MicroStrategy ONE
Install and Configure the MicroStrategy Identity Agent for OpenLDAP
- Open and run the Identity Agent installation file as an administrator. The Identity Agent installation wizard opens. Do the following:
- Review the information on the Welcome screen, then click Next.
- Read and accept the license agreement, then click Next.
- The default installation location for Identity Agent is displayed. If you want to change the location, click Change, then browse to the new location.
- Click Next, then click Install.
Click Finish to close the installation wizard. The Identity Agent setup tool opens.
If the Identity Agent setup tool does not open automatically, you can open it by navigating to the file location. To navigate to the default file location, click Start > All Programs, and expand the Identity Agent for OpenLDAP folder. Then click Config Identity Agent for OpenLDAP GUI to open the setup tool.
- In the Identity Agent setup tool, select Register new agent, then click Next..
- From the Is the MicroStrategy Identity Network installation on-premises/secure cloud drop-down list, select Yes.
- To set up the communication between MicroStrategy Identity Server and the Identity Agent, under General Information, do the following:
- In the Organization ID field, type the Organization ID provided by MicroStrategy Identity Manager, as described in Create a Certificate Signing Request in OpenLDAP.
- In the Agent ID field, type the Application ID provided by MicroStrategy Identity Manager, as described in Create a Certificate Signing Request in OpenLDAP.
- Next to the Certificate path field, click Browse. Navigate to and select the signed certificate that you downloaded from MicroStrategy Identity Manager, as described in Create a Certificate Signing Request in OpenLDAP. Then click Open.
- Next to the Private key path field, click Browse. Navigate to and select the private key that you created, as described in Create a Certificate Signing Request in OpenLDAP. Then click Open.
- You can display a profile photo on each MicroStrategy Badge, as described in Including Profile Photos in OpenLDAP. From the Does your photo URL need authentication drop-down list, select whether credentials are required to access user photos. If credentials are required, type the User name and Password that are required to access user photos.
- For MicroStrategy Cloud implementations, under Internet Connection Setup, specify how your network is protected:
- If your network is protected by a proxy server, select Proxy. Provide the following connection information for your proxy server:
- In the Proxy host address field, type the host address of your proxy server.
- In the Proxy port field, type the port number of your proxy server.
- If required by your proxy server, type the User name for your proxy server. Leave the field blank if a user name is not required
- If required by your proxy server, type the Password for your proxy server, then confirm the password. Leave the field blank if a password is not required.
- If your network is protected by a firewall, select Firewall.
- Under On-Premise/Secure Cloud Setup, provide the following information to create a secure connection:
- In the Gateway URL field, type the domain name and port number for the Agent Gateway, provided by MicroStrategy Identity Manager, as described in Create a Certificate Signing Request in OpenLDAP.
- By default, the signing Certificate Authority that you specified when you configured MicroStrategy Identity is included in the Identity Agent's list of trusted Certificate Authorities. If you specify an alternate signing Certificate Authority, do the following:
- From the Is signing CA included in the default trusted signing CA list drop-down list, select No.
- Type the Alias of your signing Certificate Authority.
- In the Certificate path field, type the file path to your signing Certificate Authority.
- You can specify the type of Agent you intended to install. If you choose OpenLDAP Agent, then also specify if your OpenLDAP server has the
ppolicy
overlay andusn
overlay enabled. - You can secure the communication between the Identity Agent and your OpenLDAP server using LDAP over SSL (LDAPS). To do this, from the LDAP over SSL (LDAPS) drop-down list under AD Setup, select Yes. Enter the file path to the Java KeyStore (.jks) file that stores the certificate, as described in the prerequisites.
- To set up the communication between the Identity Agent and your OpenLDAP server, under LDAP Setup, do the following:
- In the LDAP server address field, enter the IP address of your OpenLDAP server.
- In the Server port field, enter the port of your OpenLDAP server. The default port for LDAP communication is 389, and the default port for LDAPS communication is 636.
- Type the User name of an account that has access to your OpenLDAP server. Depending on your OpenLDAP configuration, type the user name in the format domainname\username.
-
Enter the Password for the OpenLDAP account, then confirm the password.
If you want to add a load balancer between the Identity Agent, make sure that the Identity Agent connects to the same OpenLDAP server persistently. If this is not done, the Identity Agent will not detect new users added to OpenLDAP.
- Click Submit. The connection is tested with your OpenLDAP server and completes the configuration of your Identity Agent.
Next, Add OpenLDAP Information to MicroStrategy Identity and Synchronize Users.