Skip to end of metadata
Go to start of metadata

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 5 Next »

The Identity Manager brokers all authentication requests from Clients to GlobalSearch.  This includes the both the desktop and browser clients, in additional to standalone applications like GlobalSearch Extensions, File XChange, and Image XChange.  Clients using Identity Manager leverage an API Key for application to application communication, which will be generated automatically at the time of installation or upgrade.  Calling applications use a saved version of the API Key, normally found in the application's Config file.  There may be times where additional keys are required, or existing keys should change.  An interface is provided to manage these changes.

Identity Manager is specific to the task of Authentication.  Authentication confirms the user is who they say they are.  This is different than Authorization, which is the ability to secure a specific resource.  Identity Manager assumes the role of authentication in the product.  GlobalSearch directly keeps track of what a user is secured to.

Database

The Identity Manager uses its own SQL Server database named Square9.IdentityManager.  The database is used to keep track of user and group accounts that are created through the GlobalSearch User Manager, or provisioned through 3rd party identity services like Okta or Azure AD.

BACKUP YOUR DATABASES

The Identity Manager's database should be part of a normal SQL backup process.  Please ensure all SQL databases are properly backed up, and ensure those back ups are tested.

It is not recommended that customers interact directly with the data in this database.

The GlobalSearch system database, SSMaster, keeps a log of legacy Square 9 users that were migrated into the Identity Manager.  In a table named Migrations a row with the Name value of RolesToS9IM will detail the users and groups that were migrated.  In almost all cases, migrations happen automatically and don't require any user/admin involvement.  If necessary, you can trigger the migration to run again by deleting the row with Name value RolesToS9IM and restarting IIS.  The Square9API on application start will recognize the user migration entry is missing and it will attempt to migrate again.

Installation

Identity Manager will install as part of the GlobalSearch installation as a server side component.  When installed, it will run as a service on the GlobalSearch Server, with the name Square 9 Identity Manager.  Like all GlobalSearch applications, the Identity Manager application and supporting files can be found in C:\Program Files\Square 9 Softworks if the default installation path was chosen.  The primary executable, Square9.IdentityManager.exe, can be run as a console application for support / debugging purposes.

RDS Servers

Windows Installer packages have known limitations in environments where RDS is enabled on the server.  Server's configured for RDS need to be put into install mode, or the IM installation will hang.  Refer to the documentation on common installation issues here.  This behavior is a problem with Windows Installer chaining, and can also be bypassed by telling the installer to skip the chained installation.  Run the GlobalSearch installer with a 'no chaining' option, setup.exe /v"DO_NOT_CHAIN=TRUE".  Identity Manager is a required service for proper GlobalSearch operations.  If the identity manager install is skipped or bypassed, it will need to be installed separately.

Note: Uninstalling GlobalSearch from an environment will not uninstall Identity Manager.  The service will be listed in the Server Add/Remove Programs list as a separate application (with the name Square 9 Identity Manager) that would need to be uninstalled separately.

User Accounts

The Identity Manager should be set to run as Local System.  While the application runs in the context of Local System, any internal actions like accessing the database are performed in the context of the Square 9 Admin Authenticated user.  This user, traditionally SSAdministrator, has cached credentials on the server that are leveraged by Square 9 applications for performing these types of actions.  Use the Square 9 Service Console to view the currently configured user.

At startup, Identity Manager will leverage its configuration files to provision the Square9.IdentityManager database.  

  • When upgrading from previous versions, the Identity Manager will automatically migrate existing Square 9 users.  what if this doesn't happen?  Migrations table in SSMaster will detail user accounts that were migrated in the process.  Look specifically for a row with a Name value of RolesToS9IM.
  • How can someone log in if the database doesn't exist?
  • Server's configured for RDS need to be put into install mode, or the IM installation will hang.  Refer to the documentation on common installation issues here.  This behavior is a problem with Windows Installer chaining, and can also be bypassed by telling the installer to skip the chained installation.  Run the GlobalSearch installer with a 'no chaining' option, setup.exe /v"DO_NOT_CHAIN=TRUE", and manually trigger the Identity manager install.  Identity Manager is a required service for proper GlobalSearch operations.  If the identity manager install is skipped or bypassed, it will need to be installed separately.  https://bugzilla.square-9.com/show_bug.cgi?id=11545
  • Database context is admin auth.
  • S9API is what runs any user migration, delete roles to S9IM and it will kick it.
  • No labels