9.3 Starting and Initializing Identity Governance

To verify installation and to initialize the Identity Governance databases, you must start Apache Tomcat. In a clustered environment, start the primary node first to ensure that the initial database load occurs before the other nodes start.

  1. Before starting Apache Tomcat, delete the contents of the following two directories from Apache Tomcat that contain cached files. The directories are:

    • Linux: Default installation location:

      • /opt/netiq/idm/apps/tomcat/temp

      • /opt/netiq/idm/apps/tomcat/work/Catalina/localhost

    • Windows: Default installation location:

      • C:\netiq\idm\apps\tomcat\temp

      • C:\netiq\idm\apps\tomcat\work\Catalina\localhost

  2. (Optional) Verify that the schemas (Oracle) or databases (Microsoft SQL or PostgreSQL) exist in your database platform.

  3. To initialize Identity Governance and its databases, start Apache Tomcat. For more information, see Section 3.4.3, Starting and Stopping Apache Tomcat.

    NOTE:In a clustered environment, start Apache Tomcat only on the primary (or master) node.

  4. (Conditional) To observe the initialization process in Apache Tomcat, enter the following command:

    tail -f path_to_Tomcat_folder/logs/catalina.yyyy-mm-dd.log

    When the process completes, the file concludes with the following message:

    INFO: Server startup in nnnn ms
  5. Open a web browser and navigate to one of the following URLs, depending on how you installed Identity Governance:

    http://hostname_or_IP_address:port/
    https://hostname_or_IP_address:port/

    For example:

    http://texasone:8080/
    https://172.16.254.1:8443/

    The browser should display the login page for Identity Governance.

  6. (Optional) To verify installation, complete the following steps:

    1. Log in as an administrator to the server where you installed Identity Governance.

    2. In a terminal, navigate to the following directory:

      • Linux: /opt/netiq/idm/apps/idgov/logs

      • Windows: C:\netiq\idm\apps\idgov\logs

    3. Enter the following command:

      tail -n 1 *

    4. Verify that all .txt log files in the directory end with the following text:

      Exit code: 0

      NOTE:

      • Identity_Governance_InstallLog.log contains the results of all the log files. It does not have an individual exit code.

      • The checksums-log.txt file contains multiple commands and multiple iterations of Exit code: 0 for each command.

      • If a log file ends with a nonzero exit code, an error occurred in that part of the installation process.

  7. Use the bootstrap administrator account to log in to Identity Governance.

    Until you collect and publish data from an identity source that contains login accounts for Identity Governance, you must use the bootstrap administrator account. For more information, see Creating Identity Sources in the Identity Governance User and Administration Guide.

  8. (Conditional) If you can verify installation but cannot get Identity Governance to load in a web browser, complete the following steps:

    1. Stop Identity Governance (and Apache Tomcat). For more information, see Section 3.4.3, Starting and Stopping Apache Tomcat.

    2. Navigate to the following directory:

      • Linux: /opt/netiq/idm/apps/tomcat/bin

      • Windows: C:\netiq\idm\apps\tomcat\bin

    3. In a text editor, open setenv.sh or setenv.bat.

      This file defines global variables and export paths needed to host Identity Governance under Apache Tomcat.

    4. Verify that the file lists the correct host name for the Identity Vault and paths to Apache Tomcat.

    5. Save and close the file.

    6. Start Identity Governance (and Apache Tomcat). For more information, see Section 3.4.3, Starting and Stopping Apache Tomcat.

  9. (Conditional) In a clustered environment, start Apache Tomcat on the secondary nodes.

  10. (Conditional) To configure Identity Reporting, continue to Configuring Identity Reporting.

  11. (Conditional) To integrate Identity Governance with Identity Manager, continue to Integrating Single Sign-on Access with Identity Manager Using OSP.

  12. Add users who can log in to Identity Governance, and assign authorizations to those users. For more information, see Adding Identity Governance Users and Assigning Authorizations in the Identity Governance User and Administration Guide.

  13. (Optional) Configure Identity Governance, such as customizing the email templates and displayed labels. For more information, see Section 11.0, Customizing Your Installation.