This post will be focusing on the initial set up involved when creating your very own IdentityIQ instance.
The entire process of getting your instance up and running will take approximately 20 minutes providing you already have your environment setup.
I would highly suggest taking a look through the official installation guide provided by Sailpoint for additional information. I will be trying to keep this post short and sweet with just enough information to get your own IdentityIQ instance up and running.
This guide will be showing you how to install using the following software installed on the environment.
- CentOS (7.7)
- Oracle Java JDK (1.8.0_241)
- MySQL (5.7 community server)
- Apache Tomcat (version 8.5.54)
Step 1: Download IdentityIQ
Head to the Sailpoint community website and navigate to the IdentityIQ Server Software section.
IdentityIQ version 7.3 can be found here.
Download the zip archive and upload this to a temporary location within your server using your favorite file transfer method (SCP, FTP, etc).
Unzip the archive
Step 2: Setting up Tomcat
Create a new folder for IdentityIQ within your Tomcat webapps directory. The location of the Tomcat webapps folder on my server is /opt/tomcat/webapps
Create a new folder called identityiq
Copy the IdentityIQ WAR file to this folder
cp identityiq.war /opt/tomcat/webapps/identityiq/
Change directory and then inflate the WAR file
cd /opt/tomcat/webapps/identityiq/ jar xvf identityiq.war
Step 3: Database Setup
We must now configure IdentityIQ with our database settings and import the initial tables required.
Please ensure you have the following in place:
- Create a new user for IdentityIQ
- Create two databases called “identityiq” and “identityiqPlugin“
- Ensure the newly created user has access to the new databases mentioned above
Configure IIQ Database Settings
IdentityIQ stores the database password in an encrypted format by default which means the first thing we need to do is encrypt our database password using the IIQ console.
We shall start by changing the permissions to the IIQ console file.
chmod +x WEB-INF/bin/iiq
We will then use the IIQ console to encrypt our database password.
Please ensure you change the command to reflect your password.
WEB-INF/bin/iiq encrypt "passwordhere"
Edit your IdentityIQ properties file (iiq.properties) using your favourite editor
You will now need to follow the instructions in this file to ensure you successfully set the configuration for your database server. In this post we are using MySQL and so only a few fields needed to be set/changed.
If you are using MySQL as your database provider, look for the following fields and set them appropriately:
- dataSource.username – This is your database user
- dataSource.password – This is the encrypted password
- dataSource.url – This is the JDBC connection URL
Insert initial data
We now have IdentityIQ configured to use our MySQL server. The next step is to import the initial tables required for a working IdentityIQ instance.
Generate Database Scripts
Please note: The following instructions may be specific to MySQL.
Import database script into MySQL database
cd WEB-INF/database/ mysql –u sailpoint –p <<enter password>>
Import tables via database scripts generated earlier
Step 4: Start Tomcat and Test
We have successfully managed to download, install and configure IdentityIQ on our server.
The final step is to ensure everything is working.
Start your Tomcat server and navigate to:
If you see the below screen, well done! You have successfully installed IdentityIQ.
Unfortunately, I will not be going in-depth into troubleshooting steps since the installation is fairly straightforward and most issues are during the setup of your environment. I will however point out some useful log locations where you should initially start your investigation.
Tomcat Log (may vary based on your installation): /opt/tomcat/logs/catalina.out
Global System Messages (may vary based on your environment): /var/log/messages