Identity Gateway 7.2

Prepare to install

Requirements

Make sure that your installation meets the requirements in Requirements.

Create an IG service account

To limit the impact of a security breach, install and run IG from a dedicated service account. This is optional when you are evaluating IG, but essential in production installations.

A hacker is constrained by the rights granted to the user account where IG runs; therefore, never run IG as root user.

  1. In a terminal window, use a command similar to the following to create a service account:

    • Linux

    • Windows

    $ sudo /usr/sbin/useradd \
--create-home \
--comment "Account for running IG" \
--shell /bin/bash IG
    > net user username password /add /comment:"Account for running IG"

  2. Apply the principle of least privilege to the account, for example:

    • Read/write permissions on the installation directory, /path/to/identity-gateway.

    • Execute permissions on the scripts in the installation bin directory, /path/to/identity-gateway/bin.

Prepare the network

Configure the network to include the hosts.

  1. Add the following additional entry to your host file:

    • Linux

    • Windows

    /etc/hosts
    %SystemRoot%\system32\drivers\etc\hosts
    127.0.0.1  localhost ig.example.com app.example.com am.example.com

    For more information about host files, see the Wikipedia entry, Hosts (file).