you configure.

Server installation

PhenixID Identity Manager will require a minimum of 5 GB of drive space and 2 GB of RAM. Depending on your configuration and usage this setup might be sufficient but 4GB of RAM is recommended for most installations. Please contact PhenixID support for larger installations.

Windows

  1. Double-click the name_of_installation_file to start installation. (run the setup wizard as an administrative account)
  2. At “Welcome to the PhenixID Identity Manager Setup Wizard” – click Next.
  3. At “License Agreement” – Read the license agreement and select “I accept the agreement”, then click Next.
  4. At “Select Destination Directory” – click Next to accept default file path or click browse to change file path.
  5. “Select License File”  Click Browse to locate your license file, then click Next.
  6. “LDAP Settings”
    1. Choose in the drop-down list correct LDAP directory, default is Microsoft Active Directory.
    2. “DNS or IP-Address” – Enter the address for the LDAP server.
      If LDAP source is Active Directory, do NOT use the domain name, make sure to add specific LDAP server.
    3. “Port” – Enter the LDAP port
    4. “SSL” – Select if SSL should be used
    5. “Service Account DN” – Enter the distinguished name for the LDAP Service account
    6. “Password” – Enter the password for the LDAP Service account
    7. “Base DN for Users” – Enter the Base DN for user accounts
    8. “Login attribute” – Accept or change LDAP login attribute
    9. “User objectclass” – Accept or change object class to use for authentication
    10. Click Next to finish the LDAP Settings
  7.  At “HTTP Server Port” select the HTTP port to be used for IM
  8. “Summary” – Install the selected configuration and accept the summary by clicking Install.
  9. “Completing the PhenixID Identity Manager Setup Wizard” – Click Finish to end the setup.

Linux – GUI

  1. chmod +x name_of_installation_file
  2. sudo ./name_of_installation_file to start installation.
  3. “Welcome to the PhenixID Identity Manager Setup Wizard” – click Next.
  4. “License Agreement” – Read the license agreement and select “I accept the agreement”, then click Next.
  5. “Select Destination Directory” – Click Browse to select installation location or accept the default location (/opt/PhenixID/IM/tomcat8-im), then click Next.
  6. “Select License File” – Click Browse to locate your license file or enter the path manually, then click Next.
  7. “LDAP Settings”
    1. Choose in the drop-down list correct LDAP directory, default is Microsoft Active Directory.
    2. “DNS or IP-Address” – Enter the address for the LDAP server
      If LDAP source is Active Directory, do NOT use the domain name, make sure to add specific LDAP server.
    3. “Port” – Enter the LDAP port
    4. “SSL” – Select if SSL should be used
    5. “Service Account DN” – Enter the distinguished name for the LDAP Service account
    6. “Password” – Enter the password for the LDAP Service account
    7. “Base DN for Users” – Enter the Base DN for user accounts
    8. “Login attribute” – Enter the LDAP login attribute
    9. “User objectclass” – Enter the object class to use for authentication
    10. Click Next to finish the LDAP Settings
  8.  At “HTTP Server Port” select the HTTP port to be used for IM
  9. “Summary” – Install the selected configuration and accept the summary by clicking Install.
  10. “Completing the PhenixID Identity Manager Setup Wizard” – Click Finish to end the setup.

Linux – CLI

  1. chmod +x name_of_installation_file
  2. sudo ./name_of_installation_file to start installation.
  3. “This will install PhenixID Identity Manager on your computer” – Press ENTER.
  4. “License Agreement” Read the license agreement, scroll by pressing ENTER and select “I accept the agreement”, by pressing 1 ENTER.
  5. “Where should PhenixID Identity Manager be installed?” – Enter path to installation location or accept the default location (/opt/PhenixID/IM/tomcat8-im), then press ENTER.
  6. “Select License File” – Enter the path to the Identity Manager license file, then press ENTER.
  7. “LDAP configuration”
    1. Choose in the drop-down list correct LDAP directory, default is Microsoft Active Directory.
    2. “DNS or IP-Address” – Enter the address for the LDAP server, then press ENTER.
      If LDAP source is Active Directory, do NOT use the domain name, make sure to add specific LDAP server.
    3. “Port” – Enter the LDAP port, then press ENTER.
    4. “SSL” – press Y ENTER to use SSL, else press N ENTER.
    5. “Service Account DN” – Enter the distinguished name for the LDAP Service account, then press ENTER.
    6. “Password” – Enter the password for the LDAP Service account, then press ENTER.
    7. “Base DN for Users” – Enter the Base DN for user accounts, then press ENTER.
    8. “Login attribute” – Enter the LDAP login attribute, then press ENTER.
    9. “User objectclass” – Enter the object class to use for authentication, then press ENTER.
  8.  At “HTTP Server Port” select the HTTP port to be used for IM
  9. “Summary” – Complete the installation and accept the summary by pressing ENTER.

Post installation

Change HTTP Port

By default Identity Manager (Apache Tomcat) will start on HTTP port 8090. If you like to change to some other port, do following

  1. Open folder \..\PhenixID\IM\server\conf
  2. Open file Server.xml
  3. Find following segment:
    <Connector port=”8090″ protocol=”HTTP/1.1″
    connectionTimeout=”20000″
    redirectPort=”8443″ />
  4. Change 8090 to a preferred port
  5. Save file
  6. Restart the PhenixID Identity Manager service

Change LDAP settings

If you entered any LDAP settings incorrectly you can change those settings in DSEditor.properties.

  1. Open folder \..\PhenixID\IM\customer\config
  2. Open file DSEditor.properties
  3. Find and update the incorrect parameter
  4. Save file
  5. Restart the PhenixID Identity Manager service

Configure Roles

Identity Manager Roles has to be configured in order to be used as desired. By default IM is not shipped with any roles since every customer customize them to there own needs. However, we have created an number of examples roles and forms for you to check to get a better understanding of IM. These roles and forms are created for an Active Directory and could be found here:
PSD1097

Startup

Windows

Make sure there is a license file in the license folder.
PhenixID Identity Manager (IM) may be started as a Windows service or as an application.
Start IM as a service (recommended):
Locate the Windows service “PhenixID Identity Manager” and select Start, in order to start the service.
Start IM manually:
Run [installation path]\server\bin\startup.bat to startup PhenixID Identity Manager.
The startup sequence can be verified in [installation path]\customer\log\im.log.

Linux

Make sure there is a license file in the license folder.
Start [installation path]/server/bin/startup.sh to start the application.
The startup sequence can be verified in [installation path]/customer/log/im.log.

Folder structure

After performing successful installation a folder structure is created under the location chosen during the installation process.

Key folders and their purpose are:

  • application
    • This folder contains Tomcat data.
    • Important! This file will be overwritten during an upgrade.
  • customer
    • This folder should contain any files or data that are specific for your installation. This folder will be untouched during an upgrade
  • server
    • This folder contains Tomcat data.
    • Important! This file will be overwritten during an upgrade.

Backup / Restore

Identity Manager relies on the files and folder created during the installation process as well as the Identity Manager roles that might be located in this folder or in an LDAP directory.

Maintain backup of the installation root directory to make sure the application is backed up. Also make sure all roles are backed up properly from disk or the LDAP directory.  A recovery simply means replacing the current files and folders with the backup content as well as the roles. Replacing single files or directories should only be done if advised by PhenixID support.