Install Directories:

How to install iiq console in Identityiq

1. `IIQ console install
directory/home/spadmin/tomcat/webapps/identityiq/WEB-INF/bin.
./ iiq console --run this commond on command prompt
2. Installer File Location/home/spadmin/InstallImages
Install and configure the Initialization of IdentityIQ:
Here we are install and config the installation of Identity IQ
a. Install identity IQ into Identity IQ directory in Tomcat
b. Config the database
c. Installing the Identity IQ.
d. Starting the Application server
A.Prepare Application Server and Install IdentityIq war file:
1. Stop Tomcat Application Server

Identity IQIn CMD Prompt we can enter- Stop Tomcat

2. Unzip and extract identity IQ war file

a. Open linux terminal window , navigate to Directory

/home/spadmin/InstallImages

In cmd prompt Enter:

cd InstallImages Is a Directory

b. Conform that the identityIQ Zip file is in the Directory

In cmd prompt enter ls

c. Unzip the IdentityIQ zip file:

Unzip identityIQ -6.4.zip

d. Within Install Images directory, locate the identityIq war file and copy it to the
initialization directory for IdentityIQ

/home/spadmin/tomcat/webapps/identityiq here we are checking this path is

directory

In command prompt we enter:

cp inentityiq.war /home/spadmin/tomcat/webapps/identityiq

e. Navigate to home/spadmin/tomcat/webapps/identityiq directory to extract the

war file Jar –xvf identityiq.war(jar file)

Configure the Database:

1. Config the permissions to iiq command so that we may execute it

Using Linux terminal window we can navigate this command

cd /home/spadmin/tomcat/webapps/identityiq/WEB-INF/bin

chmod +X iiq-->iiq command will be executable

2. Generate IdentityIQ schema file

./iiq schemausing this command we can generate the database schema files

3. Load the MySQL Schema file to MySQL to create IdentityIQ database

a. Using the command prompt navigate to

/home/spadmin/tomcat/webapps/identityIQ/WEB-INF/database directory

By Using this command we can login to mysql

Mysql –u root –p

Password: root
b. How to create identityiq in database?

Using this command we can create identityiq in databases

Mysql> source create_identityiq_tables.mysql

Using this command we can see databases table

Mysql>show databases;

Initialize identityIq and verify the identityIq instalization:

1. Using the IdentityIQ console we can load the default identity objects in the
system using this commands in command prompt

a. Using the linux command navigate to this path

cd /home/spadmin/tomcat/webapp/identityiq/WEB-INF/bin.

b. ./iiq console run this command

c. >import init.xml this commands load/import the default identityiq objects
in system
d. Once import was complete quit the console.

2.once identityiq installization is complete we start the Tomcat server in command

prompt then we can login the identityiq Application .we can check the all the
default objects like sailpoint identityiq ,debug pages, IdentityIq javadoc
components loaded correctly.
Patching IdentityIQ:

We will patch the product code to the latest Patch Level

a. Deploying the new product code by using the jar files

b. Upgrading the database tables and any changes required by the patch

Patch Installation:

1. Stop Application server in cmd prompt

StopTomcat

2. Extract IdentityIQ patch file(here -6.4pX is the patch file)

Use the file browser to locate the identityiq-6.4p1 jar (where X is patch
number) file under /home/spadmin/InstallImages and copy to initialization
directory to the identityIQ /home/spadmin/tomcat/webapps/identityiq

Navigate to the /home/spadmin/tomcat/webapps/identityiq this directory to

run the fallowing command to extract the Patch jar file

jar -xvf identityiq-6.4pX.jar (here X=1 is the patch Number)

3. Patch the identityiq databases

Navigate to the /home/spadmin/tomcat/webapps/identityiq/WEB-INF/databases

directory and run the fallowing commands to login the mysql

 Mysql –u root –p

Password: root

Within mysql command line, order to upgrade the IdentityIQ schema

Mysql> source upgrade_identityiq_tables-6.4pX.mysql

(Remember to replace X with patch number)

4. Apply the patch

Using our Linux terminal , navigate to

home/spadmin/tomcat/webapps/identityiq/WEB-INF/bin

./iiq patch 6.4pX

5. Conform the installation

6. start application server and conform that your identityiq instance is running
properly

StartTomcat -run this command in cmd prompt

Configure The IdentityIq:

We will configure features of IdentityIq that will assist us in our implementation

efforts

1. Configure the Email Recorder:

Configure the Email Redirector to send all system-generated emails to a

local file instead of an SMTP Mail Server. This file is useful for debugging
email notifications without sending real emails to users.

Within IdentityIq-Navigate to System Setupselect the IdentityIQ Config

Configure two option under Email Settings.

Email Notification type= Redirect to file

Redirection File Name=/home/spadmin/logs/iiq_email.log

Once config is complete scroll down and save the button

2. config IdentityIq Auditing:

IdentitiyIqsystem SetupAudit configGeneral Action Tabs we will config

the four options by selecting check box.

Logincheck

Log failurecheck

Import filecheck

Run Taskcheck

Scroll down the save the page.

3. Config IdentityIq Logging:

IdentityIQ uses log4j as its logging components.

We will configure logging by configuring a log4j properties file

a. Copy the log4j properties file from /home/spadmin/ImplementTrainig/config and

place into /home/spadmin/tomcat/webapps/identityiq/WEB-INF/classs

b.This sample logging configuration file will send all IdentityIQ Loging output to
the file.

/home/spadmin/logs/iiq_training_rolling.log

Exercise 1:

What is Life Cycle Manager?

Life Cycle Manager is Installable as a separate component of the IdentityIQ.

How to Install the Life Cycle Manager?

1. Stop the Application Server using StopAppliation shortcut or run in cmd

prompt
Ex; StopTomcat
2. Launch the IIQ console using the IIQ console shortcut
3. Install Life Cycle Manager in IIQ console
>import init-lcm.xml
4. From the /home/spadmin/tomcat/webapps/identityiq/WEB-INF/bin directory
run the following cmd
./iiq patch 6.4pX(here X is the Patch)
5. Start the Application Server using the StartApplication shortcut or run the
command in command prompt
Ex: StartTomcat
6. Login to the IdentityIQ and conform that Life cycle manager is Installed.

In identityIQ two LCM components will be created

1.Manage Access 2. Manage Identitiy

Onboard Identity Information from Authoritative Application sources

******************************************************************

Exercise 2: Turn on Group provisioning to create New Group in LDAP

Turn on the Identity IQ group provisioning feature and use Identity IQ create new
group in LDAP

Using The out of box connector IdentityIq can support the provisioning group to
the Target Application.

We will use identity IQ to provision(create) a Group into LDAP. Once group was
created we will able to add additional user.
Turn on Group Provision feature of Identity IQ:

1. Navigate to System SetupLife Cycle Manageron life cycle manager

configuration click the Additional tabconform that Enable Group Account
Management is Selected :
2. In General Action Tabs we can select check Inbox

Enable Group Account Management checked

Enable Full Text search-checked

3. Click Save button

Verify the Existing group in LDAP:

1. View the existing group in LDAP

a. In cmd prompt Window enter the StartLDAP or

StartLDAP

b. use the desktop shortcut to launch the LDAP browser

1. Double click the LDAP shortcut browser and it will few mints to open
browser

2. In the LDAP connection window select training and click on open

connection

3. Expand dc=training, dc=sailpoint,dc=com, then expand the groups

Once expand groups—>under groups manager and user fields are

available

Provision the new group in LDAP called VPN:

1. In Identity IQ -navigate to defineselect the Entitlement Catalog

2. Click Add New Entitlement to create new group
 3. On Standard properties,config new group
a. Application: LDAP
b. Display value: VPN
c. Requestable: checked
d. Description : This group control access to the corporate the VPN
e. Owner: Randy.Knight
4. Save the New Entitlement
5. On Group object Properties we will configure the
a. DN : cn=VPN,ou=group,dc=training,dc=sailpoint,dc=com
b. Description: This group control access to the corporate the VPN
c. Cn=VPN
6. click Save
7. under Define Entitlement Catalogwe will see the new VPN entry create
8. check LDAP browser we will see the new VPN was created groups.

Exercise3: Provision VPN Access using the Life Cycle Manager

It allows the manager to request VNP access to the their Employees via life cycle
manager.

We create a group in LDAP called VPN.

We will login as a manager and request the VPN access to the particular
department. And it will trigger a workflow case for each users with their
appropriate approvals,

The default workflow of the entitlements request is called LCM Provisioning. And
each Life cycle manager has a default workflow(Business processes).

1. Enable the Business process (workflow)Tracing

a. Navigate to define click on Business process

b. Select the LCM provisioning in business process and right side of the screen
 Select the process variable with in process variable tab select the Trace
Execution. This will trace all work flows into the logs.

c. Click save.

2. Login as a manger and request the VPN access to the Employees.

a. login into the manager account .

b. Under mange access click on Request Access select for others

Here manager will place a request for the VPN access to the user.

c. In the available identities list you should see the direct reports to manager.

Select the reports and submit the request

d. once all VPN access approvals are completed .we can check the LDAP
browser and conform that the all employees are created in VPN group.

e. By running the Perform Identity Request Maintenance task and the this task will
check the access request and conform the changes have been made.

ex: user access status changes to verifying to completed

******************************************************************

Exercise4#

Manage To creating the identities and editing them using IdentityIQ with and
without Identity Provisioning policies and we will need to create the identities in
IdentityIQ using the LCM.

Here we can create the Identities in two ways.

a. Using the out of box configuration (Using LCM to create Identity)

b. Using pre-defined provisioning Policies

a. Create an identity Using LCM

1. We will login as a manager and navigate to dashboard and select the create
Identity

2. Once all identity create fields are entered click on submit button it will
displays the conformation screen if we need confirm the changes and click submit.

3. Navigate to dashboard select the track my request her confirm that the
create identity operation was created successfully

4. login to the admin page and navigate to Identity and confirm that the user
was created correctly in Identity IQ

b. Define Provisioning policy to create Identity

1. Navigate to system setupclick on import file and load the fowling files

/home/spadmin/Implementer training/config/Rule-AllowedValues-Location.xml

/home/spadmin/ Implementer training/config/Rule-AllowedValues-Region.xml

/home/spadmin/ Implementer training/config/Rule-Validation-Email Address.xml

This Rule will be used for our Provisioning Policies.

The First Two Rules are generated the list of allowed values we can use to
populated the dropdown list

The last rule is used to validate that email address is correctly formatted.

Navigate to system SetupIn life cycle managerclick the Identity Provisioning

Policies select create Identity and click on add policy. Within Create Identity
click on add field button we can create the identity fields .
By using configuration Identity Provisioning Policies we can build and modify the
Provisioning policies for create and edit the identities.

Once he identities fields are completed click on save the create identity policy .

And come back the dash board and click on create identity and observe the new
created identity page .