Upgrade the Management Portal
During the upgrade, the Management Portal is uninstalled automatically, after which the new version is installed.
- Run the Ivanti Identity Director Installer.
- When prompted, choose Select and install components and click Next.
- In the Features section, select Management Portal.
If you installed other components on the same device, also select those. Components will be installed in the order in which they are displayed in the Features section.
- Start the upgrade and follow the Setup Wizard.
- In the Secure Binding step, specify the settings to create an SSL binding for the Management Portal. This step is skipped if you already installed an Ivanti portal on the web server (e.g. an Ivanti Automation or Ivanti Workspace Control Management Portal, or an Ivanti Identity Director Web Portal).
- The hostname must be known on your internal and external DNS servers.
- The Management Portal is secured with SSL by default. It uses the HTTPS protocol and port 443 (or another port that you specified).
- Associate a server certificate with the binding. This can be a certificate that you obtained from a trusted Certificate Authority, or a self-signed certificate that is automatically generated.
- You can obtain server certificates for example at www.letsencrypt.org.
- Ivanti recommends using self-signed certificates only for testing purposes, not in a production environment.
- Click Next to start the upgrade.
In IIS, the upgrade creates the web site RES and deploys the Management Portal as the web application RES > IdentityDirector.
- If the web site RES already exists, a message is shown. Click Yes to continue.
- After installation has completed, click Finish to close the installer.
Configure the encryption key
If you have configured an encryption key for your Transaction Engine(s), this key must also be set for the Management Portal. This encryption key is necessary if you want to use the Execute PowerShell Script workflow action. If you do not set the encryption key during the upgrade, you can do this later.
- When you first generate the encryption key, make sure you store it in a easily-accessible location for future use.
- To verify if an encryption key has already been configured for a Management Portal, in the WebConsole.config file1 of the portal, look for encryptionKey="<ENCRYPTED_KEY>" in the webConsoleConfiguration > managementService > database node.
- Make sure you use the same encryption key for all Transaction Engines and Management Portals in your Identity Director environment.
Visible values for the encryption keys of Transaction Engines and Management Portals may be different, even if the actual encryption keys are identical.
For more information about the Execute PowerShell Script workflow action and setting the encryption key after upgrading, see Execute PowerShell Script.
Before you configure an encryption key for the Management Portal, make sure that Load User Profile is set to True for the IIS Application Pool IT Store Management.
Open the IIS Management Console.
Navigate to Application Pools > IT Store Management.
Open the Advanced Settings for IT Store Management.
In the Process Model section, make sure that the Load User Profile is set to True.
If the Load User Profile is set to False, set it to True and click Recycle.
If you have to change the configuration, make sure to exit the Management Portal first.
There are two methods for configuring an encryption key for the Management Portal:
Open the WebConsole.config file2.
Find the webConsoleConfiguration > managementService > database node.
Inside the database node several attributes are already present, for example type="<VALUE>" and server="<VALUE>".
Add the attribute encryptionKey= with the value "resencrypt_<YourKey>", where <YourKey> is the generated (and unencrypted) key you saved during the upgrade of the Transaction Engine.
In IIS, restart the Application Pool IT Store Management or perform an IIS reset.
The key will now be encrypted and is ready for use.
- In the Management Portal go to Setup > Datastore.
- In the field next to Generate New Encryption Key, paste the generated (and unencrypted) key you saved during the upgrade of the Transaction Engine.
- Click Test Connection.
If this return an error, verify that Load User Profile is set to True for the IIS Application Pool IT Store Management. For instructions on how to do this, see the note above.
- Save your changes.
You will be taken to the login page of the Management Portal.
Management Portal URL
If you specified a hostname identitydirector.example.com, the web application is available at https://identitydirector.example.com/IdentityDirector.
Make sure that you use the same encryption key for the Transaction Engine and the Management Portal components of Identity Director.
When you first generate the encryption key, make sure you store it in a easily-accessible location for future use.
To see if an encryption key has already been configured, look in your web.config file, in the section webConsoleConfiguration > managementService > database > encryptionKey.