Micro Focus recommends the verified components described in the following section. However, customers running on any component not provided in this list or with untested configurations will be supported until the point Micro Focus determines that the root cause is the untested component or configuration. Issues that can be reproduced on the verified component will be prioritized and fixed according to standard defect-handling policies. For more information about support polices, see Support Policies.
Ensure that the systems you install and use with Identity Governance meet the hardware and software requirements listed here.
This section provides the minimum requirements for the servers where you want to install Identity Governance. You can install Identity Governance and the required components in different configurations. For more information, see Section 2.3, Recommended Production Environment Installation Scenarios.
These system requirements provide server settings according to the size of your Identity Governance catalog. In a small catalog, you might collect fewer than 100,000 identities with 100,000 permissions and 80,000 groups.
|
Category |
Minimum Requirement |
|---|---|
|
Processor |
|
|
Disk Space |
50 GB |
|
Memory |
|
|
Utilities |
Identity Governance Configuration Update utility (ConfigUpdate) 4.12.4 |
|
Operating System |
IMPORTANT:Before installing Identity Governance, apply the latest operating system patches. |
|
Virtual Systems |
We support Identity Governance on enterprise-class virtual systems that provide official support for the operating systems where our products are running. As long as the vendors of the virtual systems officially support these operating systems, we support Identity Governance running on them. IMPORTANT:Ensure to configure the virtual machines running Identity Governance as Thick Provisioned. |
|
Java |
Zulu OpenJDK 8u352, 1.8.0_352 from Azul JRE or JDK, or later respective patched versions of 8uxxx and 1.8.0_xxx |
|
Application Server |
Apache Tomcat 9.0.69 or later patched versions of 9.0.x NOTE:(Conditional) For guaranteed delivery of email notifications, your application server must include support for Apache ActiveMQ Java Message Service (JMS) and clustering. |
|
LDAP Identity Service |
|
|
Authentication Service |
|
|
Secure Communication |
TLS 1.2 or later for secure communication |
|
Third-Party Connector Libraries |
(Optional) The Identity Governance JDBC Collectors and SAP User Management Collector use third-party client connector software that is not distributed with the product. Find and download the appropriate JDBC driver file for your database from the database vendor.
To gather identity and application data from one of these sources, put one or more of the these client .jar files into the Apache Tomcat /lib folder, then restart the Apache Tomcat server. The default installation location is:
|
This section provides the minimum requirements for the server where you want to install the databases for Identity Governance and the supported versions of the databases. The databases for Identity Governance are required for the product to work.
These system requirements provide server settings according to the size of your Identity Governance catalog. In a small catalog, you might collect fewer than 100,000 identities with 100,000 permissions and 80,000 groups.
On a virtual machine, set up the VM as Thick Provisioned.
|
Category |
Minimum Requirement |
|---|---|
|
Processor |
|
|
Disk Space |
|
|
Memory |
|
|
Operating System |
IMPORTANT:Before installing Identity Governance, apply the latest operating system patches. |
|
Virtual Systems |
We support the databases for Identity Governance on enterprise-class virtual systems that provide official support for the operating systems where our products are running. As long as the vendors of the virtual systems officially support these operating systems, we support Identity Governance running on them. IMPORTANT:Ensure to configure the virtual machines running Identity Governance as Thick Provisioned. |
|
Database |
One of the following:
|
|
Secure Communication |
TLS 1.2 or later for secure communication |
For information about the different options on how to create and populate the different Identity Governance databases, see Section 5.0, Creating Databases for Identity Governance and Components.
Servers that host Identity Reporting when installing only for Identity Governance have the same minimum requirements as for the Identity Governance server and support the same databases.
Identity Reporting is a separate product that comes with Identity Governance that provides detailed reports about your business-critical processes and systems. It is optional to install Identity Reporting. If you determine that you will install Identity Reporting, you install it after you have completed the Identity Governance installation.
This section lists the requirements for the server that hosts Identity Reporting when installing only for Identity Governance. For more information about whether to install the components on the same server, see Section 2.3, Recommended Production Environment Installation Scenarios.
Identity Reporting comes with Identity Manager and Identity Governance, however, the reports provided are different if you install the version that comes with Identity Manager than the version of Identity Reporting that comes with Identity Governance. There are different requirements if you want to install Identity Reporting in an Identity Manager environment. For more information about the system requirements for installing in an Identity Manager environment that includes Identity Governance, see System Requirements for Identity Manager.
To see how to install Identity Reporting that comes with Identity Governance, see Section 7.0, Installing Identity Reporting.
The Workflow Engine runs the workflows at runtime and manages the approval tasks for approvers. It comes with Identity Governance but it is optional to install the Workflow Engine. To see how to install the Workflow Engine see Section 8.0, Installing Workflow Engine.
IMPORTANT:Installing Workflow Engine on a remote server will be supported in a future release. If installing Workflow Engine, install it on the same Tomcat Server as Identity Governance.
To log in to Identity Governance on their local devices, users must have one of the following browser versions, at a minimum:
Computers
Apple Safari 16.1
Google Chrome 103.0.5060.114
Microsoft Edge Browser 103.0.1.1264.49
Mozilla Firefox 15.5
iPad (iOS 12 and later)
Apple Safari 15.5
Google Chrome 101.0
Mozilla Firefox 37
IMPORTANT:The browser must have cookies enabled. If cookies are disabled, the product does not work.
Identity Governance generates the common event format (CEF) events which you can forward to an audit server to generate audit logs that can help prove compliance with regulations. Enabling auditing in Identity Governance is optional.
If you decide to use auditing, you must have your audit server installed and running. Identity Governance does not install the third-party audit servers for you. This section provides the minimum version of the audit servers where you want to send audit events from Identity Governance. We support the following audit servers using syslogger for use with Identity Governance:
ArcSight Enterprise Security Manager Suite 7.5.0.2516
Sentinel 8.5
Sentinel Log Manager 8.5
Splunk 8.2.2.1
To determine where you should install the audit server, see Section 2.3, Recommended Production Environment Installation Scenarios. You can enable auditing during the installation of the components or you can enable auditing after you have installed the components. It depends on your environment and your needs.
Identity Governance can send email notifications to managers, reviewers, administrators, or other people who must receive notifications about events or processes occurring. To be able to send emails and ensure that there are not any lapses in communication, you can install Apache ActiveMQ to guarantee that Identity Governance sends notifications using SMTP. Enabling email notifications is optional. If you choose to enable email notifications, Identity Governance supports the following:
Apache ActiveMQ 5.16.5
You can enable email notification during the installation of Identity Governance, Identity Reporting, and Workflow Engine or you can enable email notifications after the installation. It depends on your environment and your needs.