Installation procedure

You can install Identity Director with the Identity Director Installer. This is an installation package that contains all necessary MSI files (64-bit and 32-bit) to install the components. When you run the installer, you can select which components to install, after which their installation wizards guide you through the process.

You can install the following components with the installer:

  1. Setup and Sync Tool
  2. Transaction Engine
  3. Web Portal
  4. Mobile Gateway (optional)
  5. Windows Client (optional)
  6. Management Portal

We recommend to install the components in this order.

Starting with Identity Director2023.1, we have included a Technical Preview for executing PowerShell scripts inside Identity Director. As a result, minor configuration changes are required for the Management Portal to function correctly.

  • If you will not be using Execute PowerShell Script, following a clean installation:

    1. Browse to C:\Program Files (x86)\RES Software\IT Store\Web Console\Config.

    2. Within this folder, locate the WebConsole.config file and open it.

    3. Go to webConsoleConfiguration > managementService > database > encryptionKey.

    4. Remove the default value for encryptionKey , leaving only the quotation marks. 
      The end result should be encryptionKey="".

  • If you will be using Execute PowerShell Script:
    Before applying the encryption key for the Management Portal, make sure that, in IIS, the Load User Profile option for the Management Portal is set to True.

Optionally, you can extract the MSI files for the components of Identity Director from the installer, to perform unattended installations. You can either do this by selecting the option Extract all components in the installation wizard of the installer, or by using the command line "C:\TEMP\Identity Director Installer [version].exe" /extract:"C:\TEMP\package"

By default, the components of Identity Director are installed at %PROGRAMFILES%\RES Software\IT Store\. If you install the components at a custom location, you can use a maximum of 120 characters to specify the installation path.

Ivanti installation files are signed with certificates. Microsoft Windows tries to verify a certificate’s validity before installing software products. This process (Certificate Revocation List (CRL)) is run to check to see if a certificate was revoked because it was expired or compromised. This process is not unique to Ivanti and is something that happens for any product that contains a certificate and is run on Microsoft Windows (unless CRL is turned off which is not recommended by Microsoft). It is also possible under specific cases that a CRL check is done during process startup.

On computers without Internet access, the CRL validation may cause a delay of, for example, 20-30 seconds before an installation starts. This is by design of Microsoft Windows. To avoid this delay to occur, make sure devices can connect to the Internet. If this is not possible, implement a (manual/automatic) distribution system to keep the publisher's certificate revocation lists up to date.

Make sure that you use the same encryption key for the Transaction Engine and the Management Portal components of Identity Director.
When you first generate the encryption key, make sure you store it in a easily-accessible location for future use.
To see if an encryption key has already been configured, look in your web.config file, in the section webConsoleConfiguration > managementService > database > encryptionKey.

The Catalog Services have been deprecated and are no longer included in the installer. If you need to install the Catalog Services, for example to use integration with a legacy version of Ivanti Automation or Workspace Control, please refer to the Identity Director Upgrade Guide.

See also