This is not the latest version of Identity Director documentation.
View available documentation.

Upgrade from Identity Broker 2020.0.0

The instructions below are valid for an upgrade from Identity Broker 2020.0.0.
If you are upgrading from Identity Broker 10.2 or earlier, please read this topic.

Identity Broker 2020.0.0 (internal version 10.11.0.458778) contains a known issue, where administrators may get locked out of the Identity Broker Management Portal.

  1. Do NOT save any changes made in the Settings window of the Identity Broker Management Portal.
  2. Run the Ivanti Identity Director Installer (2020.0.1 or higher) on the target device.
  3. When prompted, choose Select and install components and click Next.
  4. In the Features section, select Identity Broker.
    Optionally, you can select other components. Instructions for these components are available in separate topics.
    Click Next, then Install and follow the Setup Wizard(s).
    When the Identity Broker Setup Wizard starts:
  5. Click Next and follow the Setup Wizard.
  6. In the Configure Other Settings step, select the Provider Hosts (used for authentication) you want to install on this server.
    Click Next followed by Install to start the installation.
    • Follow the Setup Wizard of any Provider Hosts you selected (started automatically).
      In the Configure Identity Broker Access step for these hosts, the pre-filled values for Identity Broker Address, Unique Callback Path and Realm should work as they are.
      Click Next followed by Install.
    • Click Finish.
  7. Click Finish and Close.

The upgrade is now complete and you are set to go!

  1. Run the Ivanti Identity Director Installer (2020.0.1 or higher) on the target device.
  2. When prompted, choose Select and install components and click Next.
  3. In the Features section, select Identity Broker.
    Optionally, you can select other components. Instructions for these components are available in separate topics.
    Click Next, then Install and follow the Setup Wizard(s).
    When the Identity Broker Setup Wizard starts:
  4. Click Next and follow the Setup Wizard.
  5. In the Configure Other Settings step, select the Provider Hosts (used for authentication) you want to install on this server.
    Click Next followed by Install to start the installation.
    • Follow the Setup Wizard of any Provider Hosts you selected (started automatically).
      In the Configure Identity Broker Access step for these hosts, the pre-filled values for Identity Broker Address, Unique Callback Path and Realm should work as they are.
      Click Next followed by Install.
    • Click Finish.
  6. Click Finish and Close.
  7. Open IIS and restart the RES site.
  8. Try to access the Identity BrokerManagement Portal again.
  9. If this does not correct the issue, verify that the error you get is:
    The client application is not known or is not authorized
    If this is the error that is displayed, continue to step 10.
    If you get a different error, please contact Ivanti Support.
  10. To resolve the issue, execute the following two SQL statements on your Identity Broker database:
    • Insert INTO dbo.ClientRedirectUris (Uri, Client_Id) VALUES ('https://<BrokerHostName>/identitybroker/mgmt/ui/#/callback/', 3)
    • Insert INTO dbo.ClientRedirectUris (Uri, Client_Id) VALUES ('https://<BrokerHostName>/identitybroker/mgmt/ui/SilentRenew', 3)

    In these statements, replace <BrokerHostName> with the address you use to access the Identity Broker. If you are not sure about the address, use the shortcut to the Identity Broker Management Portal for reference.

  11. Try to access the Identity BrokerManagement Portal again.
    If this does not resolve the issue, please contact Ivanti Support.

For a full explanation of Identity Broker and the complete instructions for a new installation, please see Getting Started with Identity Broker.

Next