6.5 Installing Identity Governance

To install Identity Governance or to install Identity Governance with Identity Reporting or Workflow Engine:

1. Log in as root on Linux server or as an administrator on Windows server to the server where you want to install Identity Governance.

2. Download and extract the Identity Governance installation files. For more information, see Section 2.2, Obtaining Identity Governance, Identity Reporting, Workflow Engine, and OSP.

3. If you are in a clustered environment, proceed to Step 4. If you are not using HTTPS for this installation, stop Apache Tomcat. For more information, see Section 3.4.3, Starting and Stopping Apache Tomcat.

4. From the directory that contains the installation files, complete one of the following actions:

   • Linux: Enter the following from a command prompt.

     • Guided:./identity-governance-install-linux.bin

     • Console:./identity-governance-install-linux.bin -i console

   • Windows: Enter the following from a command prompt.

     • Guided: identity-governance-install-win.exe

     • Console: identity-governance-install-win.exe -i console

   NOTE:To execute the file, you might need to use the chmod +x or sh command for Linux or use Run as administrator if you did not log in to your Windows server as an administrator.

5. Read and accept the license agreement.

6. Select whether to install Identity Governance, Identity Reporting, Workflow Engine, or all.

7. Specify an installation path for each installed feature.

8. Complete the installation following the prompts and using the information you gathered in the Table 6-1, Identity Governance Installation Worksheet.

9. Review the pre-installation summary.

   NOTE:Application URL represents the URL that connects users to Identity Governance.

10. Click Install.

11. (Conditional) If prompted, accept the certificates you trust, reject any certificates you do not trust, and acknowledge any errors.

    The installer checks to see if you selected SSL/TLS or HTTPS for communication to the connected systems. The installer attempts to retrieve those certificates and add them to the trust store. If you used a self-signed certificate for any of the connected systems, the installer prompts you to accept or reject the certificates, because self-signed certificates are untrusted certificates. The installer adds the accepted certificates to the trust store. For more information, see Section 3.8, Securing Connections with TLS/SSL.

    The installer displays errors in the following conditions:

    • A single warning about potential future failures for all rejected certificates

    • A single warning for any errors when connecting to the secured servers

    NOTE:If you are in a distributed environment, and if you are using a later version of Java Zulu OpenJDK (such as 8u312), the installer could present each certificate for acceptance only once. The installer compares certificates in a specific order. If the certificates you accepted are from a certificate authority (CA), then any subsequent certificates signed by the same CA are automatically trusted.

12. (Conditional) If you are in a clustered environment, or if you are using HTTPS, stop Apache Tomcat if it is still running. For more information, see Section 3.4.3, Starting and Stopping Apache Tomcat.

13. After the installation process completes, close the installer and review the Identity_Governance_InstallLog.log file. The default location of the Identity_Governance_InstallLog.log file is here:

    • Linux: /opt/netiq/idm/apps/idgov/logs

    • Windows: C:\netiq\idm\apps\idgov\logs

    NOTE:The Identity_Governance_InstallLog.log file is not available until you close the Identity Governance installer.

14. Proceed to Section 9.3, Starting and Initializing Identity Governance

    or

    If you are installing Identity Reporting on a separate server, proceed to Section 7.0, Installing Identity Reporting.

    or

    If you are installing the Workflow Engine on a separate server, proceed to Section 8.0, Installing Workflow Engine.