Unattended installations
You can install the components of Identity Director unattended, for example in a command line or as part of an Ivanti Automation Task Perform Unattended Installation.
- Before you install components unattended, make sure you meet the prerequisites.
- Use (x86) in the MSI's for installations on devices running a 32-bit version of Microsoft Windows.
- To extract the MSI files for the components from the Identity Director Installer, use the command line:
"C:\Identity Director Installer [version].exe" /extract:"c:\TEMP\package"
In the examples, double quotes ("") are used for some values but not for others. As a rule of thumb: quotes are necessary if the value contains one or more spaces.
The following Public Properties are available for the Setup and Sync Tool:
Property |
Value |
Description |
---|---|---|
DBCREATE |
YES or NO (default) |
Specify if a new database should be created using the specified values. |
DBTYPE |
MSSQL, MYSQL or MSSQLAZURE |
Specify the database type. |
DBSERVER |
[SERVERNAME] |
Specify the database server that hosts the Datastore. |
DBNAME |
[DATABASENAME] |
Specify the name of the Datastore that you want to connect to or want to create. |
DBCREATEUSER |
[USERNAME] |
Specify the database user account that has the rights to create new databases and logins. |
DBCREATEPASSWORD |
[PASSWORD] |
Specify the plain text database password that should be used to create the new database. |
DBUSER |
[DBUSERNAME] |
Specify the database user account that can connect to the database.
|
DBPASSWORD |
[DBPASSWORD] |
Specify the corresponding plain text password of DBUSER. |
DBPROTOCOLENCRYPTION |
DISABLED, |
Specify if protocol encryption should be used (Microsoft SQL Server database systems only).
|
INITEMPTYDB |
TRUE |
Specify if the (existing) database you are connecting to is empty and must be initialized for use as an Identity DirectorDatastore. |
DBIMPORTLICENSE |
[FILEPATH] |
Specify a license file that should be imported after the Datastore has been created (optional).
|
Examples, using data from the table above
- Install the Setup and Sync Tool and:
- connect to an existing database;
- use the default value for DBPROTOCOLENCRYPTION;
- initialize the database for use as a Datastore
- import a license
msiexec /i "C:\TEMP\Identity Director Setup Sync Tool (x64) [version].msi" /q /l*v "C:\TEMP\Install-IDSST.log" DBTYPE=MSSQL DBSERVER=SQLServer01 DBNAME=IDDB DBUSER=IDUser DBPASSWORD=IDUserP@ssw0rd INITEMPTYDB=TRUE DBIMPORTLICENSE="C:\TEMP\License.xml"- If the database does not yet exist, it will NOT be created.
- If the user (DBUSER) does not have sufficient permissions, the database will not be initialized
- Install the Setup and Sync Tool and:
- connect to an existing Datastore;
- use protocol encryption when connecting to the database, without validating the certificate
msiexec /i "C:\TEMP\Identity Director Setup Sync Tool (x64) [version].msi" /q /l*v "C:\TEMP\Install-IDSST.log" DBTYPE=MSSQL DBSERVER=SQLServer01 DBNAME=IDDB DBUSER=IDUser DBPASSWORD=IDUserP@ssw0rd DBPROTOCOLENCRYPTION=enabledwithoutvalidatecertificate- If the database does not yet exist, it will NOT be created.
- Install the Setup and Sync Tool and:
- create a new Datastore;
- use Windows authentication and the default value for DBPROTOCOLENCRYPTION when connecting to the database;
- import a license
msiexec /i "C:\TEMP\Identity Director Setup Sync Tool (x64) [version].msi" /q /l*v "C:\TEMP\Install-IDSST.log" DBCREATE=yes DBTYPE=MSSQL DBSERVER=SQLServer01 DBNAME=IDDB DBCREATEUSER=SA DBCREATEPASSWORD=SAPassword DBUSER= DBIMPORTLICENSE="C:\TEMP\License.xml"
You can also perform the actions listed above after installation of the Setup and Sync Tool. See Command-line options.
The following Public Properties are available for the Transaction Engine:
Property |
Value |
Description |
---|---|---|
DBTYPE |
MSSQL, MYSQL or MSSQLAZURE |
Specify the database type. |
DBSERVER |
[SERVERNAME] |
Specify the database server that hosts the Datastore. |
DBNAME |
[DATABASENAME] |
Specify the name of the Datastore that you want to connect to or want to create. |
DBUSER |
[DBUSERNAME] |
Specify the database user account that can connect to the database.
|
DBPASSWORD |
[DBPASSWORD] |
Specify the corresponding plain text password of DBUSER. |
DBPROTOCOLENCRYPTION |
DISABLED, |
Specify if protocol encryption should be used (Microsoft SQL Server database systems only).
|
DBENCRYPTIONKEY |
[ENCRYPTIONKEY] |
Specify the encryption key as generated by the installer or the Management Portal. The key will be used for encrypting sensitive information in the database. This key is mandatory if you want to use the Execute PowerShell Script workflow action. |
Example, using data from the table above
Install the Transaction Engine, and:
- connect to the database;
- use SQL authentication
- use the default value for DBPROTOCOLENCRYPTION
Msiexec /i "C:\TEMP\Identity Director Transaction Engine (x64) [version].msi" /q /l*v "C:\TEMP\Install-IDTE.log" DBTYPE=MSSQL DBSERVER=SQLServer01 DBNAME=IDDB DBUSER=IDUser DBPASSWORD=IDUserP@ssw0rd
The following Public Properties are available for the Web Portal:
Property |
Value |
Description |
---|---|---|
DBTYPE |
MSSQL, MYSQL or MSSQLAZURE |
Specify the database type. |
DBSERVER |
[SERVERNAME] |
Specify the database server that hosts the Datastore. |
DBNAME |
[DATABASENAME] |
Specify the name of the Datastore that you want to connect to or want to create. |
DBUSER |
[DBUSERNAME] |
Specify the database user account that can connect to the database. |
DBPASSWORD |
[DBPASSWORD] |
Specify the corresponding plain text password of DBUSER. |
DBPROTOCOLENCRYPTION |
DISABLED, |
Specify if protocol encryption should be used (Microsoft SQL Server database systems only).
|
The following Properties are only needed if the 'RES' site is not yet configured in IIS: |
||
HOST_SSL |
[IDENTITYDIRECTORHOST] |
Specifies the host name that is used by the Web Portal. |
PORT_SSL |
[IDENTITYDIRECTORPORT] |
Specify the port of the Web Portal.
|
SELECT_CERTIFICATE |
INSTALLED or SELFSIGNED |
Specify if you want to use a certificate you installed earlier, or a self-signed certificate. There is no default value; if the parameter is missing, the installation will fail. |
SSL_CERTIFICATE_ |
[CERTIFICATE] |
Specify the production certificate that the Web Portal should use.
Example: SSL_CERTIFICATE_THUMBPRINT= b34b25c35e5b6ba4cc943a69f53ca1f0cb9eb8f5 |
Example, using data from the table above
Install the Web Portal and:
- connect to the database;
- use Windows authentication and the default value for DBPROTOCOLENCRYPTION when connecting to the database;
- create a binding for the 'RES' site in IIS, which will be reachable at hostname ID.EXAMPLE.COM over port 222, using the specified certificate
msiexec /i "C:\TEMP\Identity Director Web Portal [version].msi" /q /l*v "C:\TEMP\Install-IDWP.log" DBTYPE=MSSQL DBSERVER=SQLServer01 DBNAME=IDDB DBUSER= HOST_SSL="ID.EXAMPLE.COM" PORT_SSL="222" SSL_CERTIFICATE_THUMBPRINT=b34b25c35e5b6ba4cc943a69f53ca1f0cb9eb8f5
The following Public Properties are available for the Management Portal:
Property |
Value |
Description |
---|---|---|
DBTYPE |
MSSQL, MYSQL or MSSQLAZURE |
Specify the database type. |
DBSERVER |
[SERVERNAME] |
Specify the database server that hosts the Datastore. |
DBNAME |
[DATABASENAME] |
Specify the name of the Datastore that you want to connect to or want to create. |
DBUSER |
[DBUSERNAME] |
Specify the database user account that can connect to the database. |
DBPASSWORD |
[DBPASSWORD] |
Specify the corresponding plain text password of DBUSER. |
DBPROTOCOLENCRYPTION |
DISABLED, |
Specify if protocol encryption should be used (Microsoft SQL Server database systems only).
|
DBENCRYPTIONKEY |
[ENCRYPTIONKEY] |
Specify the encryption key as generated by the installer or the Management Portal. The key will be used for encrypting sensitive information in the database. This key is mandatory if you want to use the Execute PowerShell Script workflow action. |
ENABLEAPI |
YES or NO (default) |
Specify if you want to enable the public API. The default value is NO. |
The following Properties are only needed if the 'RES' site is not yet configured in IIS: |
||
HOST_SSL |
[IDENTITYDIRECTORHOST] |
Specifies the host name that is used by the Management Portal. |
PORT_SSL |
[IDENTITYDIRECTORPORT] |
Specify the port of the Management Portal. |
SSL_CERTIFICATE_ |
[CERTIFICATE] |
Specify the production certificate that the Management Portal should use.
Example: SSL_CERTIFICATE_THUMBPRINT= b34b25c35e5b6ba4cc943a69f53ca1f0cb9eb8f5 |
Example, using data from the table above
Install the Management Portal and:
- connect to the database;
- use Windows authentication and the default value for DBPROTOCOLENCRYPTION when connecting to the database;
- create a binding for the 'RES' site in IIS, which will be reachable at hostname ID.EXAMPLE.COM over port 222, using the specified certificate
msiexec /i "C:\TEMP\Identity Director Management Portal [version].msi" /q /l*v "C:\TEMP\Install-IDMP.log" DBTYPE=MSSQL DBSERVER=SQLServer01 DBNAME=IDDB DBUSER=IDUser DBPASSWORD=IDUserP@ssw0rd HOST_SSL="ID.EXAMPLE.COM" PORT_SSL="222" SSL_CERTIFICATE_THUMBPRINT=b34b25c35e5b6ba4cc943a69f53ca1f0cb9eb8f5
The following Public Properties are available for the Mobile Gateway:
Property |
Value |
Description |
---|---|---|
DBTYPE |
MSSQL, MYSQL or MSSQLAZURE |
Specify the database type. |
DBSERVER |
[SERVERNAME] |
Specify the database server that hosts the Datastore. |
DBNAME |
[DATABASENAME] |
Specify the name of the Datastore that you want to connect to or want to create. |
DBUSER |
[DBUSERNAME] |
Specify the database user account that can connect to the database. |
DBPASSWORD |
[DBPASSWORD] |
Specify the corresponding plain text password of DBUSER. |
DBPROTOCOLENCRYPTION |
DISABLED, |
Specify if protocol encryption should be used (Microsoft SQL Server database systems only).
|
The following Properties are only needed if the 'RES' site is not yet configured in IIS: |
||
HOST_SSL |
[IDENTITYDIRECTORHOST] |
Specifies the host name that is used by the Web Portal. |
PORT_SSL |
[IDENTITYDIRECTORPORT] |
Specify the port of the Web Portal.
|
SSL_CERTIFICATE_ |
[CERTIFICATE] |
Specify the production certificate that the Web Portal should use.
Example: SSL_CERTIFICATE_THUMBPRINT= b34b25c35e5b6ba4cc943a69f53ca1f0cb9eb8f5 |
Example, using data from the table above
Install the Mobile Gateway on a server where the RES site is already available, and:
- connect to the database;
- use Windows authentication and the default value for DBPROTOCOLENCRYPTION when connecting to the database;
msiexec /i "C:\TEMP\Identity Director Mobile Gateway [version].msi" /q /l*v "C:\TEMP\Install-IDMG.log" DBTYPE=MSSQL DBSERVER=SQLServer01 DBNAME=IDDB DBUSER=IDUser DBPASSWORD=IDUserP@ssw0rd
The following Public Properties are available for the Windows Client:
Property |
Value |
Description |
---|---|---|
MOBILEGATEWAYHOST |
[MobileGatewayUrl] |
Specify the URL for the Mobile Gateway. This will usually be the hostname configured in the IIS binding for the 'RES' site, followed by /Mobile |
WEBPORTALSHAREDACCESSKEY |
[primary_or_secondary_key] |
Specify the primary or secondary shared access key that you configured at the Web Portal shared access policy. |
Example, using data from the table above
Install the Windows Client:
msiexec /i "C:\TEMP\Identity Director Client (x64) [version].msi" /q /l*v "C:\TEMP\Install-IDClient.log" MOBILEGATEWAYHOST="HTTPS://ID.EXAMPLE.COM/Mobile" WEBPORTALSHAREDACCESSKEY="f8QBIxWH93iRire/VW9I1g=="
The following Public Properties are available for the Identity Broker:
Property |
Value |
Description |
---|---|---|
DBSERVER |
[SERVERNAME] |
Specify the database server that hosts the Datastore. |
DBUSER |
[DBUSERNAME] |
Specify the database user account that can connect to the database.
|
DBPASSWORD |
[DBPASSWORD] |
Specify the corresponding plain text password of DBUSER. |
DBNAME |
[DATABASENAME] |
Specify the name of the Datastore that you want to connect to. |
DBAUTHTYPE |
1 (default) or 2 |
Specify if the connection to the database should use SQL authentication (1) or Windows authentication (2). |
IDBURL |
[BASE-URL] |
Specify the base-URL for Identity Broker, without protocol (https) or trailing slash (/) |
RUNADAUTH |
YES |
Specify if you want to install the Identity BrokerActive Directory Authentication provider. |
RUNWINAUTH |
YES |
Specify if you want to install the Identity Broker Windows Authentication provider. |
The following Properties are only needed if the 'RES' site is not yet configured in IIS: |
||
SELECT_CERTIFICATE |
INSTALLED or SELFSIGNED |
Specify if you want to use a certificate you installed earlier, or a self-signed certificate. |
TLS_CERTIFICATE_ |
[THUMBPRINT] |
Specify the thumbprint of the installed certificate that Identity Broker should use.
|
PORT_TLS |
[PORTNUMBER] |
Specify the port used for the SSL binding of the Identity Broker.
|
Examples, using data from the table above:
- Install the Identity Broker with:
- the Active Directory Authentication provider;
- using SQL authentication for the Identity Broker database;
- with a site binding using the default port (443) and a self-signed certificate
msiexec /qn /i "C:\TEMP\Identity Broker [version].msi" DBSERVER=SQLServer01 DBUSER=IBUser DBAUTHTYPE=2 DBNAME=IBDB IDBURL=TESTSERVER.EXAMPLE.COM RUNADAUTH=YES SELECT_CERTIFICATE=SELFSIGNED - Install the Identity Broker with:
- the Active Directory and Windows Authentication providers;
- using Windows authentication for the Identity Broker database;
- with a site binding using port 222 and an installed certificate
msiexec /qn /i "C:\TEMP\Identity Broker [version].msi" DBSERVER=SQLServer01 DBUSER=IBUser DBPASSWORD=IBUserPassword DBAUTHTYPE=1 DBNAME=IBDB IDBURL=SERVER.EXAMPLE.COM RUNADAUTH=YES RUNWINAUTH=YES SELECT_CERTIFICATE=INSTALLED TLS_CERTIFICATE_THUMBPRINT=b34b25c35e5b6ba4cc943a69f53ca1f0cb9eb8f5 PORT_TLS=222
Unattended installation of the Identity Broker does not pre-configure the settings in either Identity Director or Identity Broker. That is only possible using the Identity Director installer (Identity Director Installer [version].exe).
Below is a sample script for a full installation of Identity Director, including Identity Broker:
- Setup & Sync Tool x64
- Transaction Engine x64
- Web Portal (self-signed certificate)
- Management Portal
- Mobile Gateway
- Client x64
- Identity Broker
@echo off
set dbServer=%1
set dbName=%2
set dbAdminUser=%3
set dbAdminPassword=%4
set dbIDUser=%5
set dbIDPassword=%6
echo
echo #####################################################
echo Starting installation...
echo #####################################################
echo Starting installation for Identity Director Setup and Sync Tool
start /wait msiexec /i "Identity Director Setup Sync Tool (x64) [VERSION NUMBER].msi" /q /l*v "Install-IDSST.log" DBCREATE=YES DBCREATEUSER=%dbAdminUser% DBCREATEPASSWORD=%dbAdminPassword% DBTYPE=MSSQL DBSERVER=%dbServer% DBNAME=%dbName% DBUSER=%dbIDUser% DBPASSWORD=%dbIDPassword% DBPROTOCOLENCRYPTION=DISABLED
echo Done!
echo Starting installation for Identity Director Transaction Engine
start /wait msiexec /i "Identity Director Transaction Engine (x64) [VERSION NUMBER].msi" /q /l*v "Install-IDTE.log" DBTYPE=MSSQL DBSERVER=%dbServer% DBNAME=%dbName% DBUSER=%dbIDUser% DBPASSWORD=%dbIDPassword% DBPROTOCOLENCRYPTION=DISABLED
echo Done!
echo Starting installation for Identity Director Web Portal
start /wait msiexec /i "Identity Director Web Portal [VERSION NUMBER].msi" /q /l*v "Install-IDWP.log" DBTYPE=MSSQL DBSERVER=%dbServer% DBNAME=%dbName% DBUSER=%dbIDUser% DBPASSWORD=%dbIDPassword% HOST_SSL="localhost" PORT_SSL="443" SELECT_CERTIFICATE="SELFSIGNED" DBPROTOCOLENCRYPTION=DISABLED
echo Done!
echo Starting installation for Identity Director Management Portal
start /wait msiexec /i "Identity Director Management Portal [VERSION NUMBER].msi" /q /l*v "Install-IDMP.log" DBTYPE=MSSQL DBSERVER=%dbServer% DBNAME=%dbName% DBUSER=%dbIDUser% DBPASSWORD=%dbIDPassword% DBPROTOCOLENCRYPTION=DISABLED
echo Done!
echo Starting installation for Identity Director Mobile Gateway
start /wait msiexec /i "Identity Director Mobile Gateway [VERSION NUMBER].msi" /q /l*v "Install-IDMG.log" DBTYPE=MSSQL DBSERVER=%dbServer% DBNAME=%dbName% DBUSER=%dbIDUser% DBPASSWORD=%dbIDPassword% DBPROTOCOLENCRYPTION=DISABLED
echo Done!
echo Starting installation for Identity Director Windows Client
start /wait msiexec /i "Identity Director Client (x64) [VERSION NUMBER].msi" /q /l*v "Install-IDClient.log" MOBILEGATEWAYHOST="https://localhost/mobile"
echo Done!
echo Starting installation for Identity Broker
start /wait msiexec /i "Identity Broker [VERSION NUMBER].msi" /q /l*v "Install-IB.log" DBSERVER=%dbServer% DBUSER=%dbIDUser% DBPASSWORD=%dbIDPassword% DBAUTHTYPE=1 DBNAME=%dbName% IDBURL=localhost
echo Done!
echo #####################################################
echo Installation finished successfully!
echo #####################################################