Identity Director Administration Guide

Home 

Unattended installations

You can install the components of Identity Director unattended, for example in a command line or as part of an Ivanti Automation Task Perform Unattended Installation.

  • Before you install components unattended, make sure you meet the prerequisites.
  • Use (x86) in the MSI's for installations on devices running a 32-bit version of Microsoft Windows.
  • If you use an IBM DB2 database server, you can only connect to an existing Datastore during an unattended installation of the Setup and Sync Tool: you cannot create a new one.
  • To extract the MSI files for the components from the Identity Director Installer, use the command line:
    "C:\Identity Director Installer [version].exe" /extract:"c:\tmp\package"

Setup and Sync Tool

  • To install the Setup and Sync Tool and connect to an existing database that was not yet initialized as Datastore, use the command line:
    msiexec /i "C:\TEMP\Identity Director Setup Sync Tool (x64) [version].msi" /q /l*v "C:\TEMP\Install-IDSST.log" DBTYPE=[dbtype] DBSERVER=[dbserver] DBNAME=[dbname] DBUSER=[dbuser] DBPASSWORD=[dbpassword] DBPROTOCOLENCRYPTION=[disabled/enabledwithoutvalidatecertificate/enabledwithvalidatecertificate] INITEMPTYDB=true DBIMPORTLICENSE=[filepath]
    • The option to initialize an existing database from the command line (INITEMPTYDB) was introduced in Identity Director 2019.1.
    • If the database does not yet exist, it will NOT be created.
    • If the user (DBUSER) does not have sufficient permissions, the database will not be initialized
  • To install the Setup and Sync Tool and connect to an existing Datastore, use the command line:
    msiexec /i "C:\TEMP\Identity Director Setup Sync Tool (x64) [version].msi" /q /l*v "C:\TEMP\Install-IDSST.log" DBTYPE=[dbtype] DBSERVER=[dbserver] DBNAME=[dbname] DBUSER=[dbuser] DBPASSWORD=[dbpassword] DBPROTOCOLENCRYPTION=[disabled/enabledwithoutvalidatecertificate/enabledwithvalidatecertificate] DBIMPORTLICENSE=[filepath]
    • If the database does not yet exist, it will NOT be created.
  • To install the Setup and Sync Tool and create a new Datastore, use the following command line:
    msiexec /i "C:\TEMP\Identity Director Setup Sync Tool (x64) [version].msi" /q /l*v "C:\TEMP\Install-IDSST.log" DBCREATE=yes DBTYPE=[dbtype] DBSERVER=[dbserver] DBNAME=[dbname] DBCREATEUSER=[sa] DBCREATEPASSWORD=[sa_password] DBUSER=[dbuser] DBPASSWORD=[dbpassword] DBPROTOCOLENCRYPTION=[disabled/enabledwithoutvalidatecertificate/enabledwithvalidatecertificate] DBIMPORTLICENSE=[filepath]

To configure Windows Authentication for the database connection, the DBUSER property needs to have an empty value.

You can also perform the actions listed above after installation of the Setup and Sync Tool. See Command-line options.

Transaction Engine

The following Public Properties are available for the Transaction Engine:

Property Value Description
DBTYPE MSSQL, DB2, ORACLE, MYSQL or MSSQLAZURE Specify the database type.

Example: DBTYPE=MSSQL
DBSERVER [SERVERNAME] Specify the database server that hosts the Datastore.
If the database server uses instances, use the format: server\instance.
Unattended installations on instances in which this format isn't used, will fail.

Example: DBSERVER=SQLServer01
DBNAME [DATABASENAME] Specify the name of the Datastore that you want to connect to or want to create.

Example: DBNAME=IDDB
DBUSER [DBUSERNAME] Specify the database user account that can connect to the database.

Example: DBUSER=IDUser
DBPASSWORD [DBPASSWORD] Specify the corresponding plain text password of DBUSER.

Example: [email protected]
DBPROTOCOLENCRYPTION DISABLED,
ENABLEDWITHOUTVALIDATECERTIFICATE,
or ENABLEDWITHVALIDATECERTIFICATE (default)

YES or NO are also supported, for backwards compatibility.
Specify if protocol encryption should be used (Microsoft SQL Server database systems only).
  • The preferred, default value is ENABLEDWITHVALIDATECERTIFICATE, in which protocol encryption is used and the server’s certificate is validated; if the server does not present a valid certificate, the connection fails
  • ENABLEDWITHOUTVALIDATECERTIFICATE and YES both use protocol encryption, but the connection succeeds even if the server does not present a valid certificate
  • DISABLED and NO do not use protocol encryption

Command line to install the Transaction Engine from C:\tmp, using the example data in the table above:
Msiexec /i "C:\tmp\Identity Director Transaction Engine (x64) [version].msi" /q /l*v "C:\tmp\Install-IDTE.log" DBTYPE=MSSQL DBSERVER=SQLServer01 DBNAME=IDDB DBUSER=IDUser [email protected]

Web Portal

The following Public Properties are available for the Web Portal:

Property Value Description
DBTYPE MSSQL, DB2, ORACLE, MYSQL or MSSQLAZURE Specify the database type.

Example: DBTYPE=MSSQL
DBSERVER [SERVERNAME] Specify the database server that hosts the Datastore.
If the database server uses instances, use the format: server\instance.
Unattended installations on instances in which this format isn't used, will fail.

Example: DBSERVER=SQLServer01
DBNAME [DATABASENAME] Specify the name of the Datastore that you want to connect to or want to create.

Example: DBNAME=IDDB
DBUSER [DBUSERNAME] Specify the database user account that can connect to the database.

Example: DBUSER=IDUser
DBPASSWORD [DBPASSWORD] Specify the corresponding plain text password of DBUSER.

Example: DBPASSWORD=IDUserPassword
DBPROTOCOLENCRYPTION DISABLED,
ENABLEDWITHOUTVALIDATECERTIFICATE,
or ENABLEDWITHVALIDATECERTIFICATE (default)

YES or NO are also supported, for backwards compatibility.
Specify if protocol encryption should be used (Microsoft SQL Server database systems only).
  • The preferred, default value is ENABLEDWITHVALIDATECERTIFICATE, in which protocol encryption is used and the server’s certificate is validated; if the server does not present a valid certificate, the connection fails
  • ENABLEDWITHOUTVALIDATECERTIFICATE and YES both use protocol encryption, but the connection succeeds even if the server does not present a valid certificate
  • DISABLED and NO do not use protocol encryption
ISDEFAULTWEBSITE YES or NO (default) Specify if the website of the Web Portal is the default website on the server.
HOST_SSL [IDENTITYDIRECTORHOST] Specifies the host name that is used by the Web Portal.
The host name that you provide must be known on your internal and external DNS servers.

Example: HOST_SSL="ID.EXAMPLE.COM"
PORT_SSL [IDENTITYDIRECTORPORT] Specify the port of the Web Portal.
The default port is 443: leave out this property if you do not want to use a different port.

Example: PORT_SSL="222"
SSL_CERTIFICATE_
THUMBPRINT
[CERTIFICATE] Specify the production certificate that the Web Portal should use.
  • You can find the certificates on the web server, in IIS.
  • You do not need to use quotes to specify the certificate.

Example: SSL_CERTIFICATE_THUMBPRINT=
b34b25c35e5b6ba4cc943a69f53ca1f0cb9eb8f5

Command line to install the Web Portal from C:\tmp, using the example data in the table above:
msiexec /i "C:\tmp\Identity Director Web Portal [version].msi" /q /l*v "C:\tmp\Install-IDWP.log" DBTYPE=MSSQL DBSERVER=SQLServer01 DBNAME=IDDB DBUSER=IDUser [email protected] HOST_SSL="ID.EXAMPLE.COM" PORT_SSL="222" SSL_CERTIFICATE_THUMBPRINT=b34b25c35e5b6ba4cc943a69f53ca1f0cb9eb8f5

Management Portal

The following Public Properties are available for the Management Portal:

Property Value Description
DBTYPE MSSQL, DB2, ORACLE, MYSQL or MSSQLAZURE Specify the database type.

Example: DBTYPE=MSSQL
DBSERVER [SERVERNAME] Specify the database server that hosts the Datastore.
If the database server uses instances, use the format: server\instance.
Unattended installations on instances in which this format isn't used, will fail.

Example: DBSERVER=SQLServer01
DBNAME [DATABASENAME] Specify the name of the Datastore that you want to connect to or want to create.

Example: DBNAME=IDDB
DBUSER [DBUSERNAME] Specify the database user account that can connect to the database.

Example: DBUSER=IDUser
DBPASSWORD [DBPASSWORD] Specify the corresponding plain text password of DBUSER.

Example: DBPASSWORD=IDUserPassword
DBPROTOCOLENCRYPTION DISABLED,
ENABLEDWITHOUTVALIDATECERTIFICATE,
or ENABLEDWITHVALIDATECERTIFICATE (default)

YES or NO are also supported, for backwards compatibility.
Specify if protocol encryption should be used (Microsoft SQL Server database systems only).
  • The preferred, default value is ENABLEDWITHVALIDATECERTIFICATE, in which protocol encryption is used and the server’s certificate is validated; if the server does not present a valid certificate, the connection fails
  • ENABLEDWITHOUTVALIDATECERTIFICATE and YES both use protocol encryption, but the connection succeeds even if the server does not present a valid certificate
  • DISABLED and NO do not use protocol encryption
ISDEFAULTWEBSITE YES or NO (default) Specify if the website of the Management Portal is the default website on the server.
HOST_SSL [IDENTITYDIRECTORHOST] Specifies the host name that is used by the Management Portal.
The host name that you provide must be known on your internal and external DNS servers.

Example: HOST_SSL="ID.EXAMPLE.COM"
PORT_SSL [IDENTITYDIRECTORPORT] Specify the port of the Management Portal.
The default port is 443: leave out this property if you do not want to use a different port.

Example: PORT_SSL="222"
SSL_CERTIFICATE_
THUMBPRINT
[CERTIFICATE] Specify the production certificate that the Management Portal should use.
  • You can find the certificates on the web server, in IIS.
  • You do not need to use quotes to specify the certificate.

Example: SSL_CERTIFICATE_THUMBPRINT=
b34b25c35e5b6ba4cc943a69f53ca1f0cb9eb8f5

Command line to install the Management Portal from C:\tmp, using the example data in the table above:
msiexec /i "C:\tmp\Identity Director Management Portal [version].msi" /q /l*v "C:\tmp\Install-IDMP.log" DBTYPE=MSSQL DBSERVER=SQLServer01 DBNAME=IDDB DBUSER=IDUser [email protected] HOST_SSL="ID.EXAMPLE.COM" PORT_SSL="222" SSL_CERTIFICATE_THUMBPRINT=b34b25c35e5b6ba4cc943a69f53ca1f0cb9eb8f5

Mobile Gateway

  • To install the Mobile Gateway, use the command line:
    msiexec /i "C:\tmp\Identity Director Mobile Gateway [version].msi" /q /l*v "C:\tmp\Install-IDMG.log" DBTYPE=[dbtype] DBSERVER=[dbserver] DBNAME=[dbname] DBUSER=[dbuser] DBPASSWORD=[dbpassword] DBPROTOCOLENCRYPTION=[disabled/enabledwithoutvalidatecertificate/enabledwithvalidatecertificate] HOST_SSL=[IdentityDirectorHost] PORT_SSL=[IdentityDirectorPort] SSL_CERTIFICATE_THUMBPRINT=[CERTIFICATE]

Windows Client

  • To install the Windows Client from C:\tmp, use the command line:
    msiexec /i "C:\tmp\Identity Director Client (x64) [version].msi" /q /l*v "C:\tmp\Install-IDClient.log" MOBILEGATEWAYHOST=[MobileGatewayUrl] WEBPORTALSHAREDACCESSKEY=[primary_or_secondary_key]

For all components that connect to the database:
To configure Windows Authentication for the database connection, the DBUSER property needs to have an empty value. If provided, the DBPASSWORD will be ignored in this case.

Properties

Property Value Description
DBCREATE YES or NO (default) Specify if a new database should be created using the specified values.
The default value is NO: leave out this property if you do not want to create a new Datastore.
DBTYPE MSSQL, DB2, ORACLE, MYSQL or MSSQLAZURE Specify the database type.

Example: DBTYPE=MSSQL
DBSERVER [SERVERNAME] Specify the database server that hosts the Datastore.
If the database server uses instances, use the format: server\instance.
Unattended installations on instances in which this format isn't used fail.

Example: DBSERVER=SQLServer01
DBNAME [DATABASENAME] Specify the name of the Datastore that you want to connect to or want to create.

Example: DBNAME=IDDB
DBCREATEUSER [USERNAME] Specify the database user account that has the rights to create new databases and logins.
This must be an existing SQL user. Use this property only when you create a new Datastore.

Example: DBCREATEUSER=SA
DBCREATEPASSWORD [PASSWORD] Specify the plain text database password that should be used to create the new database.
Use this property only when you create a new Datastore.

Example: DBCREATEPASSWORD=SAPassword
DBUSER [DBUSERNAME] Specify the database user account that can connect to the database.
When you create a new Datastore, a new user account is created with this name.

Example: DBUSER=IDUser
DBPASSWORD [DBPASSWORD] Specify the corresponding plain text password of DBUSER.

Example: DBPASSWORD=IDUserPassword
DBPROTOCOLENCRYPTION DISABLED, ENABLEDWITHOUTVALIDATECERTIFICATE, or ENABLEDWITHVALIDATECERTIFICATE (default)

YES or NO are also available for backwards compatibility
Specify if protocol encryption should be used (Microsoft SQL Server database systems only).
  • The preferred, default value is ENABLEDWITHVALIDATECERTIFICATE, in which protocol encryption is used and the server’s certificate is validated; if the server does not present a valid certificate, the connection fails
  • ENABLEDWITHOUTVALIDATECERTIFICATE and YES both use protocol encryption, but the connection succeeds even if the server does not present a valid certificate
  • DISABLED and NO do not use protocol encryption
DBIMPORTLICENSE [FILEPATH] Specify a license file that should be imported after the Datastore has been created (optional).

Example: DBIMPORTLICENSE="C:\TEMP\License.xml"
ISDEFAULTWEBSITE YES or NO (default) Specify if the website of the Web Portal is the default website.
HOST_SSL [IDENTITYDIRECTORHOST] Specifies the host name that is used by the Web Portal.
The host name that you provide must be known on your internal and external DNS servers.

Example: HOST_SSL="PORTALS.IVANTI.COM"
PORT_SSL [IDENTITYDIRECTORPORT] Specify the port of the Web Portal.
The default port is 443: leave out this property if you do not want to use a different port.

Example: PORT_SSL="222"
SSL_CERTIFICATE_
THUMBPRINT
[CERTIFICATE] Specify the production certificate that the Management Portal, Web Portal and Mobile Gateway should use.
  • You can find the certificates on the web server, in IIS.
  • You do not need to use quotes to specify the certificate.

Example: SSL_CERTIFICATE_THUMBPRINT=
b34b25c35e5b6ba4cc943a69f53ca1f0cb9eb8f5
See also

Was this article useful?