{ "componentChunkName": "component---src-templates-docs-js", "path": "/installation/2-docker-installation", "result": {"data":{"site":{"siteMetadata":{"title":"OpenIAM Documentation v2026.5.2 | OpenIAM","docsLocation":""}},"mdx":{"fields":{"id":"0d42cf29-f18b-596d-b243-4a758d635b8b","title":"Deploying via Docker","slug":"/installation/2-docker-installation"},"body":"var _excluded = [\"components\"];\n\nfunction _extends() { _extends = Object.assign || function (target) { for (var i = 1; i < arguments.length; i++) { var source = arguments[i]; for (var key in source) { if (Object.prototype.hasOwnProperty.call(source, key)) { target[key] = source[key]; } } } return target; }; return _extends.apply(this, arguments); }\n\nfunction _objectWithoutProperties(source, excluded) { if (source == null) return {}; var target = _objectWithoutPropertiesLoose(source, excluded); var key, i; if (Object.getOwnPropertySymbols) { var sourceSymbolKeys = Object.getOwnPropertySymbols(source); for (i = 0; i < sourceSymbolKeys.length; i++) { key = sourceSymbolKeys[i]; if (excluded.indexOf(key) >= 0) continue; if (!Object.prototype.propertyIsEnumerable.call(source, key)) continue; target[key] = source[key]; } } return target; }\n\nfunction _objectWithoutPropertiesLoose(source, excluded) { if (source == null) return {}; var target = {}; var sourceKeys = Object.keys(source); var key, i; for (i = 0; i < sourceKeys.length; i++) { key = sourceKeys[i]; if (excluded.indexOf(key) >= 0) continue; target[key] = source[key]; } return target; }\n\n/* @jsxRuntime classic */\n\n/* @jsx mdx */\nvar _frontmatter = {\n \"title\": \"Deploying via Docker\",\n \"metaTitle\": \"Deploying via Docker\",\n \"metaDescription\": \"This page describes how to deploy OpenIAM in Docker\"\n};\nvar layoutProps = {\n _frontmatter: _frontmatter\n};\nvar MDXLayout = \"wrapper\";\nreturn function MDXContent(_ref) {\n var components = _ref.components,\n props = _objectWithoutProperties(_ref, _excluded);\n\n return mdx(MDXLayout, _extends({}, layoutProps, props, {\n components: components,\n mdxType: \"MDXLayout\"\n }), mdx(\"p\", null, \"This section describes how to deploy the OpenIAM platform in a \", mdx(\"strong\", {\n parentName: \"p\"\n }, \"Docker Swarm\"), \" environment. The procedures described in this section must be performed in the order that they are presented. Some steps in this installation require \", mdx(\"inlineCode\", {\n parentName: \"p\"\n }, \"root\"), \" level privileges to the system where OpenIAM will be deployed.\"), mdx(\"div\", {\n style: {\n \"border\": \"1px solid #169998\",\n \"marginTop\": \"15px\",\n \"marginBottom\": \"15px\",\n \"paddingTop\": \"10px\",\n \"paddingBottom\": \"10px\",\n \"paddingLeft\": \"5px\",\n \"paddingRight\": \"5px\"\n }\n }, mdx(\"span\", {\n style: {\n \"color\": \"#169998\",\n \"fontWeight\": \"bold\"\n }\n }, \"\\xE2\\u0161\\xA0\\xEF\\xB8\\x8F Warning! \"), \"Due to limitations in Swarm's architecture, which is \", mdx(\"span\", {\n style: {\n \"fontWeight\": \"bold\"\n }\n }, \"NOT an HA deployment\"), \", it is \", mdx(\"span\", {\n style: {\n \"fontWeight\": \"bold\"\n }\n }, \" no longer meant for production use\"), \". Although we maintain this repository, and ensure that it properly works, we highly recommend using our \", mdx(\"a\", {\n href: \"6-kubernetes-installation\"\n }, \"Kuberentes deployment structure\"), \", being a true HA deployment and enabling horizontal scaling across N nodes.\"), mdx(\"h4\", null, \"What is Docker?\"), mdx(\"p\", null, \"Docker is a tool for creating, deploying, and running applications using containers. Docker Compose is a tool for defining and running multi-container Docker applications. Docker provides a standardized, lightweight, execution environment that maintains all dependencies within it. It can be run on either physical or virtualized environments which are on-premises or in the cloud. For more information about docker, please see the \", mdx(\"a\", {\n parentName: \"p\",\n \"href\": \"https://www.docker.com/\"\n }, \"Docker website\"), \" and \", mdx(\"a\", {\n parentName: \"p\",\n \"href\": \"https://docs.docker.com/\"\n }, \"Docker Documentation\"), \".\"), mdx(\"h1\", null, \"OpenIAM on Docker\"), mdx(\"p\", null, \"The OpenIAM Docker deployment method enables you to deploy on OpenIAM using a series of pre-configured containers in a short amount of time without the complexity of deploying a series of dependencies. The simplified deployment method requires the following.\"), mdx(\"ul\", null, mdx(\"li\", {\n parentName: \"ul\"\n }, \"Installing the Docker software.\"), mdx(\"li\", {\n parentName: \"ul\"\n }, \"Configuring environment variables.\"), mdx(\"li\", {\n parentName: \"ul\"\n }, \"Running scripts for setting up and starting up the OpenIAM instance. Running the deployment scripts automatically takes care of all component dependencies and release updates.\")), mdx(\"p\", null, \"OpenIAM docker containers are maintained on OpenIAM Container Registry. Once these containers have been pulled into your environment using the details below, you will also need:\"), mdx(\"ul\", null, mdx(\"li\", {\n parentName: \"ul\"\n }, \"Docker client. Docker Community Edition (CE) versions 19.03.12 or higher;\"), mdx(\"li\", {\n parentName: \"ul\"\n }, \"Docker compose. Defines and enables the operation of a multi-container Docker application. OpenIAM uses \", mdx(\"inlineCode\", {\n parentName: \"li\"\n }, \"docker-compose\"), \" file format 3.2.\")), mdx(\"h1\", null, \"OpenIAM solution stacks\"), mdx(\"p\", null, \"The OpenIAM solution consists of several stacks that are deployable the Docker Swarm. Docker Swarm is a container orchestration tool, meaning that it allows managing multiple containers deployed across multiple host machines. The content of each stack is described below.\"), mdx(\"h2\", null, \"Critical infrastructure stacks\"), mdx(\"p\", null, \"The infrastructure stacks are used across the OpenIAM solution regardless of the functionality that you are enabling. These components must be operational for the OpenIAM solution to function correctly.\"), mdx(\"table\", null, mdx(\"thead\", {\n parentName: \"table\"\n }, mdx(\"tr\", {\n parentName: \"thead\"\n }, mdx(\"th\", {\n parentName: \"tr\",\n \"align\": \"right\"\n }, \"Stack Name\"), mdx(\"th\", {\n parentName: \"tr\",\n \"align\": \"right\"\n }, \"Description\"))), mdx(\"tbody\", {\n parentName: \"table\"\n }, mdx(\"tr\", {\n parentName: \"tbody\"\n }, mdx(\"td\", {\n parentName: \"tr\",\n \"align\": \"right\"\n }, \"OpenSearch\"), mdx(\"td\", {\n parentName: \"tr\",\n \"align\": \"right\"\n }, \"Runs OpenSearch. OpenSearch is an enterprise-level search engine. OpenSearch uses an index-based search approach, which allows for fast searching. The architecture allows for scalability, flexibility, and multi-tenancy support\")), mdx(\"tr\", {\n parentName: \"tbody\"\n }, mdx(\"td\", {\n parentName: \"tr\",\n \"align\": \"right\"\n }, \"Redis\"), mdx(\"td\", {\n parentName: \"tr\",\n \"align\": \"right\"\n }, \"Runs Redis. Redis is an in-memory data structure store used as a database, cache, and message broker by OpenIAM\")), mdx(\"tr\", {\n parentName: \"tbody\"\n }, mdx(\"td\", {\n parentName: \"tr\",\n \"align\": \"right\"\n }, \"MariaDB / PostgresSQL\"), mdx(\"td\", {\n parentName: \"tr\",\n \"align\": \"right\"\n }, \"Runs either MariaDB or PostgreSQL as the product repository. MariaDB is configured as the default repository. Aside from these two databases, you can also use a remote database\")), mdx(\"tr\", {\n parentName: \"tbody\"\n }, mdx(\"td\", {\n parentName: \"tr\",\n \"align\": \"right\"\n }, \"RabbitMQ\"), mdx(\"td\", {\n parentName: \"tr\",\n \"align\": \"right\"\n }, \"Runs RabbitMQ. RabbitMQ is the message brokering software service for sending and receiving messages between systems\")), mdx(\"tr\", {\n parentName: \"tbody\"\n }, mdx(\"td\", {\n parentName: \"tr\",\n \"align\": \"right\"\n }, \"Vault\"), mdx(\"td\", {\n parentName: \"tr\",\n \"align\": \"right\"\n }, \"Runs Hashicorp's Vault. Vault secures, stores, and tightly controls access to tokens, passwords, certificates, API keys, and other secrets\")), mdx(\"tr\", {\n parentName: \"tbody\"\n }, mdx(\"td\", {\n parentName: \"tr\",\n \"align\": \"right\"\n }, \"ETCD\"), mdx(\"td\", {\n parentName: \"tr\",\n \"align\": \"right\"\n }, \"Runs ETCD, which is used to store Vault data. ETCD is a distributed key-value store.\")))), mdx(\"p\", null, mdx(\"em\", {\n parentName: \"p\"\n }, \"MariaDB is the default Database. You can change it to PostgreSQL if you prefer. You will not enable both databases.\")), mdx(\"h2\", null, \"Service stacks\"), mdx(\"table\", null, mdx(\"thead\", {\n parentName: \"table\"\n }, mdx(\"tr\", {\n parentName: \"thead\"\n }, mdx(\"th\", {\n parentName: \"tr\",\n \"align\": \"right\"\n }, \"Stack Name\"), mdx(\"th\", {\n parentName: \"tr\",\n \"align\": \"right\"\n }, \"Description\"))), mdx(\"tbody\", {\n parentName: \"table\"\n }, mdx(\"tr\", {\n parentName: \"tbody\"\n }, mdx(\"td\", {\n parentName: \"tr\",\n \"align\": \"right\"\n }, \"OpenIAM core services\"), mdx(\"td\", {\n parentName: \"tr\",\n \"align\": \"right\"\n }, \"Runs services shared across the product.\")), mdx(\"tr\", {\n parentName: \"tbody\"\n }, mdx(\"td\", {\n parentName: \"tr\",\n \"align\": \"right\"\n }, \"Identity manager\"), mdx(\"td\", {\n parentName: \"tr\",\n \"align\": \"right\"\n }, \"Runs the identity manager application. Identity manager automates the task of managing identities across various devices and applications used by the enterprise.\")), mdx(\"tr\", {\n parentName: \"tbody\"\n }, mdx(\"td\", {\n parentName: \"tr\",\n \"align\": \"right\"\n }, \"Workflow\"), mdx(\"td\", {\n parentName: \"tr\",\n \"align\": \"right\"\n }, \"Runs the workflow application. A workflow is a repeatable process during which documents, information, or requests are passed from one participant to another for action, according to a set of procedural rules. A participant can be a person, machine, or both.\")), mdx(\"tr\", {\n parentName: \"tbody\"\n }, mdx(\"td\", {\n parentName: \"tr\",\n \"align\": \"right\"\n }, \"Groovy manager\"), mdx(\"td\", {\n parentName: \"tr\",\n \"align\": \"right\"\n }, \"Runs Groovy Manager, an application for managing Groovy scripts in OpenIAM. Apache Groovy is a dynamic programming language for the Java platform. allows you to add, update, edit, and modify Groovy scripts to extend the identity governance and web access management functionality to meet specific, complex requirements.\")), mdx(\"tr\", {\n parentName: \"tbody\"\n }, mdx(\"td\", {\n parentName: \"tr\",\n \"align\": \"right\"\n }, \"Synchronization\"), mdx(\"td\", {\n parentName: \"tr\",\n \"align\": \"right\"\n }, \"Runs the synchronization application. Synchronization allows you to synchronize data from one or more authoritative sources to a set of managed systems. Synchronization configuration enables monitoring a source system for changes and then updating target systems at scheduled periodic intervals.\")), mdx(\"tr\", {\n parentName: \"tbody\"\n }, mdx(\"td\", {\n parentName: \"tr\",\n \"align\": \"right\"\n }, \"Reconciliation\"), mdx(\"td\", {\n parentName: \"tr\",\n \"align\": \"right\"\n }, \"Runs the reconciliation application. This is two side synchronization between OpenIAM and the target system.\")), mdx(\"tr\", {\n parentName: \"tbody\"\n }, mdx(\"td\", {\n parentName: \"tr\",\n \"align\": \"right\"\n }, \"Authorization manager\"), mdx(\"td\", {\n parentName: \"tr\",\n \"align\": \"right\"\n }, \"Runs the authorization manager. This module handles RBAC authorization via relationships between Users, Organizations, Roles, Groups, and Resources.\")), mdx(\"tr\", {\n parentName: \"tbody\"\n }, mdx(\"td\", {\n parentName: \"tr\",\n \"align\": \"right\"\n }, \"E-mail Manager\"), mdx(\"td\", {\n parentName: \"tr\",\n \"align\": \"right\"\n }, \"Runs the email manager. Handles sending and receiving email.\")))), mdx(\"h2\", null, \"UI Stack\"), mdx(\"table\", null, mdx(\"thead\", {\n parentName: \"table\"\n }, mdx(\"tr\", {\n parentName: \"thead\"\n }, mdx(\"th\", {\n parentName: \"tr\",\n \"align\": \"right\"\n }, \"Stack Name\"), mdx(\"th\", {\n parentName: \"tr\",\n \"align\": \"right\"\n }, \"Description\"))), mdx(\"tbody\", {\n parentName: \"table\"\n }, mdx(\"tr\", {\n parentName: \"tbody\"\n }, mdx(\"td\", {\n parentName: \"tr\",\n \"align\": \"right\"\n }, \"Tomcat with three applications\"), mdx(\"td\", {\n parentName: \"tr\",\n \"align\": \"right\"\n }, mdx(\"span\", null, \"These are:\"), mdx(\"ul\", null, mdx(\"li\", null, mdx(\"strong\", {\n parentName: \"td\"\n }, \"IdP\"), \". The OpenIAM web application which provides centralized authentication and self-service password reset functionality. This application also allows OpenIAM to be configured as both an Identity Provider and a Service Provider.\"), mdx(\"li\", null, mdx(\"strong\", {\n parentName: \"td\"\n }, \"webconsole\"), \". The OpenIAM web application for administrators for managing identities across various devices and applications used by an enterprise, and for controlling access to these devices and applications.\"), mdx(\"li\", null, mdx(\"strong\", {\n parentName: \"td\"\n }, \"SelfService Portal\"), \". The OpenIAM end-user web application that allows users to create new requests, reset and change passwords, manage their profiles, manage access requests, manage challenge response security questions, look up corporate users through a directory search, and reset their accounts if they are locked out. Authorized users can also use the request approval functionality.\")))))), mdx(\"h2\", null, \"Reverse Proxy Stack\"), mdx(\"table\", null, mdx(\"thead\", {\n parentName: \"table\"\n }, mdx(\"tr\", {\n parentName: \"thead\"\n }, mdx(\"th\", {\n parentName: \"tr\",\n \"align\": \"right\"\n }, \"Stack Name\"), mdx(\"th\", {\n parentName: \"tr\",\n \"align\": \"right\"\n }, \"Description\"))), mdx(\"tbody\", {\n parentName: \"table\"\n }, mdx(\"tr\", {\n parentName: \"tbody\"\n }, mdx(\"td\", {\n parentName: \"tr\",\n \"align\": \"right\"\n }, \"Apache Web server with rProxy\"), mdx(\"td\", {\n parentName: \"tr\",\n \"align\": \"right\"\n }, \"Gateway between clients and a server for managing inbound traffic to a server.\")))), mdx(\"h1\", null, \"System requirements\"), mdx(\"p\", null, \"The table below specifies the \", mdx(\"strong\", {\n parentName: \"p\"\n }, \"minimum system requirements\"), \" for deploying a non-production OpenIAM v4.2.x instance using Docker.\"), mdx(\"h2\", null, \"MINIMUM hardware requirements\"), mdx(\"p\", null, \"For non-production use, the Linux Host or VM \", mdx(\"strong\", {\n parentName: \"p\"\n }, \"must\"), \" have the following \", mdx(\"inlineCode\", {\n parentName: \"p\"\n }, \"minimum\"), \" configuration:\"), mdx(\"table\", null, mdx(\"thead\", {\n parentName: \"table\"\n }, mdx(\"tr\", {\n parentName: \"thead\"\n }, mdx(\"th\", {\n parentName: \"tr\",\n \"align\": \"right\"\n }, \"Configuration\"), mdx(\"th\", {\n parentName: \"tr\",\n \"align\": \"right\"\n }, \"Non-Production\"), mdx(\"th\", {\n parentName: \"tr\",\n \"align\": \"right\"\n }, \"Production (may increase based on sizing)\"))), mdx(\"tbody\", {\n parentName: \"table\"\n }, mdx(\"tr\", {\n parentName: \"tbody\"\n }, mdx(\"td\", {\n parentName: \"tr\",\n \"align\": \"right\"\n }, \"Memory\"), mdx(\"td\", {\n parentName: \"tr\",\n \"align\": \"right\"\n }, \"48 GB\"), mdx(\"td\", {\n parentName: \"tr\",\n \"align\": \"right\"\n }, \"64 GB\")), mdx(\"tr\", {\n parentName: \"tbody\"\n }, mdx(\"td\", {\n parentName: \"tr\",\n \"align\": \"right\"\n }, \"CPU\"), mdx(\"td\", {\n parentName: \"tr\",\n \"align\": \"right\"\n }, \"8 CPUs\"), mdx(\"td\", {\n parentName: \"tr\",\n \"align\": \"right\"\n }, \"12 CPUs\")), mdx(\"tr\", {\n parentName: \"tbody\"\n }, mdx(\"td\", {\n parentName: \"tr\",\n \"align\": \"right\"\n }, \"Disk\"), mdx(\"td\", {\n parentName: \"tr\",\n \"align\": \"right\"\n }, \"80 GB\"), mdx(\"td\", {\n parentName: \"tr\",\n \"align\": \"right\"\n }, \"200 GB\")))), mdx(\"div\", {\n style: {\n \"border\": \"1px solid #169998\",\n \"marginTop\": \"15px\",\n \"marginBottom\": \"15px\",\n \"paddingTop\": \"10px\",\n \"paddingBottom\": \"10px\",\n \"paddingLeft\": \"5px\",\n \"paddingRight\": \"5px\"\n }\n }, mdx(\"span\", {\n style: {\n \"color\": \"#169998\",\n \"fontWeight\": \"bold\"\n }\n }, \"Please ensure that you are environment is aligned with the minimum system requirements described above. These parameters are not optional. OpenIAM will not start if system resources are below the minimum levels.\")), mdx(\"p\", null, mdx(\"strong\", {\n parentName: \"p\"\n }, \"For production use\"), \": Customers with active subscriptions and partners, should contact OpenIAM Support (\", mdx(\"a\", {\n parentName: \"p\",\n \"href\": \"mailto:techsupport@openiam.com\"\n }, \"techsupport@openiam.com\"), \") for assistance with sizing requirements.\"), mdx(\"h2\", null, \"Software requirements\"), mdx(\"table\", null, mdx(\"thead\", {\n parentName: \"table\"\n }, mdx(\"tr\", {\n parentName: \"thead\"\n }, mdx(\"th\", {\n parentName: \"tr\",\n \"align\": null\n }, \"Specification\"), mdx(\"th\", {\n parentName: \"tr\",\n \"align\": \"left\"\n }, \"Requirement\"))), mdx(\"tbody\", {\n parentName: \"table\"\n }, mdx(\"tr\", {\n parentName: \"tbody\"\n }, mdx(\"td\", {\n parentName: \"tr\",\n \"align\": null\n }, \"OS\"), mdx(\"td\", {\n parentName: \"tr\",\n \"align\": \"left\"\n }, \"Ubuntu (22.04 LTS, 24.04 LTS) or Centos8/Centos9/RHEL8/RHEL9/RockyLinux8/RockyLinux9\")), mdx(\"tr\", {\n parentName: \"tbody\"\n }, mdx(\"td\", {\n parentName: \"tr\",\n \"align\": null\n }, \"Docker client\"), mdx(\"td\", {\n parentName: \"tr\",\n \"align\": \"left\"\n }, \"23.0.1 or higher\")), mdx(\"tr\", {\n parentName: \"tbody\"\n }, mdx(\"td\", {\n parentName: \"tr\",\n \"align\": null\n }, \"Docker compose\"), mdx(\"td\", {\n parentName: \"tr\",\n \"align\": \"left\"\n }, \"1.28.2 or higher\")), mdx(\"tr\", {\n parentName: \"tbody\"\n }, mdx(\"td\", {\n parentName: \"tr\",\n \"align\": null\n }, \"Supported browsers\"), mdx(\"td\", {\n parentName: \"tr\",\n \"align\": \"left\"\n }, \"Google Chrome (v89.0.4389.114 and later), Microsoft Edge, Mozilla Firefox (v87 and later).\", mdx(\"br\", null), mdx(\"div\", {\n style: {\n \"border\": \"1px solid #169998\",\n \"marginTop\": \"15px\",\n \"marginBottom\": \"15px\",\n \"paddingTop\": \"10px\",\n \"paddingBottom\": \"10px\",\n \"paddingLeft\": \"5px\",\n \"paddingRight\": \"5px\"\n }\n }, mdx(\"span\", {\n style: {\n \"color\": \"#169998\",\n \"fontWeight\": \"bold\"\n }\n }, \"Note:\"), \" Internet Explorer (IE) is not supported.\"))))), mdx(\"h1\", null, \"Preparing your system\"), mdx(\"p\", null, \"The OpenIAM application requires the configurations described below to be performed prior to installing the application.\"), mdx(\"h2\", null, \"Install pre-requisite packages\"), mdx(\"p\", null, \"Prior to installing the OpenIAM, please execute the commands below to install the required packages. If you have already logged in as \", mdx(\"inlineCode\", {\n parentName: \"p\"\n }, \"root\"), \", you do not need to prefix them with \", mdx(\"inlineCode\", {\n parentName: \"p\"\n }, \"sudo\"), \". If you have used another account, then you need to use \", mdx(\"inlineCode\", {\n parentName: \"p\"\n }, \"sudo\"), \".\"), mdx(\"table\", null, mdx(\"thead\", {\n parentName: \"table\"\n }, mdx(\"tr\", {\n parentName: \"thead\"\n }, mdx(\"th\", {\n parentName: \"tr\",\n \"align\": \"right\"\n }, \"Description\"), mdx(\"th\", {\n parentName: \"tr\",\n \"align\": \"right\"\n }, \"Command on CentOS 8 Stream\"), mdx(\"th\", {\n parentName: \"tr\",\n \"align\": \"right\"\n }, \"Command on Ubuntu\"))), mdx(\"tbody\", {\n parentName: \"table\"\n }, mdx(\"tr\", {\n parentName: \"tbody\"\n }, mdx(\"td\", {\n parentName: \"tr\",\n \"align\": \"right\"\n }, \"Update the OS\"), mdx(\"td\", {\n parentName: \"tr\",\n \"align\": \"right\"\n }, mdx(\"inlineCode\", {\n parentName: \"td\"\n }, \"dnf\"), \" update\"), mdx(\"td\", {\n parentName: \"tr\",\n \"align\": \"right\"\n }, \"apt-get update\")), mdx(\"tr\", {\n parentName: \"tbody\"\n }, mdx(\"td\", {\n parentName: \"tr\",\n \"align\": \"right\"\n }, \"Install Nano\"), mdx(\"td\", {\n parentName: \"tr\",\n \"align\": \"right\"\n }, mdx(\"inlineCode\", {\n parentName: \"td\"\n }, \"dnf\"), \" install nano\"), mdx(\"td\", {\n parentName: \"tr\",\n \"align\": \"right\"\n }, \"apt-get install nano\")), mdx(\"tr\", {\n parentName: \"tbody\"\n }, mdx(\"td\", {\n parentName: \"tr\",\n \"align\": \"right\"\n }, \"Install \", mdx(\"inlineCode\", {\n parentName: \"td\"\n }, \"wget\")), mdx(\"td\", {\n parentName: \"tr\",\n \"align\": \"right\"\n }, mdx(\"inlineCode\", {\n parentName: \"td\"\n }, \"dnf\"), \" install \", mdx(\"inlineCode\", {\n parentName: \"td\"\n }, \"wget\")), mdx(\"td\", {\n parentName: \"tr\",\n \"align\": \"right\"\n }, \"apt-get install \", mdx(\"inlineCode\", {\n parentName: \"td\"\n }, \"wget\"))), mdx(\"tr\", {\n parentName: \"tbody\"\n }, mdx(\"td\", {\n parentName: \"tr\",\n \"align\": \"right\"\n }, \"Install git\"), mdx(\"td\", {\n parentName: \"tr\",\n \"align\": \"right\"\n }, mdx(\"inlineCode\", {\n parentName: \"td\"\n }, \"dnf\"), \" install git\"), mdx(\"td\", {\n parentName: \"tr\",\n \"align\": \"right\"\n }, \"apt-get install git\")))), mdx(\"p\", null, mdx(\"strong\", {\n parentName: \"p\"\n }, \"Example for CentOS 8 Stream\")), mdx(\"pre\", null, mdx(\"code\", {\n parentName: \"pre\"\n }, \"dnf update\\ndnf install nano wget git\\n\")), mdx(\"p\", null, mdx(\"strong\", {\n parentName: \"p\"\n }, \"Example for Ubuntu 22.04\")), mdx(\"pre\", null, mdx(\"code\", {\n parentName: \"pre\"\n }, \"apt-get update\\napt-get upgrade\\napt-get install nano wget git\\n\")), mdx(\"h2\", null, \"Update the hosts\\xE2\\u20AC\\u2122 file\"), mdx(\"p\", null, \"Make sure that your \", mdx(\"inlineCode\", {\n parentName: \"p\"\n }, \"/etc/hosts\"), \" file contains a value for the hostname that you defined earlier. To edit the hosts file, use an editor like Nano.\"), mdx(\"pre\", null, mdx(\"code\", {\n parentName: \"pre\"\n }, \"127.0.0.1 iam-nonprod\\n\")), mdx(\"h2\", null, \"Settings for OpenSearch and Docker\"), mdx(\"h3\", null, \"OpenSearch\"), mdx(\"p\", null, \"OpenIAM uses OpenSearch as a search engine. To enable fast access, OpenSearch maps portions of an index into its memory address space. This is done through \", mdx(\"inlineCode\", {\n parentName: \"p\"\n }, \"nmap\"), \", a Unix system call that maps files or devices into memory. To use \", mdx(\"inlineCode\", {\n parentName: \"p\"\n }, \"mmap\"), \" effectively, OpenSearch requires sufficient \", mdx(\"inlineCode\", {\n parentName: \"p\"\n }, \"mmap\"), \" counts. The default operating system limits on \", mdx(\"inlineCode\", {\n parentName: \"p\"\n }, \"mmap\"), \" counts are inadequate for the required performance and this may result in out of memory exceptions. The required \", mdx(\"inlineCode\", {\n parentName: \"p\"\n }, \"mmap\"), \" value can be configured by setting the \", mdx(\"inlineCode\", {\n parentName: \"p\"\n }, \"vm.max_map_count\"), \" value in \", mdx(\"inlineCode\", {\n parentName: \"p\"\n }, \"/etc/sysctl.conf\"), \" to be at least 262144. To ensure that the \", mdx(\"inlineCode\", {\n parentName: \"p\"\n }, \"vm.max_map_count\"), \" persists across restarts, set this value in the \", mdx(\"inlineCode\", {\n parentName: \"p\"\n }, \"/etc/sysctl.conf\"), \" file\"), mdx(\"h3\", null, \"Disabling IPv6 on Docker Host\"), mdx(\"p\", null, \"By default, IPv6 is disabled in Docker. Disabling IPv6 on Docker host(s) prevents any potential network issues. To disable IPv6 on host(s) where Docker is running, ensure that the Docker host(s) have the following value set in \", mdx(\"inlineCode\", {\n parentName: \"p\"\n }, \"/etc/sysctl.conf\"), \": \", mdx(\"inlineCode\", {\n parentName: \"p\"\n }, \"net.ipv6.conf.all.disable_ipv6=1\"), \" and \", mdx(\"inlineCode\", {\n parentName: \"p\"\n }, \"net.ipv6.conf.default.disable_ipv6 = 1\"), \".\"), mdx(\"p\", null, \"To summarize, the \", mdx(\"inlineCode\", {\n parentName: \"p\"\n }, \"/etc/sysctl.conf\"), \" file must have the following changes.\"), mdx(\"pre\", null, mdx(\"code\", {\n parentName: \"pre\"\n }, \"vm.max_map_count=262144\\nnet.ipv6.conf.all.disable_ipv6=1\\nnet.ipv6.conf.default.disable_ipv6=1\\n\")), mdx(\"p\", null, \"Save the above changes and then run \", mdx(\"inlineCode\", {\n parentName: \"p\"\n }, \"sudo sysctl -p\"), \" to apply these settings without restarting the system.\"), mdx(\"h1\", null, \"Install the Docker engine\"), mdx(\"p\", null, \"Docker Engine is a containerization technology for building and containerizing applications. Docker Engine acts as a client-server application with:\"), mdx(\"ul\", null, mdx(\"li\", {\n parentName: \"ul\"\n }, \"A server with a long-running daemon process \", mdx(\"inlineCode\", {\n parentName: \"li\"\n }, \"dockerd\"), \".\"), mdx(\"li\", {\n parentName: \"ul\"\n }, \"APIs which specify interfaces that programs can use to talk to and instruct the Docker daemon.\"), mdx(\"li\", {\n parentName: \"ul\"\n }, \"A command line interface (CLI) client \", mdx(\"inlineCode\", {\n parentName: \"li\"\n }, \"docker\"), \".\")), mdx(\"p\", null, \"To install the docker engine, follow the OS specific steps below. For, additional information related to the installation of the docker engine can be found at:\"), mdx(\"ul\", null, mdx(\"li\", {\n parentName: \"ul\"\n }, mdx(\"a\", {\n parentName: \"li\",\n \"href\": \"https://docs.docker.com/engine/install/centos/\"\n }, \"Docker docs for CentOS / RHEL\"), \".\"), mdx(\"li\", {\n parentName: \"ul\"\n }, mdx(\"a\", {\n parentName: \"li\",\n \"href\": \"https://docs.docker.com/engine/install/ubuntu/\"\n }, \"Docker docs for Ubuntu\"), \".\")), mdx(\"h2\", null, \"Ubuntu\"), mdx(\"h3\", null, \"Setup the repository\"), mdx(\"ol\", null, mdx(\"li\", {\n parentName: \"ol\"\n }, \"Update the apt package index and install packages to allow apt to use a repository over HTTPS.\")), mdx(\"pre\", null, mdx(\"code\", {\n parentName: \"pre\"\n }, \"sudo apt-get install \\\\\\n ca-certificates \\\\\\n curl \\\\\\n gnupg \\\\\\n lsb-release\\n\")), mdx(\"ol\", {\n \"start\": 2\n }, mdx(\"li\", {\n parentName: \"ol\"\n }, \"Add Docker's official GPG Key.\")), mdx(\"pre\", null, mdx(\"code\", {\n parentName: \"pre\"\n }, \"sudo mkdir -p /etc/apt/keyrings\\ncurl -fsSL https://download.docker.com/linux/ubuntu/gpg | sudo gpg --dearmor -o /etc/apt/keyrings/docker.gpg\\n\")), mdx(\"ol\", {\n \"start\": 3\n }, mdx(\"li\", {\n parentName: \"ol\"\n }, \"Use the following command to setup the repository.\")), mdx(\"pre\", null, mdx(\"code\", {\n parentName: \"pre\"\n }, \"echo \\\\\\n \\\"deb [arch=$(dpkg --print-architecture) signed-by=/etc/apt/keyrings/docker.gpg] https://download.docker.com/linux/ubuntu \\\\\\n $(lsb_release -cs) stable\\\" | sudo tee /etc/apt/sources.list.d/docker.list > /dev/null\\n\")), mdx(\"h3\", null, \"Install the Docker engine\"), mdx(\"ol\", null, mdx(\"li\", {\n parentName: \"ol\"\n }, \"Update the apt package index.\")), mdx(\"pre\", null, mdx(\"code\", {\n parentName: \"pre\"\n }, \" sudo apt-get update\\n\")), mdx(\"div\", {\n style: {\n \"border\": \"1px solid #169998\",\n \"marginTop\": \"15px\",\n \"marginBottom\": \"15px\",\n \"paddingTop\": \"10px\",\n \"paddingBottom\": \"10px\",\n \"paddingLeft\": \"5px\",\n \"paddingRight\": \"5px\"\n }\n }, mdx(\"span\", {\n style: {\n \"color\": \"#169998\",\n \"fontWeight\": \"bold\"\n }\n }, \"Note:\"), \" If you receive a GPG error when running apt-get update, then follow the steps below. Your default umask may be incorrectly configured, preventing detection of the repository public key file.\"), mdx(\"pre\", null, mdx(\"code\", {\n parentName: \"pre\"\n }, \"sudo chmod a+r /etc/apt/keyrings/docker.gpg\\nsudo apt-get update\\n\")), mdx(\"ol\", {\n \"start\": 2\n }, mdx(\"li\", {\n parentName: \"ol\"\n }, \"Install the Docker engine, \", mdx(\"inlineCode\", {\n parentName: \"li\"\n }, \"containerd\"), \", and Docker compose plugin, by executing the following command.\")), mdx(\"pre\", null, mdx(\"code\", {\n parentName: \"pre\"\n }, \"sudo apt-get install docker-ce docker-ce-cli containerd.io docker-compose-plugin\\n\")), mdx(\"p\", null, \"You will be asked...\"), mdx(\"pre\", null, mdx(\"code\", {\n parentName: \"pre\"\n }, \"Restarting services...\\nDaemons using outdated libraries\\n--------------------------------\\n\\n 1. systemd-journald.service 2. systemd-logind.service 3. systemd-manager 4. systemd-networkd.service 5. systemd-resolved.service 6. user@1000.service 7. none of the above\\n\\nWhich services should be restarted?\\n\")), mdx(\"p\", null, \"... enter the items or ranges you want to select, separated by spaces, as shown below.\"), mdx(\"p\", null, mdx(\"span\", {\n parentName: \"p\",\n \"className\": \"gatsby-resp-image-wrapper\",\n \"style\": {\n \"position\": \"relative\",\n \"display\": \"block\",\n \"marginLeft\": \"auto\",\n \"marginRight\": \"auto\",\n \"maxWidth\": \"1035px\"\n }\n }, \"\\n \", mdx(\"a\", {\n parentName: \"span\",\n \"className\": \"gatsby-resp-image-link\",\n \"href\": \"/docs-2026.5.2/static/0229b310f9024c25ce4c176965d13abc/1e5d2/2-docker-installation-services.png\",\n \"style\": {\n \"display\": \"block\"\n },\n \"target\": \"_blank\",\n \"rel\": \"noopener\"\n }, \"\\n \", mdx(\"span\", {\n parentName: \"a\",\n \"className\": \"gatsby-resp-image-background-image\",\n \"style\": {\n \"paddingBottom\": \"12.741312741312742%\",\n \"position\": \"relative\",\n \"bottom\": \"0\",\n \"left\": \"0\",\n \"backgroundImage\": \"url('data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABQAAAADCAYAAACTWi8uAAAACXBIWXMAABJ0AAASdAHeZh94AAAAUUlEQVQI16WOUQrAMAhDLa1S1MDuf9kMS9vvwT4eJiiJ4u5UM6oqReQ/mcmIWIGFqXGMQdslvfdbWLp25/b44mhJgEASwAqez7xhrbXP1Hc1Xxg5Pi+YuVryAAAAAElFTkSuQmCC')\",\n \"backgroundSize\": \"cover\",\n \"display\": \"block\"\n }\n }), \"\\n \", mdx(\"img\", {\n parentName: \"a\",\n \"className\": \"gatsby-resp-image-image\",\n \"alt\": \"Services to restart\",\n \"title\": \"Services to restart\",\n \"src\": \"/docs-2026.5.2/static/0229b310f9024c25ce4c176965d13abc/e3189/2-docker-installation-services.png\",\n \"srcSet\": [\"/docs-2026.5.2/static/0229b310f9024c25ce4c176965d13abc/a2ead/2-docker-installation-services.png 259w\", \"/docs-2026.5.2/static/0229b310f9024c25ce4c176965d13abc/6b9fd/2-docker-installation-services.png 518w\", \"/docs-2026.5.2/static/0229b310f9024c25ce4c176965d13abc/e3189/2-docker-installation-services.png 1035w\", \"/docs-2026.5.2/static/0229b310f9024c25ce4c176965d13abc/44d59/2-docker-installation-services.png 1553w\", \"/docs-2026.5.2/static/0229b310f9024c25ce4c176965d13abc/1e5d2/2-docker-installation-services.png 1630w\"],\n \"sizes\": \"(max-width: 1035px) 100vw, 1035px\",\n \"style\": {\n \"width\": \"100%\",\n \"height\": \"100%\",\n \"margin\": \"0\",\n \"verticalAlign\": \"middle\",\n \"position\": \"absolute\",\n \"top\": \"0\",\n \"left\": \"0\"\n },\n \"loading\": \"lazy\",\n \"decoding\": \"async\"\n }), \"\\n \"), \"\\n \")), mdx(\"p\", null, \"To verify the services use the \", mdx(\"inlineCode\", {\n parentName: \"p\"\n }, \"systectl status docker\"), \" command.\"), mdx(\"h2\", null, \"CentOS 9 Stream / RHEL 9\"), mdx(\"h3\", null, \"Setup the repository\"), mdx(\"ol\", null, mdx(\"li\", {\n parentName: \"ol\"\n }, \"Install the yum-utils package (which provides the yum-config-manager utility) and set up the stable repository.\")), mdx(\"pre\", null, mdx(\"code\", {\n parentName: \"pre\"\n }, \"yum install -y yum-utils\\n\\nyum-config-manager \\\\\\n --add-repo \\\\\\n https://download.docker.com/linux/centos/docker-ce.repo\\n\")), mdx(\"h3\", null, \"Install the Docker engine\"), mdx(\"ol\", null, mdx(\"li\", {\n parentName: \"ol\"\n }, \"Install the latest version of Docker Engine and \", mdx(\"inlineCode\", {\n parentName: \"li\"\n }, \"containerd\"), \". The next step is to start the engine.\")), mdx(\"pre\", null, mdx(\"code\", {\n parentName: \"pre\"\n }, \"yum install docker-ce docker-ce-cli containerd.io\\nsystemctl start docker\\nsystemctl enable docker.service\\nsystemctl enable containerd.service\\nsystemctl service docker\\ndocker -v\\n\")), mdx(\"h3\", null, \"Install Docker compose\"), mdx(\"p\", null, \"Compose is a tool for defining and running multi-container Docker applications such as OpenIAM. With Compose, you use a YAML file to configure your application\\xE2\\u20AC\\u2122s services. Then, with a single command, you create and start all the services from your configuration. The procedure described below installs version 1.28.2 of Docker Compose on your system.\"), mdx(\"ol\", null, mdx(\"li\", {\n parentName: \"ol\"\n }, \"Run the command below to download the current stable release of Docker Compose.\")), mdx(\"pre\", null, mdx(\"code\", {\n parentName: \"pre\"\n }, \" curl -L \\\"https://github.com/docker/compose/releases/download/1.28.2/docker-compose-$(uname -s)-$(uname -m)\\\" -o /usr/local/bin/docker-compose\\nmv /usr/local/bin/docker-compose /usr/bin/docker-compose\\nchmod +x /usr/bin/docker-compose\\ndocker-compose --version\\n\")), mdx(\"ol\", {\n \"start\": 2\n }, mdx(\"li\", {\n parentName: \"ol\"\n }, \"Apply executable permissions to the binary.\")), mdx(\"pre\", null, mdx(\"code\", {\n parentName: \"pre\"\n }, \"chmod +x /usr/local/bin/docker-compose\\n\")), mdx(\"p\", null, \"To check the version of docker compose, run the command below.\"), mdx(\"pre\", null, mdx(\"code\", {\n parentName: \"pre\"\n }, \"docker-compose --version\\n\")), mdx(\"h3\", null, \"Verify that Docker engine is installed correctly\"), mdx(\"p\", null, \"Run the \", mdx(\"inlineCode\", {\n parentName: \"p\"\n }, \"hello-world\"), \" image.\"), mdx(\"pre\", null, mdx(\"code\", {\n parentName: \"pre\"\n }, \"docker run hello-world\\n\")), mdx(\"div\", {\n style: {\n \"border\": \"1px solid #169998\",\n \"marginTop\": \"15px\",\n \"marginBottom\": \"15px\",\n \"paddingTop\": \"10px\",\n \"paddingBottom\": \"10px\",\n \"paddingLeft\": \"5px\",\n \"paddingRight\": \"5px\"\n }\n }, mdx(\"span\", {\n style: {\n \"color\": \"#169998\",\n \"fontWeight\": \"bold\"\n }\n }, \"Note:\"), \" If you get the following response when running \", mdx(\"span\", {\n style: {\n \"fontWeight\": \"bold\"\n }\n }, \"docker run hello-world\"), \", then use the work-around below.\"), mdx(\"blockquote\", null, mdx(\"blockquote\", {\n parentName: \"blockquote\"\n }, mdx(\"p\", {\n parentName: \"blockquote\"\n }, \"Status: Downloaded newer image for hello-world:latest\\ndocker: Error response from daemon: cgroups: cgroup mountpoint does not exist: unknown.\\nERRO\", \"[0001]\", \" error waiting for container: context canceled\"))), mdx(\"p\", null, mdx(\"strong\", {\n parentName: \"p\"\n }, \"Solution:\")), mdx(\"pre\", null, mdx(\"code\", {\n parentName: \"pre\"\n }, \"mkdir /sys/fs/cgroup/systemd\\nmount -t cgroup -o none,name=systemd cgroup /sys/fs/cgroup/systemd\\ndocker run hello-world\\n\\n\")), mdx(\"p\", null, \"After successfully running the \", mdx(\"inlineCode\", {\n parentName: \"p\"\n }, \"hello-world\"), \" test, we can proceed to installing the application.\"), mdx(\"p\", null, \"Log into OpenIAM Container Registry. In order to login to the container registry over cli use the below command.\"), mdx(\"pre\", null, mdx(\"code\", {\n parentName: \"pre\"\n }, \"docker login -u {your_name} -p {your_password} registry.openiam.com\\n\")), mdx(\"h2\", null, \"Enable cgroups-v1 support on Ubuntu 24.04 LTS\"), mdx(\"p\", null, \"Ubuntu 24.04 LTS uses \", mdx(\"strong\", {\n parentName: \"p\"\n }, \"cgroup v2\"), \" by default. However, some Docker-based components (such as Elastic Stack images) still rely on \", mdx(\"strong\", {\n parentName: \"p\"\n }, \"cgroup v1\"), \" for memory and resource control. Hence, the cgroup v1 \", mdx(\"strong\", {\n parentName: \"p\"\n }, \"need to be enabled\"), \". The steps below provide guidance on how to do it on Ubuntu 24.04 LTS.\"), mdx(\"ol\", null, mdx(\"li\", {\n parentName: \"ol\"\n }, \"Run the following command to verify and confirm the operating system version.\")), mdx(\"pre\", null, mdx(\"code\", {\n parentName: \"pre\"\n }, \"cat /etc/os-release\\n\")), mdx(\"p\", null, \"Ensure the output \", mdx(\"strong\", {\n parentName: \"p\"\n }, \"confirms Ubuntu 24.04 LTS\"), \" (Noble Numbat).\\n2. Check Docker\\xE2\\u20AC\\u2122s cgroup configuration and kernel status with the following commands.\"), mdx(\"pre\", null, mdx(\"code\", {\n parentName: \"pre\"\n }, \"docker info | grep -i cgroup\\ncat /proc/cgroups\\n\")), mdx(\"p\", null, \"This helps confirm whether the system is currently using cgroup v2.\\n3. View the current GRUB configuration:\"), mdx(\"pre\", null, mdx(\"code\", {\n parentName: \"pre\"\n }, \"cat /etc/default/grub\\n\")), mdx(\"p\", null, \"Create a backup copy before making changes as follows.\"), mdx(\"pre\", null, mdx(\"code\", {\n parentName: \"pre\"\n }, \"sudo cp /etc/default/grub /root/\\n\")), mdx(\"ol\", {\n \"start\": 4\n }, mdx(\"li\", {\n parentName: \"ol\"\n }, \"Edit GRUB Configuration. Open the GRUB configuration file in a text editor\")), mdx(\"pre\", null, mdx(\"code\", {\n parentName: \"pre\"\n }, \"sudo vi /etc/default/grub\\n\")), mdx(\"p\", null, \"Modify or append the following parameters.\"), mdx(\"pre\", null, mdx(\"code\", {\n parentName: \"pre\"\n }, \"GRUB_CMDLINE_LINUX_DEFAULT=\\\"quiet splash systemd.unified_cgroup_hierarchy=0 systemd.legacy_systemd_cgroup_controller=yes\\\"\\nGRUB_CMDLINE_LINUX=\\\"systemd.unified_cgroup_hierarchy=0 systemd.legacy_systemd_cgroup_controller=yes\\\"\\n\")), mdx(\"ol\", {\n \"start\": 5\n }, mdx(\"li\", {\n parentName: \"ol\"\n }, \"Apply GRUB changes. Update GRUB to apply the configuration changes with the following command.\")), mdx(\"pre\", null, mdx(\"code\", {\n parentName: \"pre\"\n }, \"sudo update-grub\\n\")), mdx(\"ol\", {\n \"start\": 6\n }, mdx(\"li\", {\n parentName: \"ol\"\n }, \"Reboot the system to load the new kernel parameters.\")), mdx(\"pre\", null, mdx(\"code\", {\n parentName: \"pre\"\n }, \"sudo reboot\\n\")), mdx(\"ol\", {\n \"start\": 7\n }, mdx(\"li\", {\n parentName: \"ol\"\n }, \"After the system reboots, verify that cgroup v1 is active as follows.\")), mdx(\"pre\", null, mdx(\"code\", {\n parentName: \"pre\"\n }, \"mount | grep cgroup\\ncat /proc/cgroups\\ndocker info | grep -i cgroup\\n\")), mdx(\"p\", null, \"You should see individual cgroup subsystems instead of unified cgroup2.\\n8. Restart Docker service\\nIf Docker is already installed, restart its service after reboot:\"), mdx(\"pre\", null, mdx(\"code\", {\n parentName: \"pre\"\n }, \"sudo systemctl restart docker\\n\")), mdx(\"p\", null, \"Use the following checks to \", mdx(\"strong\", {\n parentName: \"p\"\n }, \"confirm successful configuration\"), \".\"), mdx(\"ul\", null, mdx(\"li\", {\n parentName: \"ul\"\n }, mdx(\"inlineCode\", {\n parentName: \"li\"\n }, \"mount | grep cgroup\"), \" shows multiple subsystems (cpu, memory, blkio, etc.)\"), mdx(\"li\", {\n parentName: \"ul\"\n }, mdx(\"inlineCode\", {\n parentName: \"li\"\n }, \"cat /proc/cgroups\"), \". Enabled = 1 for active controllers.\"), mdx(\"li\", {\n parentName: \"ul\"\n }, mdx(\"inlineCode\", {\n parentName: \"li\"\n }, \"docker info\"), \". Displays 'Cgroup Version: 1'.\")), mdx(\"h1\", null, \"Configuring Port Assignments in OpenIAM Docker Deployment (Optional)\"), mdx(\"p\", null, \"This section outlines the process for modifying port assignments for the \", mdx(\"strong\", {\n parentName: \"p\"\n }, \"Reverse Proxy\"), \" and \", mdx(\"strong\", {\n parentName: \"p\"\n }, \"UI Service\"), \" in an OpenIAM Docker environment.\"), mdx(\"h2\", null, \"Reverse Proxy Port Configuration\"), mdx(\"p\", null, \"By default, the UI service is accessible only via the reverse proxy. If you need to modify the exposed port for the reverse proxy, follow these steps:\"), mdx(\"ol\", null, mdx(\"li\", {\n parentName: \"ol\"\n }, mdx(\"p\", {\n parentName: \"li\"\n }, \"Open the \", mdx(\"inlineCode\", {\n parentName: \"p\"\n }, \"docker-compose.yaml\"), \" file for the reverse proxy:\"), mdx(\"ul\", {\n parentName: \"li\"\n }, mdx(\"li\", {\n parentName: \"ul\"\n }, mdx(\"strong\", {\n parentName: \"li\"\n }, \"File location:\"), mdx(\"br\", {\n parentName: \"li\"\n }), mdx(\"a\", {\n parentName: \"li\",\n \"href\": \"https://bitbucket.org/openiam/openiam-docker-compose/src/5006bbca71707f7375f383c8c5415f0734dc2139/3.2/rproxy/docker-compose.yaml\"\n }, mdx(\"inlineCode\", {\n parentName: \"a\"\n }, \"rproxy/docker-compose.yaml\")), \" \"), mdx(\"li\", {\n parentName: \"ul\"\n }, \"Navigate to \", mdx(\"strong\", {\n parentName: \"li\"\n }, \"line 41\"), \", where the \", mdx(\"inlineCode\", {\n parentName: \"li\"\n }, \"ports\"), \" configuration is set.\"))), mdx(\"li\", {\n parentName: \"ol\"\n }, mdx(\"p\", {\n parentName: \"li\"\n }, \"Update the \", mdx(\"strong\", {\n parentName: \"p\"\n }, \"published port\"), \":\"), mdx(\"ul\", {\n parentName: \"li\"\n }, mdx(\"li\", {\n parentName: \"ul\"\n }, \"Locate the following entry:\", mdx(\"pre\", {\n parentName: \"li\"\n }, mdx(\"code\", {\n parentName: \"pre\"\n }, \"published: 80\\n\"))), mdx(\"li\", {\n parentName: \"ul\"\n }, \"Replace \", mdx(\"inlineCode\", {\n parentName: \"li\"\n }, \"80\"), \" with the desired port number.\"))), mdx(\"li\", {\n parentName: \"ol\"\n }, mdx(\"p\", {\n parentName: \"li\"\n }, \"Restart the application to apply changes:\"), mdx(\"pre\", {\n parentName: \"li\"\n }, mdx(\"code\", {\n parentName: \"pre\",\n \"className\": \"language-sh\"\n }, \"./shutdown.sh\\n./startup.sh\\n\")))), mdx(\"h2\", null, \"Exposing UI Service Port\"), mdx(\"p\", null, \"By default, the UI service is \", mdx(\"strong\", {\n parentName: \"p\"\n }, \"not exposed\"), \" to the host and is accessible only via the reverse proxy. If a customer requires \", mdx(\"strong\", {\n parentName: \"p\"\n }, \"direct access\"), \" to the UI service, you can manually expose its port by modifying the \", mdx(\"inlineCode\", {\n parentName: \"p\"\n }, \"docker-compose.yaml\"), \" file for the UI service.\"), mdx(\"h3\", null, \"Steps to Expose the UI Service Port\"), mdx(\"ol\", null, mdx(\"li\", {\n parentName: \"ol\"\n }, mdx(\"p\", {\n parentName: \"li\"\n }, \"Open the \", mdx(\"inlineCode\", {\n parentName: \"p\"\n }, \"docker-compose.yaml\"), \" file for the UI service:\"), mdx(\"ul\", {\n parentName: \"li\"\n }, mdx(\"li\", {\n parentName: \"ul\"\n }, mdx(\"strong\", {\n parentName: \"li\"\n }, \"File location:\"), mdx(\"br\", {\n parentName: \"li\"\n }), mdx(\"a\", {\n parentName: \"li\",\n \"href\": \"https://bitbucket.org/openiam/openiam-docker-compose/src/main/3.2/ui/docker-compose.yaml\"\n }, mdx(\"inlineCode\", {\n parentName: \"a\"\n }, \"ui/docker-compose.yaml\"))))), mdx(\"li\", {\n parentName: \"ol\"\n }, mdx(\"p\", {\n parentName: \"li\"\n }, \"Add the following \", mdx(\"inlineCode\", {\n parentName: \"p\"\n }, \"ports\"), \" block to the service definition:\"), mdx(\"pre\", {\n parentName: \"li\"\n }, mdx(\"code\", {\n parentName: \"pre\"\n }, \"ports: \\n - target: 8080 \\n published: 8088\\n protocol: tcp \\n mode: host\\n\")))), mdx(\"ul\", null, mdx(\"li\", {\n parentName: \"ul\"\n }, \"Replace \", mdx(\"inlineCode\", {\n parentName: \"li\"\n }, \"8088\"), \" with the desired port number.\")), mdx(\"ol\", {\n \"start\": 3\n }, mdx(\"li\", {\n parentName: \"ol\"\n }, \"Restart the UI service to apply the changes.\")), mdx(\"h1\", null, \"Installing the OpenIAM application\"), mdx(\"p\", null, \"The installation process allows for a significant amount of flexibility. The steps below describe the minimum number of parameters which need to be configured to install on a single VM. Additional details in the sections referenced by the table below. If you are new to OpenIAM, we recommend starting with the simpler path with a more limited set of options.\"), mdx(\"h2\", null, \"Clone the OpenIAM Docker repository\"), mdx(\"p\", null, \"Next, we need to clone the \", mdx(\"strong\", {\n parentName: \"p\"\n }, \"OpenIAM docker compose\"), \" repository from OpenIAM's Git Repository. This project contains scripts that set environment variables, start and stop the container services. To clone the repository, follow the steps below.\"), mdx(\"p\", null, mdx(\"em\", {\n parentName: \"p\"\n }, \"They should be performed in a Linux terminal window.\")), mdx(\"pre\", null, mdx(\"code\", {\n parentName: \"pre\"\n }, \"mkdir -p /usr/local/openiam\\ncd /usr/local/openiam\\ngit clone https://bitbucket.org/openiam/openiam-docker-compose.git\\ncd openiam-docker-compose/\\ngit checkout RELEASE-2026.5.2\\n\")), mdx(\"p\", null, \"The cloned repository will contain the following scripts.\"), mdx(\"table\", null, mdx(\"thead\", {\n parentName: \"table\"\n }, mdx(\"tr\", {\n parentName: \"thead\"\n }, mdx(\"th\", {\n parentName: \"tr\",\n \"align\": \"right\"\n }, \"Script\"), mdx(\"th\", {\n parentName: \"tr\",\n \"align\": \"right\"\n }, \"Description\"))), mdx(\"tbody\", {\n parentName: \"table\"\n }, mdx(\"tr\", {\n parentName: \"tbody\"\n }, mdx(\"td\", {\n parentName: \"tr\",\n \"align\": \"right\"\n }, \"env.sh\"), mdx(\"td\", {\n parentName: \"tr\",\n \"align\": \"right\"\n }, \"File containing environment variables. The required environment variables can be updated and added in this file. The \", mdx(\"inlineCode\", {\n parentName: \"td\"\n }, \"env.sh\"), \" file is sourced during the installation process and the export statements in this file are executed.\")), mdx(\"tr\", {\n parentName: \"tbody\"\n }, mdx(\"td\", {\n parentName: \"tr\",\n \"align\": \"right\"\n }, \"setup.sh\"), mdx(\"td\", {\n parentName: \"tr\",\n \"align\": \"right\"\n }, \"Script for setting up and updating the OpenIAM configuration. During the initial OpenIAM deployment, this script initializes the network and pulls the latest images from the OpenIAM repository on OpenIAM Container Registry. When updating the OpenIAM deployment, running this script pulls newer images from the OpenIAM Container Registry.\")), mdx(\"tr\", {\n parentName: \"tbody\"\n }, mdx(\"td\", {\n parentName: \"tr\",\n \"align\": \"right\"\n }, \"startup.sh\"), mdx(\"td\", {\n parentName: \"tr\",\n \"align\": \"right\"\n }, \"Script for starting up the OpenIAM instance. When updating the OpenIAM deployment, running this script updates the configuration on your system with the latest release updates.\")), mdx(\"tr\", {\n parentName: \"tbody\"\n }, mdx(\"td\", {\n parentName: \"tr\",\n \"align\": \"right\"\n }), mdx(\"td\", {\n parentName: \"tr\",\n \"align\": \"right\"\n }, mdx(\"strong\", {\n parentName: \"td\"\n }, \"Warning: Please do not modify this script in any way.\"))), mdx(\"tr\", {\n parentName: \"tbody\"\n }, mdx(\"td\", {\n parentName: \"tr\",\n \"align\": \"right\"\n }, \"shutdown.sh\"), mdx(\"td\", {\n parentName: \"tr\",\n \"align\": \"right\"\n }, \"Script for shutting down all OpenIAM stacks, except volumes.\")), mdx(\"tr\", {\n parentName: \"tbody\"\n }, mdx(\"td\", {\n parentName: \"tr\",\n \"align\": \"right\"\n }, \"teardown.sh\"), mdx(\"td\", {\n parentName: \"tr\",\n \"align\": \"right\"\n }, \"Script for tearing down all OpenIAM stacks, volumes, and networks.\")), mdx(\"tr\", {\n parentName: \"tbody\"\n }, mdx(\"td\", {\n parentName: \"tr\",\n \"align\": \"right\"\n }, \"generate.cert.sh\"), mdx(\"td\", {\n parentName: \"tr\",\n \"align\": \"right\"\n }, \"Script to generate certificates or Vault authentication.\")))), mdx(\"p\", null, mdx(\"strong\", {\n parentName: \"p\"\n }, \"Additional configuration options\")), mdx(\"table\", null, mdx(\"thead\", {\n parentName: \"table\"\n }, mdx(\"tr\", {\n parentName: \"thead\"\n }, mdx(\"th\", {\n parentName: \"tr\",\n \"align\": \"right\"\n }, \"Section\"), mdx(\"th\", {\n parentName: \"tr\",\n \"align\": \"right\"\n }, \"Description\"))), mdx(\"tbody\", {\n parentName: \"table\"\n }, mdx(\"tr\", {\n parentName: \"tbody\"\n }, mdx(\"td\", {\n parentName: \"tr\",\n \"align\": \"right\"\n }, mdx(\"a\", {\n parentName: \"td\",\n \"href\": \"2-docker-installation/4-YAML-files\"\n }, \"YAML files\")), mdx(\"td\", {\n parentName: \"tr\",\n \"align\": \"right\"\n }, \"YAML configuration files are provided for the services and infrastructure components used within OpenIAM. These files provide configuration information for the containers.\")), mdx(\"tr\", {\n parentName: \"tbody\"\n }, mdx(\"td\", {\n parentName: \"tr\",\n \"align\": \"right\"\n }, mdx(\"a\", {\n parentName: \"td\",\n \"href\": \"2-docker-installation/2-Configuration-options\"\n }, \"Configuration options\")), mdx(\"td\", {\n parentName: \"tr\",\n \"align\": \"right\"\n }, \"Configuration options which will be used during installation.\")))), mdx(\"h2\", null, \"Set the community edition flag\"), mdx(\"p\", null, \"To ensure that the following steps pull the correct container images, update the \", mdx(\"inlineCode\", {\n parentName: \"p\"\n }, \"/usr/local/openiam/openiam-docker-compose/env.sh\"), \" file so the \", mdx(\"em\", {\n parentName: \"p\"\n }, \"production tag\"), \" is referenced by setting the \", mdx(\"inlineCode\", {\n parentName: \"p\"\n }, \"BUILD_ENVIRONMENT=\\\"dev\\\"\"), \" to \", mdx(\"inlineCode\", {\n parentName: \"p\"\n }, \"BUILD_ENVIRONMENT=\\\"prod\\\"\"), \".\"), mdx(\"p\", null, \"The result should look like in the example below.\"), mdx(\"pre\", null, mdx(\"code\", {\n parentName: \"pre\"\n }, \"...\\nexport BUILD_ENVIRONMENT=\\\"prod\\\"\\n...\\n\")), mdx(\"h2\", null, \"Initialize Vault\"), mdx(\"p\", null, \"OpenIAM uses a Vault to store secrets, such as database passwords, Redis passwords, etc. Communication with the Vault occurs via a certificate. Follow the steps below to generate the certificate.\"), mdx(\"ul\", null, mdx(\"li\", {\n parentName: \"ul\"\n }, \"Edit the \", mdx(\"inlineCode\", {\n parentName: \"li\"\n }, \"/usr/local/openiam/openiam-docker-compose/env.sh\"), \" file which was downloaded from the openiam-docker-compose project above.\"), mdx(\"li\", {\n parentName: \"ul\"\n }, \"Set the \", mdx(\"inlineCode\", {\n parentName: \"li\"\n }, \"VAULT_JKS_PASSWORD\"), \" in the env.sh file. This password can be anything that you want.\"), mdx(\"li\", {\n parentName: \"ul\"\n }, \"Run the command, shown below, to generate a CA Certificate.\"), mdx(\"li\", {\n parentName: \"ul\"\n }, \"In the Enterprise version, you have the option to use an existing CA Certificate from a trusted CA.\")), mdx(\"pre\", null, mdx(\"code\", {\n parentName: \"pre\"\n }, \"cd /usr/local/openiam/openiam-docker-compose\\nsudo ./generate.cert.sh\\n\")), mdx(\"p\", null, \"You should see output like the example shown below.\"), mdx(\"pre\", null, mdx(\"code\", {\n parentName: \"pre\"\n }, \"SQL Files exist\\nThis script will generate a keypair that vault will use. Make sure to first set VAULT_JKS_PASSWORD in env.sh\\nPress enter to continue\\nCertificate request self-signature ok\\nsubject=C = CZ, ST = Test, L = Test, O = Test, OU = Test, CN = vault\\nWarning: -clcerts option ignored with -export\\nwriting RSA key\\n\")), mdx(\"p\", null, \"Upon successful completion of the above operation, you should also see several certificates related files as shown in the image below.\"), mdx(\"pre\", null, mdx(\"code\", {\n parentName: \"pre\"\n }, \"-rw-r--r-- 1 root root 1302 Jan 29 03:09 vault.ca.crt\\n-rw------- 1 root root 1704 Jan 29 03:09 vault.ca.key\\n-rw-r--r-- 1 root root 1180 Jan 29 03:09 vault.crt\\n-rw-r--r-- 1 root root 985 Jan 29 03:09 vault.csr\\n-rw-r--r-- 1 root root 2 Jan 29 03:09 vault.file.srl\\n-rw------- 1 root root 2579 Jan 29 03:09 vault.jks\\n-rw------- 1 root root 1704 Jan 29 03:09 vault.key\\n-rw------- 1 root root 1704 Jan 29 03:09 vault.no_pem.key\\n-rw------- 1 root root 2579 Jan 29 03:09 vault.p12\\n\")), mdx(\"h2\", null, \"Define database ports\"), mdx(\"p\", null, \"Starting with V4.2.0, OpenIAM uses Flyway to manage database schema generation and migrations from one version to the next. This ensures that your database is properly versioned and up to date. OpenIAM supports Flyway versioning for MariaDB, PostgreSQL, and MSSQL, and Oracle 12.2+.\"), mdx(\"p\", null, \"The \", mdx(\"inlineCode\", {\n parentName: \"p\"\n }, \"env.sh\"), \" file defines properties which will be used by Flyway.\"), mdx(\"p\", null, \"At a minimum, you will need to define to set the following parameters.\"), mdx(\"ol\", null, mdx(\"li\", {\n parentName: \"ol\"\n }, \"To enable Flyway, set the following properties in\", mdx(\"inlineCode\", {\n parentName: \"li\"\n }, \" env.sh\"), \".\")), mdx(\"ul\", null, mdx(\"li\", {\n parentName: \"ul\"\n }, mdx(\"inlineCode\", {\n parentName: \"li\"\n }, \"DB_TYPE\"), \" - This parameter defines the type of database that you will be using as the OpenIAM product repository. My default this value is set to \\\"MariaDB\\\" which is installed by default.\"), mdx(\"li\", {\n parentName: \"ul\"\n }, mdx(\"inlineCode\", {\n parentName: \"li\"\n }, \"FLYWAY_OPENIAM_HOST\"), \" \\xE2\\u20AC\\u201C Is a host where the OpenIAM database will be residing. This is the primary product schema. If you are using MariaDB or PostgreSQL in a Docker container, set it to \", mdx(\"inlineCode\", {\n parentName: \"li\"\n }, \"database\"), \".\"), mdx(\"li\", {\n parentName: \"ul\"\n }, mdx(\"inlineCode\", {\n parentName: \"li\"\n }, \"FLYWAY_OPENIAM_PORT\"), \" \\xE2\\u20AC\\u201C Is a port where the OpenIAM database will be running. Default ports for the supported databases include:\", mdx(\"ul\", {\n parentName: \"li\"\n }, mdx(\"li\", {\n parentName: \"ul\"\n }, \"MariaDB=3306.\"), mdx(\"li\", {\n parentName: \"ul\"\n }, \"Postgres=5432.\"), mdx(\"li\", {\n parentName: \"ul\"\n }, \"Oracle=1521.\"), mdx(\"li\", {\n parentName: \"ul\"\n }, \"Microsoft SQL Server=1433.\"))), mdx(\"li\", {\n parentName: \"ul\"\n }, mdx(\"inlineCode\", {\n parentName: \"li\"\n }, \"FLYWAY_ACTIVITI_HOST\"), \" - Is a host where the Activti database will be residing. Activiti is the database used by the workflow engine. If you are using MariaDB or PostgreSQL in a Docker container, set it to \", mdx(\"inlineCode\", {\n parentName: \"li\"\n }, \"database\"), \".\"), mdx(\"li\", {\n parentName: \"ul\"\n }, mdx(\"inlineCode\", {\n parentName: \"li\"\n }, \"FLYWAY_ACTIVITI_PORT\"), \" \\xE2\\u20AC\\u201C Is a port where Activiti database, which is used by the workflow engine, will be running.\")), mdx(\"p\", null, \"Example below shows the settings for MariaDB.\"), mdx(\"pre\", null, mdx(\"code\", {\n parentName: \"pre\"\n }, \"export DB_TYPE=\\\"MariaDB\\\"\\n...\\n\\n# port of the activiti database. If using mariadb, this is likely '3306'. If using postgres, this is likely '5432'\\nexport FLYWAY_ACTIVITI_PORT=3306\\n\\n# host of the activiti database. If using mariadb or postgres in docker, this is likely 'database'\\nexport FLYWAY_ACTIVITI_HOST=database\\n\\n# port of the openiam database. If using mariadb, this is likely '3306'. If using mariadb, this is likely '3306'. If using postgres, this is likely '5432'\\nexport FLYWAY_OPENIAM_PORT=3306\\n\\n# host of the openiam database. If using mariadb or postgres in docker, this is likely 'database'\\nexport FLYWAY_OPENIAM_HOST=database\\n\")), mdx(\"h2\", null, \"Initialize Docker Swarm\"), mdx(\"p\", null, \"Docker uses swarms for cluster management and orchestration features of Docker Engine, the technology for containerizing applications. Docker engines participating in a cluster run in the swarm mode. The swarm mode is enabled by either initializing a swarm, as in the command above, or by joining an existing swarm. For more information, see \", mdx(\"a\", {\n parentName: \"p\",\n \"href\": \"https://docs.docker.com/engine/swarm/\"\n }, \"Docker swarm\"), \" and \", mdx(\"a\", {\n parentName: \"p\",\n \"href\": \"https://docs.docker.com/engine/swarm/key-concepts/\"\n }, \"Swarm mode key concepts\"), \" documentation.\"), mdx(\"p\", null, \"Make sure that you initialize the Docker swarm. Log into Docker and initialize the swarm by entering the following command in a terminal.\"), mdx(\"pre\", null, mdx(\"code\", {\n parentName: \"pre\"\n }, \"sudo docker swarm init\\n\")), mdx(\"p\", null, \"You will see output like the following.\"), mdx(\"pre\", null, mdx(\"code\", {\n parentName: \"pre\"\n }, \"Swarm initialized: current node (7risfc2161nwzir4a65po3lro) is now a manager.\\n\\nTo add a worker to this swarm, run the following command:\\n\\n docker swarm join --token SWMTKN-1-15mdug8xi71uap0dgaayqi2ohhl8qxaaeg7m8k6q015yiuqt0j-6ip90bh1rm2td8y9baoya4qlx 173.231.56.82:2377\\n\\nTo add a manager to this swarm, run 'docker swarm join-token manager' and follow the instructions.\\n\")), mdx(\"h2\", null, \"Open ports for Docker Swarm\"), mdx(\"p\", null, \"By default, the shell scripts provided by OpenIAM deploy to the Docker Swarm. You must ensure that the necessary ports are opened otherwise the manager and worker node(s) will not be able to communicate with each other.\"), mdx(\"p\", null, mdx(\"strong\", {\n parentName: \"p\"\n }, \"Important\"), \". Please consider this information about ports above 30000 used by the swarm from the load balancing section of Docker documentation:\"), mdx(\"blockquote\", null, mdx(\"blockquote\", {\n parentName: \"blockquote\"\n }, mdx(\"p\", {\n parentName: \"blockquote\"\n }, \"The swarm manager uses ingress load balancing to expose the services you want to make available externally to the swarm. The swarm manager can automatically assign the service a PublishedPort or you can configure a PublishedPort for the service. You can specify any unused port. If you do not specify a port, the swarm manager assigns the service a port in the 30000-32767 range.\"))), mdx(\"h2\", null, \"Pull the Docker images\"), mdx(\"p\", null, \"To setup (and/or update) your configuration, you can run the \", mdx(\"inlineCode\", {\n parentName: \"p\"\n }, \"setup.sh\"), \" script. This will initialize the network and pull the latest images from OpenIAM Container Registry.\"), mdx(\"p\", null, \"The users, \", mdx(\"em\", {\n parentName: \"p\"\n }, \"familiar with OpenIAM\"), \", can modify the script as required by your internal needs.\"), mdx(\"p\", null, \"Run the setup.sh script as shown below to pull the docker images form OpenIAM Container Registry.\"), mdx(\"pre\", null, mdx(\"code\", {\n parentName: \"pre\"\n }, \"sudo ./setup.sh\\n\")), mdx(\"p\", null, \"This process will take several minutes. Upon successful completion, you will see the following lines at the end.\"), mdx(\"pre\", null, mdx(\"code\", {\n parentName: \"pre\"\n }, \"...\\nDigest: sha256:0bb33339f0c06d781eaffb3e78e296f4ad8d1474915e7872e5a9094a8da9ee76\\nStatus: Downloaded newer image for registry.openiam.com/openiam_infra/vault-ce:alpine-2026.5.2-prod\\ndocker.io/registry.openiam.com/openiam_infra/vault-ce:alpine-2026.5.2-prod\\n+ docker pull registry.openiam.com/openiam_infra/vault-bootstrap-ce:alpine-2026.5.2-prod\\nalpine-2026.5.2-prod: Pulling from registry.openiam.com/openiam_infra/vault-bootstrap-ce\\n2408cc74d12b: Pull complete\\ne23a669031d3: Pull complete\\n58d03b857787: Pull complete\\n57690cd8fe01: Pull complete\\nd7ddacc22990: Pull complete\\n601a9aa2e412: Pull complete\\n7286a0f9c14c: Pull complete\\n064aa39d2270: Pull complete\\n9ac4bee4a2c2: Pull complete\\n6f8406638991: Pull complete\\n1a60362ddd04: Pull complete\\naf7fa38835b7: Pull complete\\n45dc28dcb82d: Pull complete\\nDigest: sha256:ef2fadb1bdeded40372a7caf5346e10f9a75b79f4a63db21596ede03c2000ca8\\nStatus: Downloaded newer image for registry.openiam.com/openiam_infra/vault-bootstrap-ce:alpine-2026.5.2-prod\\ndocker.io/registry.openiam.com/openiam_infra/vault-bootstrap-ce:alpine-2026.5.2-prod\\n+ docker pull registry.openiam.com/openiam_service/ui-ce:debian-2026.5.2-prod\\ndebian-2026.5.2-prod: Pulling from registry.openiam.com/openiam_service/ui-ce\\n9621f1afde84: Already exists\\n646a8f97c6a8: Already exists\\n111ef215ea01: Pulling fs layer\\nfb4ccfb62028: Pulling fs layer\\n5780a89424ca: Pulling fs layer\\nac405e1bcaf1: Pulling fs layer\\nc8599e3b267a: Pulling fs layer\\n45c751205584: Pulling fs layer\\nd073c823bebc: Pulling fs layer\\n5cc21ea2eea5: Pull complete\\nba7abde15e29: Pull complete\\nc984fa56e5a0: Pull complete\\nc384c82e524c: Pull complete\\n2f54ac6cc048: Pull complete\\ne571d9818056: Pull complete\\n0a0cdfc4b537: Pull complete\\nc738260940dc: Pull complete\\n9daad2955b32: Pull complete\\n6221693a634b: Pull complete\\n7dbe84e43ad2: Pull complete\\n97e706f13a86: Pull complete\\n4cae4fc929c4: Pull complete\\n43828485f417: Pull complete\\n56bc0ddee1a0: Pull complete\\n3611f7603357: Pull complete\\n2b9b44628925: Pull complete\\n8ac3b6158823: Pull complete\\n9a5c45fad651: Pull complete\\na2e069d4323a: Pull complete\\nc15344a40a9b: Pull complete\\n8b829f3b502c: Pull complete\\nd0c9bb174905: Pull complete\\nDigest: sha256:91626efa38c2580452f4c7f55732ff4c3038c0bdd1f143012ae209c7611dbcf5\\nStatus: Downloaded newer image for registry.openiam.com/openiam_service/ui-ce:debian-2026.5.2-prod\\ndocker.io/registry.openiam.com/openiam_service/ui-ce:debian-2026.5.2-prod\\n\")), mdx(\"h2\", null, \"Start the OpenIAM application\"), mdx(\"p\", null, \"Now you are ready to start the OpenIAM containers. Run the \", mdx(\"inlineCode\", {\n parentName: \"p\"\n }, \"startup.sh\"), \" script to initiate the startup process.\"), mdx(\"pre\", null, mdx(\"code\", {\n parentName: \"pre\"\n }, \"sudo ./startup.sh\\n\")), mdx(\"p\", null, \"You should see output like the example below.\"), mdx(\"pre\", null, mdx(\"code\", {\n parentName: \"pre\"\n }, \"root@localhost:/usr/local/openiam/openiam-docker-compose# ./startup.sh\\nSQL Files exist\\nUsing MariaDB as the database type...\\nNothing found in stack: flyway\\netcd_storage\\nvault_server_storage\\nvault_client_storage\\nconnector_data_storage\\nfilebeat-storage\\nopeniam-janusgraph-storage\\nupload_storage\\nUnable to find image 'busybox:latest' locally\\nlatest: Pulling from library/busybox\\n9ad63333ebc9: Pull complete\\nDigest: sha256:6d9ac9237a84afe1516540f40a0fafdc86859b2141954b4d643af7066d598b74\\nStatus: Downloaded newer image for busybox:latest\\nCreating service etcd_etcd\\nCreating service vault_vault\\nCreating service vault-bootstrap_vault_bootstrap\\nCreating service curator_curator\\nCreating service openiam-opensearch-storage_service\\nCreating service openiam-jks-storage_service\\nCreating service openiam-activiti-storage_service\\nCreating service openiam-rabbitmq-storage_service\\nCreating service openiam-iamscripts-storage_service\\nCreating service redis_service\\nCreating service opensearch_service\\nCreating service cassandra_cassandra\\nWaiting for cassandra to become running, so that we can bring up janusgraph\\nCreating service janusgraph_service\\nCreating service rabbitmq_service\\nopeniam-mysql-storage_storage\\nCreating service database_database\\nCreating service flyway_flyway\\nCreating service openiam_device-manager\\nCreating service openiam_auth-manager\\nCreating service openiam_groovy_manager\\nCreating service openiam_reconciliation\\nCreating service openiam_email-manager\\nCreating service openiam_synchronization\\nCreating service openiam_business-rules-manager\\nCreating service openiam_idm\\nCreating service openiam_esb\\nCreating service openiam_workflow\\nCreating service ui_ui\\nCreating service ldap-connector_service\\nCreating service rproxy_rproxy\\n\")), mdx(\"p\", null, \"Sometimes, users can get the following error after running the command above.\"), mdx(\"pre\", null, mdx(\"code\", {\n parentName: \"pre\"\n }, \"+ docker network create --attachable --driver+overlay openiam-private\\ntkb6xv4eq1v4r20tplcjw11\\n+ sleep 5\\n+ docker pull registry.openiam.com/openiam_infra/flyway:debian-2026.5.2-prod\\nError response from daemon: pull access denied for registry.openiam.com/openiam_infra/flyway, reposivtory does not exist or may require 'docker login': denied:requested access to the resourse is denied azureuser@OIAM:/usr/local/openiam/openiam-docker-compose$\\n\")), mdx(\"p\", null, \"In this case, add the following command\\xE2\\u20AC\\xA6\"), mdx(\"pre\", null, mdx(\"code\", {\n parentName: \"pre\"\n }, \"docker\\xC2\\xA0login -u XXX -p XXX registry.openiam.com\\n\")), mdx(\"p\", null, \".. where \", mdx(\"strong\", {\n parentName: \"p\"\n }, \"-u XXX\"), \" is a username and \", mdx(\"strong\", {\n parentName: \"p\"\n }, \"-p XXX\"), \" is a password.\"), mdx(\"h3\", null, \"Watch the container startup process\"), mdx(\"p\", null, \"The containers may take 8 to 15 minutes (depending on your environment) to startup completely. You can watch the startup process using the command below. \", mdx(\"strong\", {\n parentName: \"p\"\n }, \"Note\"), \", that the UI container will take some time to start and will be among the last as it has dependencies on other components being up first.\"), mdx(\"pre\", null, mdx(\"code\", {\n parentName: \"pre\"\n }, \"watch -n 5 'docker ps'\\n\")), mdx(\"p\", null, \"You should see output like the example below when all containers have started successfully.\"), mdx(\"pre\", null, mdx(\"code\", {\n parentName: \"pre\"\n }, \"Every 5.0s: docker ps localhost: Tue Jan 30 02:46:06 2024\\n\\nCONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES\\nd77654ad06bb registry.openiam.com/openiam_service/synchronization-ce:debian-2026.5.2-prod \\\"docker-entrypoint.sh\\\" 3 hours ago Up 3 hours (healthy) openiam_synchronization.uxe0l47\\nz26ubeags0f6i2h9yt.x9tb0r4zv5ngp7ezpwxd2gkhw\\n4ebcb5b5ccb5 registry.openiam.com/openiam_infra/redis-ce:debian-2026.5.2-prod \\\"redis.sh /run.sh\\\" 3 hours ago Up 3 hours (healthy) 6379/tcp redis_service.1.uyc7pw0n0cqlcxt\\na2svqud46c\\n417519dd58bd registry.openiam.com/openiam_service/groovy-manager-ce:debian-2026.5.2-prod \\\"docker-entrypoint.sh\\\" 3 hours ago Up 3 hours (healthy) openiam_groovy_manager.uxe0l47z\\n26ubeags0f6i2h9yt.ugf9okpghfwrsbkbeayr2151u\\n571bbb9cf8b7 registry.openiam.com/openiam_service/auth-manager-ce:debian-2026.5.2-prod \\\"docker-entrypoint.sh\\\" 3 hours ago Up 3 hours (healthy) openiam_auth-manager.uxe0l47z26\\nubeags0f6i2h9yt.sxgdv885fhs8kdhe42ujz9fns\\n90d6b5611335 registry.openiam.com/openiam_service/mariadb-ce:debian-2026.5.2-prod \\\"init.sh /opt/bitnam\\xE2\\u20AC\\xA6\\\" 3 hours ago Up 3 hours (healthy) 3306/tcp database_database.1.36foh88mgh2\\nisusgypvq4mds7\\n19b6100351f3 registry.openiam.com/openiam_service/workflow-ce:debian-2026.5.2-prod \\\"docker-entrypoint.sh\\\" 3 hours ago Up 3 hours (healthy) openiam_workflow.uxe0l47z26ubea\\ngs0f6i2h9yt.ja1w84wftb6nej2vlef2lkq6y\\n93ab34fe4c91 registry.openiam.com/openiam_service/device-manager-ce:debian-2026.5.2-prod \\\"docker-entrypoint.sh\\\" 3 hours ago Up 3 hours (healthy) openiam_device-manager.uxe0l47z\\n26ubeags0f6i2h9yt.mefg80i4hsn7dx8hlb99s9yb8\\nd6efe734a8c4 registry.openiam.com/openiam_infra/rabbitmq-ce:alpine-2026.5.2-prod \\\"docker-entrypoint.s\\xE2\\u20AC\\xA6\\\" 3 hours ago Up 3 hours (healthy) 4369/tcp, 5671-5672/tcp, 15691-15692/tcp, 25672/tcp rabbitmq_service.1.doci1z5ypha5\\nuahoj11zvn5s1\\ne2395b97271a registry.openiam.com/openiam_service/reconciliation-ce:debian-2026.5.2-prod \\\"docker-entrypoint.sh\\\" 3 hours ago Up 3 hours (healthy) openiam_reconciliation.uxe0l47z\\n26ubeags0f6i2h9yt.3jm01yf0sxmasjyhxlot909hc\\nd1c4abdf8eca registry.openiam.com/openiam_service/idm-ce:debian-2026.5.2-prod \\\"docker-entrypoint.sh\\\" 3 hours ago Up 3 hours (healthy) openiam_idm.uxe0l47z26ubeags0f6\\ni2h9yt.1r90ew19ev48ra96pqz3ufe9w\\n9cf6779c52a8 registry.openiam.com/openiam_service/ldap-connector-rabbitmq-ce:debian-2026.5.2-prod \\\"docker-entrypoint.sh\\\" 3 hours ago Up 3 hours (healthy) ldap-connector_service.uxe0l47z\\n26ubeags0f6i2h9yt.m0muld83kpqgrd7leklb44lz0\\n903d5a9ae775 registry.openiam.com/openiam_service/email-manager-ce:debian-2026.5.2-prod \\\"docker-entrypoint.sh\\\" 3 hours ago Up 3 hours (healthy) openiam_email-manager.uxe0l47z2\\n6ubeags0f6i2h9yt.626qka38iht4ggcb917iw3wko\\ndf03660737a4 registry.openiam.com/openiam_service/rproxy-ce:debian-2026.5.2-prod \\\"httpd-foreground\\\" 3 hours ago Up 3 hours (healthy) 0.0.0.0:80->80/tcp, 443/tcp rproxy_rproxy.uxe0l47z26ubeags0\\nf6i2h9yt.4m6f8h5sv1khf0v8ncga356ki\\n4cceeb5c242e registry.openiam.com/openiam_infra/janusgraph-ce:debian-2026.5.2-prod \\\"init.sh janusgraph\\\" 3 hours ago Up 3 hours (healthy) 8182/tcp janusgraph_service.1.8czw1aew0v\\nr95cfru5ms9wumh\\ndc489e4bcf07 bitnami/cassandra:3.11.10 \\\"/opt/bitnami/script\\xE2\\u20AC\\xA6\\\" 3 hours ago Up 3 hours (healthy) 7000/tcp, 9042/tcp cassandra_cassandra.1.n80icn1rv\\ngxo30787pqporiba\\nc23454f6c49d registry.openiam.com/openiam_infra/vault-ce:alpine-2026.5.2-prod \\\"docker-entrypoint.s\\xE2\\u20AC\\xA6\\\" 3 hours ago Up 3 hours (healthy) 8200/tcp vault_vault.1.it6b7du4vp2j9j9nj\\n00d4vemk\\n07fda75ba205 registry.openiam.com/openiam_infra/opensearch-ce:debian-2026.5.2-prod \\\"init.sh\\\" 3 hours ago Up 3 hours (healthy) 9200/tcp, 9300/tcp opensearch_service.uxe0l47z2\\n6ubeags0f6i2h9yt.jg4j5rb0hb0cvpdcbu98019ap\\n443ffe2aaddd registry.openiam.com/openiam_service/ui-ce:debian-2026.5.2-prod \\\"docker-entrypoint.s\\xE2\\u20AC\\xA6\\\" 3 hours ago Up 3 hours (healthy) 8080/tcp ui_ui.uxe0l47z26ubeags0f6i2h9yt\\n.g4fh9r8g1sxabeq5c04zcjhw7\\n5cbfadbc86ac registry.openiam.com/openiam_service/esb-ce:debian-2026.5.2-prod \\\"docker-entrypoint.sh\\\" 3 hours ago Up 3 hours (healthy) 9080/tcp openiam_esb.uxe0l47z26ubeags0f6\\ni2h9yt.ct9wt15av67ub9k486kirjjck\\n690529bf3076 registry.openiam.com/openiam_service/business-rule-manager-ce:debian-2026.5.2-prod \\\"docker-entrypoint.sh\\\" 3 hours ago Up 3 hours (healthy) 9080/tcp openiam_business-rules-manager.\\nuxe0l47z26ubeags0f6i2h9yt.2pkewzi8f32gvwl352ugi7odj\\n70c3c5a7ff51 bitnami/etcd:3.3.13 \\\"/entrypoint.sh etcd\\\" 3 hours ago Up 3 hours 2379-2380/tcp etcd_etcd.1.xkby0e1syswnk1kcjam\\na6pear\\n\\n\")), mdx(\"h3\", null, \"Validate the startup\"), mdx(\"pre\", null, mdx(\"code\", {\n parentName: \"pre\"\n }, \"curl -k -I -L http://127.0.0.1/idp/login\\n\")), mdx(\"p\", null, \"You should see output like the example below.\"), mdx(\"pre\", null, mdx(\"code\", {\n parentName: \"pre\"\n }, \"HTTP/1.1 200\\nDate: Tue, 30 Jan 2024 02:46:46 GMT\\nServer: Apache\\nReport-To: { \\\"group\\\": \\\"csp-endpoint\\\", \\\"max_age\\\": 10886400, \\\"endpoints\\\": [ { \\\"url\\\": \\\"http://127.0.0.1/selfservice/csp/report\\\" } ] }\\nContent-Security-Policy: default-src 'self' blob: data: 'unsafe-inline' 'unsafe-eval'; script-src 'self' 'unsafe-inline' 'unsafe-eval' apis.google.com; style-src 'self' 'unsafe-inline' 'unsafe-eval' *; form-action 'self' 'unsafe-inline' 'unsafe-eval' *; img-src 'self' data:; font-src 'self' *; report-uri /selfservice/csp/report; report-to csp-endpoint\\nReferrer-Policy: strict-origin\\nAccess-Control-Allow-Origin: *\\nX-Frame-Options: sameorigin\\nX-Content-Type-Options: nosniff\\nX-XSS-Protection: 1; mode=block\\nCache-Control: no-cache\\nPragma: no-cache\\nExpires: Wed, 31 Dec 1969 23:59:59 GMT\\nX-UA-Compatible: IE=EmulateIE10\\nx-openiam-force-auth: false\\nx-openiam-login-uri: /idp/login\\nContent-Type: text/html;charset=UTF-8\\nContent-Language: en-US\\nContent-Length: 4666\\nSet-Cookie: SESSION=N2EyYTQ0MjMtZmNlMC00OTlmLTg1NjItNDNmMjBmMjI1MmMy; Path=/; HttpOnly; SameSite=Lax\\nVary: Accept-Encoding\\n\")), mdx(\"p\", null, \"The application is now operational, and you can login.\"), mdx(\"h1\", null, \"First time login\"), mdx(\"p\", null, \"The final validation of our deployment is to be able to login to the OpenIAM web applications. To do this, must first find the IP address of our VM.\"), mdx(\"p\", null, \"Next open your browser (preferably Chrome or Firefox), and hit \", mdx(\"inlineCode\", {\n parentName: \"p\"\n }, \"http://[ip address of your installation ]/webconsole\"), \".\"), mdx(\"p\", null, \"Use the following credentials for the first time login.\"), mdx(\"pre\", null, mdx(\"code\", {\n parentName: \"pre\"\n }, \"Username: sysadmin\\nPassword: passwd00\\n\")), mdx(\"p\", null, mdx(\"span\", {\n parentName: \"p\",\n \"className\": \"gatsby-resp-image-wrapper\",\n \"style\": {\n \"position\": \"relative\",\n \"display\": \"block\",\n \"marginLeft\": \"auto\",\n \"marginRight\": \"auto\",\n \"maxWidth\": \"418px\"\n }\n }, \"\\n \", mdx(\"a\", {\n parentName: \"span\",\n \"className\": \"gatsby-resp-image-link\",\n \"href\": \"/docs-2026.5.2/static/1b5d4df81e29060c7801f9535bda6b18/d7398/first-timelogin.png\",\n \"style\": {\n \"display\": \"block\"\n },\n \"target\": \"_blank\",\n \"rel\": \"noopener\"\n }, \"\\n \", mdx(\"span\", {\n parentName: \"a\",\n \"className\": \"gatsby-resp-image-background-image\",\n \"style\": {\n \"paddingBottom\": \"111.58301158301158%\",\n \"position\": \"relative\",\n \"bottom\": \"0\",\n \"left\": \"0\",\n \"backgroundImage\": \"url('data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABQAAAAWCAYAAADAQbwGAAAACXBIWXMAAAsTAAALEwEAmpwYAAADL0lEQVQ4y6WUz2scZRjH9z/QP6AWr4oePOlFhNKTV28evHgTUaSK4KEFabUoKFga223aajRRBOkhiKZURZQaDdskzWZ3000gMSntzs7Or3d+zzvzkWc2u9m1iUR84LvPzPd9nu9+35n3mYrpBBi2j+sn3Kq3+eKzadbam8wvNqivbbKw3GKxscGNX37nh7kfuXxlitnv5qhWrzIxUWWhdhsv0hiWQrQqpaClUGHG9V9rXH7/PS5+eoUPLnzNyQ8needsler0LB9NTHHq5Lu8eeJtzpw+y6uvvMYbr5/gj4UlVJyPC3Ztn54b0Ol5/DS/zM1ag2tz86y2t1lubrGxbdDa2OG3m3/y112D2mKdpZUmy/UWO/dMem5YagwFB6KSVZhiq5j7pocbJNgqwvLCkpOtWV6EG6QlnCAdE5NckZ8BDMun01ND+5JHITsYuy/zXn/pMIgS0kyTpBqdF2Q6J9MF6W6We+H7a6PIh5z0iobthVTkRiLLMgzDQCmFbdso5eG6Lp7nYXa7mKaJZVlDSJ1wjm0zCFeVgllfUGvCMCRJEqIoIo7jPpKk5IUbQPgkSYd8nucURYEjgnGSkWuN1rokD4uBiEB6RaN0mGYZfpDSWd+ma3TY3NoqHfyXSNMUnWV7W5Z/01nfpTxLrfOSOyxKh/muwyjOsJ2YnhVh2RG9XRhmeGjcNwIcN8YLIiquHFiV8n+jZ8d4fkhF+QlGN0KpFNdLHoAzgv3WxYzssNMNUeIwTjNcP8ZyQmw3GsJyI3pOiKdilN9Hnw/HaiSbTkgQpX2Hcmwk9D+2kAPFfm90n5pBr6MCKjJCs9//zMfnP2di8ivOX5rZQ3WGc9UZJqe+5cLVbzhXnR7yJS7NlD3SW1taJUo1lbyAF19+i4ePPsPRJ45z5PFjY3j0yeM89/xLPPXsCxx57NgD69Lz0CNP88nFL0uXFRnqnbv3WG22ad3ZoLm2h5XmOourd7i10mKpvsbtRptGa32sRnqkt2c5qCDuv5SDIilATpSbFvgZeGnxr0enfIYyKYN5lAkZRX9ec4rdiShGJmO8Vpd15cfBdHxMWx2I7gHX+0E+un8Dho9QjLJzmVUAAAAASUVORK5CYII=')\",\n \"backgroundSize\": \"cover\",\n \"display\": \"block\"\n }\n }), \"\\n \", mdx(\"img\", {\n parentName: \"a\",\n \"className\": \"gatsby-resp-image-image\",\n \"alt\": \"OpenIAM Login page\",\n \"title\": \"OpenIAM Login page\",\n \"src\": \"/docs-2026.5.2/static/1b5d4df81e29060c7801f9535bda6b18/d7398/first-timelogin.png\",\n \"srcSet\": [\"/docs-2026.5.2/static/1b5d4df81e29060c7801f9535bda6b18/a2ead/first-timelogin.png 259w\", \"/docs-2026.5.2/static/1b5d4df81e29060c7801f9535bda6b18/d7398/first-timelogin.png 418w\"],\n \"sizes\": \"(max-width: 418px) 100vw, 418px\",\n \"style\": {\n \"width\": \"100%\",\n \"height\": \"100%\",\n \"margin\": \"0\",\n \"verticalAlign\": \"middle\",\n \"position\": \"absolute\",\n \"top\": \"0\",\n \"left\": \"0\"\n },\n \"loading\": \"lazy\",\n \"decoding\": \"async\"\n }), \"\\n \"), \"\\n \")), mdx(\"p\", null, \"The next screen will ask you to change the default password. As you enter your new password, you will see the password policy on the side. Your password must align with this policy. You will be able to change both the password and the policy later\"), mdx(\"p\", null, mdx(\"span\", {\n parentName: \"p\",\n \"className\": \"gatsby-resp-image-wrapper\",\n \"style\": {\n \"position\": \"relative\",\n \"display\": \"block\",\n \"marginLeft\": \"auto\",\n \"marginRight\": \"auto\",\n \"maxWidth\": \"428px\"\n }\n }, \"\\n \", mdx(\"a\", {\n parentName: \"span\",\n \"className\": \"gatsby-resp-image-link\",\n \"href\": \"/docs-2026.5.2/static/b925a5c34ab913386d7545023d8dd01a/47730/change-password.png\",\n \"style\": {\n \"display\": \"block\"\n },\n \"target\": \"_blank\",\n \"rel\": \"noopener\"\n }, \"\\n \", mdx(\"span\", {\n parentName: \"a\",\n \"className\": \"gatsby-resp-image-background-image\",\n \"style\": {\n \"paddingBottom\": \"132.81853281853282%\",\n \"position\": \"relative\",\n \"bottom\": \"0\",\n \"left\": \"0\",\n \"backgroundImage\": \"url('data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABQAAAAbCAYAAAB836/YAAAACXBIWXMAAAsTAAALEwEAmpwYAAADPElEQVRIx5WVa08TQRSG+//8GfpFf4Ga+EETYiASlYjXqOANEm+gJAgokRCxhkhCIkkBU2ipvWzb3e51Zm99zZnd2U5rG+IkT87szszpOe85s821Oi6IpuHAsBgOyw0cnmjw/Bim68NhIWwWinlVM1Ajmh2Uq03xfFJrom164jz5yUlnuunhROvgzu172Fpdw8f1PJbXv2NxZRNLn7fwZukLZp/PY3r6Aaam7mJ8/AauXR3D05kXCLpAo23967BUN/D44Qzmn8zg+vQr3Hr0Gjfuz2P2zQpevlvD2PVJ3Lw5hfHxSUxMTOLypStY/LAMLxhwmKVsM/w+0bBfquFr/hcKxRoqDQOlahv1loXDo4o4+Keh46hcQ7Who6rp2XnhkCYSjSK1PHRsLqxuMRE5QZsNmwtLmtEa2VaqnySXbJB4iZXvOgrq+1FQhKbD0O12EccJURT1iGNEUdyzGRHCFFqjc+TDYz5ylsMhB700TRO6rqPRaAgrabfbAsMw+p59v3fe4z5FyFNnPacERdFqtQSaponDZIkgCLK9qu1zKMOWxHGaWhj2Qc5oTe4h+iK0PR+MMVQqlYxarSao1+sjUfcUCgUROQ/CxKHrutjd3cXOzo6wx8fHKJfLKJVKp0IBLCws4OBgH2HURc52ffi+j2azmQk9COk4ao2gItm2DcaDRMNuN870GIaq17C1pDCxLAoTC/QLlmXBcZxsTlAbkaV3sgCycHKsrq6Kc0JDipA2DlaTUKtM81FRUs9S9UXK1pCU1daRz8NaSP6QjFrcFJkyVZrSIitTlOkTdFDtU5V8/gc8zwX3w55DqjTnvM+qczXyQX7t7YEzBubLlNNbMUojWiONRpFVWU2ZovA8Bsa5gKfQLVJ1GoQGXQQ6n/YhExH6nMN1bDDPFZCWpCHpSeIPDvXDsLGxIfYLDa20baiHPD+BB1Hfx0KmPYq+xo7DEOuFOs5Mf8WFuW2cn9sW8097f8TGMEqama4XpUb3l6xKsVgUV1AUJQxC5Isazs5+w+X3O7j49ifOPdvC5mFdOIrS20E3Rn5hBqlWqzA7ncQhaagok6Lq1O19fU8Zosr0x6KbDtpD0P+TlmHjL6mBAHP5Ihi1AAAAAElFTkSuQmCC')\",\n \"backgroundSize\": \"cover\",\n \"display\": \"block\"\n }\n }), \"\\n \", mdx(\"img\", {\n parentName: \"a\",\n \"className\": \"gatsby-resp-image-image\",\n \"alt\": \"Change password\",\n \"title\": \"Change password\",\n \"src\": \"/docs-2026.5.2/static/b925a5c34ab913386d7545023d8dd01a/47730/change-password.png\",\n \"srcSet\": [\"/docs-2026.5.2/static/b925a5c34ab913386d7545023d8dd01a/a2ead/change-password.png 259w\", \"/docs-2026.5.2/static/b925a5c34ab913386d7545023d8dd01a/47730/change-password.png 428w\"],\n \"sizes\": \"(max-width: 428px) 100vw, 428px\",\n \"style\": {\n \"width\": \"100%\",\n \"height\": \"100%\",\n \"margin\": \"0\",\n \"verticalAlign\": \"middle\",\n \"position\": \"absolute\",\n \"top\": \"0\",\n \"left\": \"0\"\n },\n \"loading\": \"lazy\",\n \"decoding\": \"async\"\n }), \"\\n \"), \"\\n \")), mdx(\"p\", null, \"The next step is to define a content provider using the screen shown below. A \", mdx(\"a\", {\n parentName: \"p\",\n \"href\": \"../getting-started/21-concepts\"\n }, \"Content provider\"), \" is an alias that represents a domain. Associated with the content provider can be UI themes, authentication policies, etc. The table below describes the fields on this screen.\"), mdx(\"table\", null, mdx(\"thead\", {\n parentName: \"table\"\n }, mdx(\"tr\", {\n parentName: \"thead\"\n }, mdx(\"th\", {\n parentName: \"tr\",\n \"align\": \"right\"\n }, \"Name\"), mdx(\"th\", {\n parentName: \"tr\",\n \"align\": \"right\"\n }, \"Description\"))), mdx(\"tbody\", {\n parentName: \"table\"\n }, mdx(\"tr\", {\n parentName: \"tbody\"\n }, mdx(\"td\", {\n parentName: \"tr\",\n \"align\": \"right\"\n }, \"Content Provider Name\"), mdx(\"td\", {\n parentName: \"tr\",\n \"align\": \"right\"\n }, \"You can think of a content provider an \\xE2\\u20AC\\u0153alias\\xE2\\u20AC\\x9D which represents a domain. This is described in more detail in the OpenIAM documentation. For this setup, please enter a value such as: Default CP.\")), mdx(\"tr\", {\n parentName: \"tbody\"\n }, mdx(\"td\", {\n parentName: \"tr\",\n \"align\": \"right\"\n }, \"Domain Pattern\"), mdx(\"td\", {\n parentName: \"tr\",\n \"align\": \"right\"\n }, \"This value is defaulted in. It should be the IP address or host DNS name of the instance where OpenIAM has been installed\")), mdx(\"tr\", {\n parentName: \"tbody\"\n }, mdx(\"td\", {\n parentName: \"tr\",\n \"align\": \"right\"\n }, \"Application supports SSL?\"), mdx(\"td\", {\n parentName: \"tr\",\n \"align\": \"right\"\n }, \"This configuration determines if the OpenIAM application will be accessed over HTTP or HTTPS. Unless, you have already configured the certificate, select \", mdx(\"inlineCode\", {\n parentName: \"td\"\n }, \"Support on HTTP\"), \". You will be able to update this configuration later.\")))), mdx(\"p\", null, mdx(\"span\", {\n parentName: \"p\",\n \"className\": \"gatsby-resp-image-wrapper\",\n \"style\": {\n \"position\": \"relative\",\n \"display\": \"block\",\n \"marginLeft\": \"auto\",\n \"marginRight\": \"auto\",\n \"maxWidth\": \"766px\"\n }\n }, \"\\n \", mdx(\"a\", {\n parentName: \"span\",\n \"className\": \"gatsby-resp-image-link\",\n \"href\": \"/docs-2026.5.2/static/f715ce7467f0b6823a62d0ae41fda405/f7616/content-provider.png\",\n \"style\": {\n \"display\": \"block\"\n },\n \"target\": \"_blank\",\n \"rel\": \"noopener\"\n }, \"\\n \", mdx(\"span\", {\n parentName: \"a\",\n \"className\": \"gatsby-resp-image-background-image\",\n \"style\": {\n \"paddingBottom\": \"114.28571428571428%\",\n \"position\": \"relative\",\n \"bottom\": \"0\",\n \"left\": \"0\",\n \"backgroundImage\": \"url('data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABQAAAAXCAYAAAALHW+jAAAACXBIWXMAAAsTAAALEwEAmpwYAAAC7UlEQVQ4y62U30tUQRTH79/SWxuoPYRiCtVLD8JqUUG/xIfQfj+kCVEgSVBr2INpPmgSIQlqkD5ov1AwiMBC113dVTFb15+Ieu+d+3Puj2/M3N2rW1YrNPDh3Dlz+N4558yMkHu4DHlFJ5BXdJJzsNgjp7AMgfwgDhSUIpCfJpiiFIGUn68XlGJ/ak2IxmYRm55DOBJHZHIa45EYJxz15hPROCYmve/I1IzvS6+HIzE+ZxpT8TkIpkmxsLiK74lFzCeWOInkMn4sLCORXPEt/05u+7y4FW7ZPLm0BpmoEF52DyJQdA7FwSsoLKni5B4tR86R7Mk7VoF9h06h9n4zhLHIDJ60dqGloxdNbd1o6XiNp+09aGrrQVN7djQ/70Xjsy68HfoCAf95CJZlQ5JliKIEXTfAamqYJrd7hlIItm1D1zVIkghNUwG4qX+5cN29wbQE23ZAFBOKSiETzxKFQtMtuK4Dx8mOHYI2VFXnKIoGQlQfFrSXwYS5IEtVUQg0TeMYug5KTV8wm3R9QdYUUSQQxS3IvDkiWBmyFcqsoQOBUhsbm2xnCt+drut7TjUjZa+gTuovKetk3wy/KcyypnwcGUXFjQe4fqcRV2sfo7I6hMrqRzvsvwjh8u0GXLhWj7bOfgh9gyMoOV+Ds1V1OHPpHoIXa1Fyrob7sqW0vBbHT99EqLmTNcWCKEmQJJkjywQyIZ79FfL7GjsdqxsSxufXYVHTqyE7Juy26Nz+DQ26qkDXtmNNQ8cWUTG7IsFlNWSCqqryXRJCQCnljfGK7fqwhpk2QMxUR/0Yh50v7rPSV88wKVRN42K7Dtc7l9iagxV/DzU8zruaPqtMg4mx8gn8MbAMWBqBaRjcyYQzMUEdwFqPw4gOQPw2CmoaoNTi8RnP1/y6jHfRRQzHV7BBNDj2boLWtigAG/DFWB0/DH9G38AQvo5FIXyaXUNd/zgeDkaQ3FRTD9efhuulv+MmGYaJ+oZW3LobwotXb/AT1WlO/99bm2AAAAAASUVORK5CYII=')\",\n \"backgroundSize\": \"cover\",\n \"display\": \"block\"\n }\n }), \"\\n \", mdx(\"img\", {\n parentName: \"a\",\n \"className\": \"gatsby-resp-image-image\",\n \"alt\": \"Define initial content provider\",\n \"title\": \"Define initial content provider\",\n \"src\": \"/docs-2026.5.2/static/f715ce7467f0b6823a62d0ae41fda405/f7616/content-provider.png\",\n \"srcSet\": [\"/docs-2026.5.2/static/f715ce7467f0b6823a62d0ae41fda405/a2ead/content-provider.png 259w\", \"/docs-2026.5.2/static/f715ce7467f0b6823a62d0ae41fda405/6b9fd/content-provider.png 518w\", \"/docs-2026.5.2/static/f715ce7467f0b6823a62d0ae41fda405/f7616/content-provider.png 766w\"],\n \"sizes\": \"(max-width: 766px) 100vw, 766px\",\n \"style\": {\n \"width\": \"100%\",\n \"height\": \"100%\",\n \"margin\": \"0\",\n \"verticalAlign\": \"middle\",\n \"position\": \"absolute\",\n \"top\": \"0\",\n \"left\": \"0\"\n },\n \"loading\": \"lazy\",\n \"decoding\": \"async\"\n }), \"\\n \"), \"\\n \")), mdx(\"p\", null, \"After setting the content provider, you will be taken to the challenge questions page. These questions will be used to reset your admin account if you lock yourself out. Make a note of your answers.\"), mdx(\"div\", {\n className: \"note-box note\"\n }, mdx(\"i\", {\n className: \"material-icons\"\n }, \"note\"), mdx(\"span\", {\n className: \"mcFormatColor\"\n }, \"Note: \"), \"You will be able to update your password policy later. At that time, you can decide if you want to use challenge questions and/or some other method.\"), mdx(\"p\", null, mdx(\"span\", {\n parentName: \"p\",\n \"className\": \"gatsby-resp-image-wrapper\",\n \"style\": {\n \"position\": \"relative\",\n \"display\": \"block\",\n \"marginLeft\": \"auto\",\n \"marginRight\": \"auto\",\n \"maxWidth\": \"764px\"\n }\n }, \"\\n \", mdx(\"a\", {\n parentName: \"span\",\n \"className\": \"gatsby-resp-image-link\",\n \"href\": \"/docs-2026.5.2/static/cb10e4db7d02acc67789c78edfece801/f3c12/challengequestions.png\",\n \"style\": {\n \"display\": \"block\"\n },\n \"target\": \"_blank\",\n \"rel\": \"noopener\"\n }, \"\\n \", mdx(\"span\", {\n parentName: \"a\",\n \"className\": \"gatsby-resp-image-background-image\",\n \"style\": {\n \"paddingBottom\": \"116.98841698841697%\",\n \"position\": \"relative\",\n \"bottom\": \"0\",\n \"left\": \"0\",\n \"backgroundImage\": \"url('data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABQAAAAXCAYAAAALHW+jAAAACXBIWXMAAAsTAAALEwEAmpwYAAABqklEQVQ4y6WUPU/DMBCG8/+XDvyDDh2AIlWwMXVBoApaRKFSly4MqITmy3G+86LXcFFSUqhFpEeOnbs357uzHdeP0ebdU/DjHI/LNcanF5hc3+DsaorR2SWGwxEGgxOcjycIdYHtLsK+v0OBNltPmQ+vbx+YLVaY3i0xf9ng4WmN+8UzbmdzrNYbuIHGdtf1Jc4u1PBIlMALBY1ApYizCjorv+F7jaQAVFJ8+YRdH+IAQJZlUEohjuMGpWIEQQDf980YhmEzRlHUseWcGnycuq5RVRWKokBZlgbOkyRpnCnEkXOitW5s21DLyfPcGKRp2oF/tIEB0K8RJFzkFrjGKPui6ENs6W8EKSKiEi3Xj4URMi2NoEQn0IA5PRZqMLdGMOsRtBH7IdjOocA1W0G2lxHkglRVRn7Y/8lvSJoo3MkhBSXCYyss0Ke3yny3rbJU+mCVbfpQTpnned0qywlp58PmpHBnjWD7oBPb/DFC13VNYJ0qC/vn+i/aHWIEpcL/xQhyy7wLCUPmyA+2l0PTNhRMtLa+rg4Wpe/o2UbYaZu8p8o2bSN2cjl8AvGq+h0PG0xkAAAAAElFTkSuQmCC')\",\n \"backgroundSize\": \"cover\",\n \"display\": \"block\"\n }\n }), \"\\n \", mdx(\"img\", {\n parentName: \"a\",\n \"className\": \"gatsby-resp-image-image\",\n \"alt\": \"Challenge questions\",\n \"title\": \"Challenge questions\",\n \"src\": \"/docs-2026.5.2/static/cb10e4db7d02acc67789c78edfece801/f3c12/challengequestions.png\",\n \"srcSet\": [\"/docs-2026.5.2/static/cb10e4db7d02acc67789c78edfece801/a2ead/challengequestions.png 259w\", \"/docs-2026.5.2/static/cb10e4db7d02acc67789c78edfece801/6b9fd/challengequestions.png 518w\", \"/docs-2026.5.2/static/cb10e4db7d02acc67789c78edfece801/f3c12/challengequestions.png 764w\"],\n \"sizes\": \"(max-width: 764px) 100vw, 764px\",\n \"style\": {\n \"width\": \"100%\",\n \"height\": \"100%\",\n \"margin\": \"0\",\n \"verticalAlign\": \"middle\",\n \"position\": \"absolute\",\n \"top\": \"0\",\n \"left\": \"0\"\n },\n \"loading\": \"lazy\",\n \"decoding\": \"async\"\n }), \"\\n \"), \"\\n \")), mdx(\"p\", null, \"After completing the above steps, you will be taken the admin console landing page shown below. Allow the system about 5 min to refresh in the internal cache and then you can proceed to configure your solution.\"), mdx(\"p\", null, mdx(\"span\", {\n parentName: \"p\",\n \"className\": \"gatsby-resp-image-wrapper\",\n \"style\": {\n \"position\": \"relative\",\n \"display\": \"block\",\n \"marginLeft\": \"auto\",\n \"marginRight\": \"auto\",\n \"maxWidth\": \"360px\"\n }\n }, \"\\n \", mdx(\"a\", {\n parentName: \"span\",\n \"className\": \"gatsby-resp-image-link\",\n \"href\": \"/docs-2026.5.2/static/660795e3721a67546447d34dd251f0e4/f21e7/landing-page.png\",\n \"style\": {\n \"display\": \"block\"\n },\n \"target\": \"_blank\",\n \"rel\": \"noopener\"\n }, \"\\n \", mdx(\"span\", {\n parentName: \"a\",\n \"className\": \"gatsby-resp-image-background-image\",\n \"style\": {\n \"paddingBottom\": \"38.22393822393822%\",\n \"position\": \"relative\",\n \"bottom\": \"0\",\n \"left\": \"0\",\n \"backgroundImage\": \"url('data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABQAAAAICAYAAAD5nd/tAAAACXBIWXMAAAsTAAALEwEAmpwYAAABUUlEQVQoz51Q20oCURSdr6mU8MVbEBYEUo0XfLF0LIMgFSFQ6imloG/qD/oHv8HyNmdmdG7nzIqzx8awnjqw2OvsvVisvZXcWQPxbAmJoyoy+SaOyx1kT2+ROtGQy1eRzFWwly4gliliJ6kiJnm6QDyeKRJ2UyoShxXsH5SgaJ0hLu6eoGp93Ny/otF9Jn7VfUG9PYSq9XDZGpDmvN5DvTNErT0gXmsN1po+ys1HlK4foFhsDtsyMP0Yg80mWJkMK0MPITn91zC3YDAsf+gkV2ZsCd2y4fkcnueBC4H/PhEEUD4XJma6BdfzyNB1XapCiF8IguDPfjgT4JxDmSxMzI0lGTHGIoHjOCSQ8HmYWtd12LZNXFbaiOY80pKhXFs2fd+PDL/FQgQQ3gq2xWA7LiWRSTfzTcofhlZ0OyneQIC60xFG728YT1l4q/X62+Bc4AuYbSPXSLA5nwAAAABJRU5ErkJggg==')\",\n \"backgroundSize\": \"cover\",\n \"display\": \"block\"\n }\n }), \"\\n \", mdx(\"img\", {\n parentName: \"a\",\n \"className\": \"gatsby-resp-image-image\",\n \"alt\": \"Webconsole landing page\",\n \"title\": \"Webconsole landing page\",\n \"src\": \"/docs-2026.5.2/static/660795e3721a67546447d34dd251f0e4/f21e7/landing-page.png\",\n \"srcSet\": [\"/docs-2026.5.2/static/660795e3721a67546447d34dd251f0e4/a2ead/landing-page.png 259w\", \"/docs-2026.5.2/static/660795e3721a67546447d34dd251f0e4/f21e7/landing-page.png 360w\"],\n \"sizes\": \"(max-width: 360px) 100vw, 360px\",\n \"style\": {\n \"width\": \"100%\",\n \"height\": \"100%\",\n \"margin\": \"0\",\n \"verticalAlign\": \"middle\",\n \"position\": \"absolute\",\n \"top\": \"0\",\n \"left\": \"0\"\n },\n \"loading\": \"lazy\",\n \"decoding\": \"async\"\n }), \"\\n \"), \"\\n \")), mdx(\"h1\", null, \"Frequently used commands with Docker\"), mdx(\"p\", null, \"The following commands are frequently used with Docker.\"), mdx(\"table\", null, mdx(\"thead\", {\n parentName: \"table\"\n }, mdx(\"tr\", {\n parentName: \"thead\"\n }, mdx(\"th\", {\n parentName: \"tr\",\n \"align\": \"right\"\n }, \"Command\"), mdx(\"th\", {\n parentName: \"tr\",\n \"align\": \"right\"\n }, \"Description\"))), mdx(\"tbody\", {\n parentName: \"table\"\n }, mdx(\"tr\", {\n parentName: \"tbody\"\n }, mdx(\"td\", {\n parentName: \"tr\",\n \"align\": \"right\"\n }, mdx(\"inlineCode\", {\n parentName: \"td\"\n }, \"./startup.sh\")), mdx(\"td\", {\n parentName: \"tr\",\n \"align\": \"right\"\n }, \"Starts the OpenIAM Docker containers.\")), mdx(\"tr\", {\n parentName: \"tbody\"\n }, mdx(\"td\", {\n parentName: \"tr\",\n \"align\": \"right\"\n }, mdx(\"inlineCode\", {\n parentName: \"td\"\n }, \"./shutdown.sh\")), mdx(\"td\", {\n parentName: \"tr\",\n \"align\": \"right\"\n }, \"Stops the OpenIAM Docker containers.\", mdx(\"br\", null), \"Ensure that all containers have stopped before restarting. You can validate that the containers have stopped using the \", mdx(\"inlineCode\", {\n parentName: \"td\"\n }, \"docker ps\"), \" command.\")), mdx(\"tr\", {\n parentName: \"tbody\"\n }, mdx(\"td\", {\n parentName: \"tr\",\n \"align\": \"right\"\n }, mdx(\"inlineCode\", {\n parentName: \"td\"\n }, \"docker ps\")), mdx(\"td\", {\n parentName: \"tr\",\n \"align\": \"right\"\n }, \"Shows all the containers which are running.\")), mdx(\"tr\", {\n parentName: \"tbody\"\n }, mdx(\"td\", {\n parentName: \"tr\",\n \"align\": \"right\"\n }, mdx(\"inlineCode\", {\n parentName: \"td\"\n }, \"watch -n 5 'docker ps'\")), mdx(\"td\", {\n parentName: \"tr\",\n \"align\": \"right\"\n }, \"Allows you to observe the docker containers. The view is refreshed every \", mdx(\"inlineCode\", {\n parentName: \"td\"\n }, \"-n\"), \" seconds.\")), mdx(\"tr\", {\n parentName: \"tbody\"\n }, mdx(\"td\", {\n parentName: \"tr\",\n \"align\": \"right\"\n }, mdx(\"inlineCode\", {\n parentName: \"td\"\n }, \"docker logs [container id]\")), mdx(\"td\", {\n parentName: \"tr\",\n \"align\": \"right\"\n }, \"Shows the logs related to the Container ID. You can get the Container ID from the \", mdx(\"inlineCode\", {\n parentName: \"td\"\n }, \"docker ps\"), \" command.\")), mdx(\"tr\", {\n parentName: \"tbody\"\n }, mdx(\"td\", {\n parentName: \"tr\",\n \"align\": \"right\"\n }, mdx(\"inlineCode\", {\n parentName: \"td\"\n }, \"docker exec -it [container id] bash\")), mdx(\"td\", {\n parentName: \"tr\",\n \"align\": \"right\"\n }, \"Allows connecting to the container\")), mdx(\"tr\", {\n parentName: \"tbody\"\n }, mdx(\"td\", {\n parentName: \"tr\",\n \"align\": \"right\"\n }, mdx(\"inlineCode\", {\n parentName: \"td\"\n }, \"docker restart -t [time] [container id]\")), mdx(\"td\", {\n parentName: \"tr\",\n \"align\": \"right\"\n }, \"Allows you to restart a container. Time is the number seconds to wait after stopping a container and starting it again.\")))), mdx(\"h3\", null, \"Additional resources\"), mdx(\"p\", null, mdx(\"iframe\", {\n width: \"1141\",\n height: \"642\",\n src: \"https://www.youtube.com/embed/SyakEHJK-Fo\",\n title: \"YouTube video player\",\n frameBorder: \"0\",\n allow: \"accelerometer; autoplay; clipboard-write; encrypted-media; gyroscope; picture-in-picture\",\n allowFullScreen: true\n })));\n}\n;\nMDXContent.isMDXComponent = true;","tableOfContents":{"items":[{"items":[{"items":[{"items":[{"url":"#what-is-docker","title":"What is Docker?"}]}]}]},{"url":"#openiam-on-docker","title":"OpenIAM on Docker"},{"url":"#openiam-solution-stacks","title":"OpenIAM solution stacks","items":[{"url":"#critical-infrastructure-stacks","title":"Critical infrastructure stacks"},{"url":"#service-stacks","title":"Service stacks"},{"url":"#ui-stack","title":"UI Stack"},{"url":"#reverse-proxy-stack","title":"Reverse Proxy Stack"}]},{"url":"#system-requirements","title":"System requirements","items":[{"url":"#minimum-hardware-requirements","title":"MINIMUM hardware requirements"},{"url":"#software-requirements","title":"Software requirements"}]},{"url":"#preparing-your-system","title":"Preparing your system","items":[{"url":"#install-pre-requisite-packages","title":"Install pre-requisite packages"},{"url":"#update-the-hostsâ-file","title":"Update the hosts’ file"},{"url":"#settings-for-opensearch-and-docker","title":"Settings for OpenSearch and Docker","items":[{"url":"#opensearch","title":"OpenSearch"},{"url":"#disabling-ipv6-on-docker-host","title":"Disabling IPv6 on Docker Host"}]}]},{"url":"#install-the-docker-engine","title":"Install the Docker engine","items":[{"url":"#ubuntu","title":"Ubuntu","items":[{"url":"#setup-the-repository","title":"Setup the repository"},{"url":"#install-the-docker-engine-1","title":"Install the Docker engine"}]},{"url":"#centos-9-stream--rhel-9","title":"CentOS 9 Stream / RHEL 9","items":[{"url":"#setup-the-repository-1","title":"Setup the repository"},{"url":"#install-the-docker-engine-2","title":"Install the Docker engine"},{"url":"#install-docker-compose","title":"Install Docker compose"},{"url":"#verify-that-docker-engine-is-installed-correctly","title":"Verify that Docker engine is installed correctly"}]},{"url":"#enable-cgroups-v1-support-on-ubuntu-2404-lts","title":"Enable cgroups-v1 support on Ubuntu 24.04 LTS"}]},{"url":"#configuring-port-assignments-in-openiam-docker-deployment-optional","title":"Configuring Port Assignments in OpenIAM Docker Deployment (Optional)","items":[{"url":"#reverse-proxy-port-configuration","title":"Reverse Proxy Port Configuration"},{"url":"#exposing-ui-service-port","title":"Exposing UI Service Port","items":[{"url":"#steps-to-expose-the-ui-service-port","title":"Steps to Expose the UI Service Port"}]}]},{"url":"#installing-the-openiam-application","title":"Installing the OpenIAM application","items":[{"url":"#clone-the-openiam-docker-repository","title":"Clone the OpenIAM Docker repository"},{"url":"#set-the-community-edition-flag","title":"Set the community edition flag"},{"url":"#initialize-vault","title":"Initialize Vault"},{"url":"#define-database-ports","title":"Define database ports"},{"url":"#initialize-docker-swarm","title":"Initialize Docker Swarm"},{"url":"#open-ports-for-docker-swarm","title":"Open ports for Docker Swarm"},{"url":"#pull-the-docker-images","title":"Pull the Docker images"},{"url":"#start-the-openiam-application","title":"Start the OpenIAM application","items":[{"url":"#watch-the-container-startup-process","title":"Watch the container startup process"},{"url":"#validate-the-startup","title":"Validate the startup"}]}]},{"url":"#first-time-login","title":"First time login"},{"url":"#frequently-used-commands-with-docker","title":"Frequently used commands with Docker","items":[{"items":[{"url":"#additional-resources","title":"Additional resources"}]}]}]},"parent":{"relativePath":"installation/2-docker-installation.md"},"frontmatter":{"metaTitle":"Deploying via Docker","metaDescription":"This page describes how to deploy OpenIAM in Docker"}},"allMdx":{"edges":[{"node":{"fields":{"slug":"/changelog","title":"Change log"}}},{"node":{"fields":{"slug":"/appendix","title":"Appendix"}}},{"node":{"fields":{"slug":"/connectorconfig","title":"IdM Connectors"}}},{"node":{"fields":{"slug":"/admin","title":"Administration guide"}}},{"node":{"fields":{"slug":"/developerguide","title":"Developer Guide"}}},{"node":{"fields":{"slug":"/end-user-guide-for-selfservice","title":"End user guide for SelfService portal"}}},{"node":{"fields":{"slug":"/getting-started","title":"Getting Started"}}},{"node":{"fields":{"slug":"/troubleshooting","title":"FAQ / Troubleshooting"}}},{"node":{"fields":{"slug":"/whatsnew","title":"What's new in OpenIAM"}}},{"node":{"fields":{"slug":"/ssocatalog","title":"SSO Catalog"}}},{"node":{"fields":{"slug":"/admin/0-login","title":"Logging in to the admin portal"}}},{"node":{"fields":{"slug":"/admin/1-exportimport","title":"Import / Export"}}},{"node":{"fields":{"slug":"/","title":"Welcome to the OpenIAM Documentation"}}},{"node":{"fields":{"slug":"/installation","title":"Installing OpenIAM"}}},{"node":{"fields":{"slug":"/admin/1-usradmin","title":"User administration"}}},{"node":{"fields":{"slug":"/admin/12-administration","title":"Administration"}}},{"node":{"fields":{"slug":"/admin/10-consent-management","title":"Consent management"}}},{"node":{"fields":{"slug":"/admin/10-password","title":"Password policy"}}},{"node":{"fields":{"slug":"/admin/13-selfregistration","title":"Self-registration"}}},{"node":{"fields":{"slug":"/admin/15-audit","title":"Audit"}}},{"node":{"fields":{"slug":"/admin/14-Help.Desk.User.Profile.Protection","title":"HelpDesk profile protection"}}},{"node":{"fields":{"slug":"/admin/16-admin-pswd-change","title":"Password reset for administrator's account"}}},{"node":{"fields":{"slug":"/admin/18-services-passwd-change-k8","title":"Password update for OpenIAM services in Kubernetes"}}},{"node":{"fields":{"slug":"/admin/2-authentication","title":"Authentication"}}},{"node":{"fields":{"slug":"/admin/19-reports","title":"OpenIAM report services"}}},{"node":{"fields":{"slug":"/admin/21-graph-rebuild","title":"Rebuilding OpenIAM's in-memory authorization graph"}}},{"node":{"fields":{"slug":"/admin/3-authz","title":"Managing access"}}},{"node":{"fields":{"slug":"/admin/4-app-onboarding","title":"Application onboarding"}}},{"node":{"fields":{"slug":"/admin/20-virtual-tentant-by-org","title":"Enabling a virtual tenant by organization"}}},{"node":{"fields":{"slug":"/admin/6-requestapprov","title":"Requests / Approval"}}},{"node":{"fields":{"slug":"/admin/22-token-session-util","title":"Session management utility for RPM"}}},{"node":{"fields":{"slug":"/admin/7-access-cert","title":"User access review"}}},{"node":{"fields":{"slug":"/admin/8-sso","title":"Federation / SSO to applications"}}},{"node":{"fields":{"slug":"/admin/5-lifecycle","title":"Automated provisioning"}}},{"node":{"fields":{"slug":"/changelog/13-Release-4.2.1.7","title":"Release 4.2.1.7"}}},{"node":{"fields":{"slug":"/changelog/14-Release-4.2.1.8","title":"Release 4.2.1.8"}}},{"node":{"fields":{"slug":"/changelog/12-Release-4.2.1.6","title":"Release 4.2.1.6"}}},{"node":{"fields":{"slug":"/changelog/11-Release-4.2.1.5","title":"Release 4.2.1.5"}}},{"node":{"fields":{"slug":"/admin/9-r-Proxy","title":"Access gateway"}}},{"node":{"fields":{"slug":"/changelog/16-Release-4.2.1.10","title":"Release 4.2.1.10"}}},{"node":{"fields":{"slug":"/changelog/15-Release-4.2.1.9","title":"Release 4.2.1.9"}}},{"node":{"fields":{"slug":"/changelog/17-Release-4.2.1.11","title":"Release 4.2.1.11"}}},{"node":{"fields":{"slug":"/changelog/18-Release-4.2.1.12","title":"Release 4.2.1.12"}}},{"node":{"fields":{"slug":"/changelog/19-Release-4.2.1.13","title":"Release 4.2.1.13"}}},{"node":{"fields":{"slug":"/changelog/20-Release-4.2.1.14","title":"Release 4.2.1.14"}}},{"node":{"fields":{"slug":"/changelog/22-v2026.1.1","title":"Changelog for v2026.1.1"}}},{"node":{"fields":{"slug":"/appendix/1-self-signedcert","title":"Generate Self-signed Cert"}}},{"node":{"fields":{"slug":"/appendix/2-openssl","title":"Install OpenSSL"}}},{"node":{"fields":{"slug":"/changelog/23-v2026.5.2","title":"Changelog for v2026.5.2"}}},{"node":{"fields":{"slug":"/changelog/21-Release-4.2.1.15","title":"Release 4.2.1.15"}}},{"node":{"fields":{"slug":"/appendix/3-installopenldap","title":"Install OpenLDAP on Ubuntu"}}},{"node":{"fields":{"slug":"/connectorconfig/2-configparam","title":"Connector parameters"}}},{"node":{"fields":{"slug":"/connectorconfig/4-troubleshootingconnector","title":"Provisioning operations troubleshooting"}}},{"node":{"fields":{"slug":"/connectorconfig/JDBC","title":"JDBC connector"}}},{"node":{"fields":{"slug":"/connectorconfig/LDAP","title":"LDAP connector"}}},{"node":{"fields":{"slug":"/connectorconfig/SAPUME","title":"SAP UME connector"}}},{"node":{"fields":{"slug":"/connectorconfig/adp","title":"ADP connector"}}},{"node":{"fields":{"slug":"/appendix/4-prepforprod","title":"Prepare for Production"}}},{"node":{"fields":{"slug":"/connectorconfig/aerospike","title":"Aerospike connector"}}},{"node":{"fields":{"slug":"/connectorconfig/freeIPA","title":"FreeIPA connector"}}},{"node":{"fields":{"slug":"/connectorconfig/gsuite","title":"GSuite connector"}}},{"node":{"fields":{"slug":"/connectorconfig/linux","title":"Linux connector"}}},{"node":{"fields":{"slug":"/connectorconfig/aws","title":"AWS connector"}}},{"node":{"fields":{"slug":"/connectorconfig/oracle","title":"Oracle RDBMS connector"}}},{"node":{"fields":{"slug":"/connectorconfig/microsoft","title":"Microsoft Application Connectors"}}},{"node":{"fields":{"slug":"/connectorconfig/oracleebs","title":"Oracle EBS connector"}}},{"node":{"fields":{"slug":"/connectorconfig/postgresql","title":"PostgreSQL connector"}}},{"node":{"fields":{"slug":"/admin/17-services-manual-passwd-change","title":"Manual password update for OpenIAM services in RPM"}}},{"node":{"fields":{"slug":"/connectorconfig/sap","title":"SAP S/4 Hana connector"}}},{"node":{"fields":{"slug":"/connectorconfig/scriptConnector","title":"Groovy Script connector"}}},{"node":{"fields":{"slug":"/connectorconfig/salesforce","title":"Salesforce.com connector"}}},{"node":{"fields":{"slug":"/connectorconfig/tableau","title":"Tableau connector"}}},{"node":{"fields":{"slug":"/connectorconfig/scim","title":"SCIM connector"}}},{"node":{"fields":{"slug":"/connectorconfig/workday","title":"Workday connector"}}},{"node":{"fields":{"slug":"/developerguide/1-custom-css","title":"Customizing branding"}}},{"node":{"fields":{"slug":"/developerguide/10-OpenIAM-opensource-rep","title":"OpenIAM open source repository"}}},{"node":{"fields":{"slug":"/developerguide/11-groovy-scripts","title":"Groovy Script Management"}}},{"node":{"fields":{"slug":"/developerguide/2-api","title":"RESTful API"}}},{"node":{"fields":{"slug":"/developerguide/3-whitelisting","title":"Whitelisting packages"}}},{"node":{"fields":{"slug":"/developerguide/6-ide","title":"Script development using an IDE"}}},{"node":{"fields":{"slug":"/developerguide/5-datamodel","title":"Data model"}}},{"node":{"fields":{"slug":"/developerguide/9-synchronization","title":"Synchronization Scripts"}}},{"node":{"fields":{"slug":"/end-user-guide-for-selfservice/1-login","title":"Logging in to SelfService portal"}}},{"node":{"fields":{"slug":"/end-user-guide-for-selfservice/2-selfservice","title":"Operations via SelfService portal"}}},{"node":{"fields":{"slug":"/end-user-guide-for-selfservice/4-createrequest","title":"Request management"}}},{"node":{"fields":{"slug":"/end-user-guide-for-selfservice/6-singlesignon","title":"Single sign-on"}}},{"node":{"fields":{"slug":"/developerguide/4-scheduledtasks","title":"Batch/Scheduled tasks"}}},{"node":{"fields":{"slug":"/getting-started/1-what_is_openiam","title":"What is OpenIAM?"}}},{"node":{"fields":{"slug":"/getting-started/2-productarchitecture","title":"Platform architecture"}}},{"node":{"fields":{"slug":"/getting-started/3-install_openiam","title":"Installing OpenIAM"}}},{"node":{"fields":{"slug":"/end-user-guide-for-selfservice/7-useraccess","title":"User access rights"}}},{"node":{"fields":{"slug":"/getting-started/21-concepts","title":"Concepts"}}},{"node":{"fields":{"slug":"/getting-started/5-connecting","title":"Connecting to an authoritative source"}}},{"node":{"fields":{"slug":"/getting-started/4-application-onboarding","title":"Application onboarding"}}},{"node":{"fields":{"slug":"/getting-started/31-planning-workforce","title":"Discovery questions"}}},{"node":{"fields":{"slug":"/getting-started/6-automatedprovisioning","title":"Automated user provisioning"}}},{"node":{"fields":{"slug":"/getting-started/8-openiam-with-IdP","title":"Integrating OpenIAM with your IdP"}}},{"node":{"fields":{"slug":"/getting-started/99-multifactor-authentication","title":"Configuring multi-factor authentication"}}},{"node":{"fields":{"slug":"/getting-started/9-openiam-as-IdP","title":"Integrating OpenIAM as your IdP"}}},{"node":{"fields":{"slug":"/installation/6-kubernetes-installation","title":"Deploying to Kubernetes"}}},{"node":{"fields":{"slug":"/getting-started/7-selfservice-pswd","title":"SelfService password reset"}}},{"node":{"fields":{"slug":"/installation/7-OpenShift-installation","title":"Deploying on OpenShift"}}},{"node":{"fields":{"slug":"/installation/1-rpm-installation","title":"Deploying via RPM on Linux"}}},{"node":{"fields":{"slug":"/installation/8-sizing","title":"Sizing recommendations"}}},{"node":{"fields":{"slug":"/installation/9-data_migration","title":"OpenIAM data migration"}}},{"node":{"fields":{"slug":"/installation/2-docker-installation","title":"Deploying via Docker"}}},{"node":{"fields":{"slug":"/installation/9-miscellaneous","title":"Miscellaneous related articles"}}},{"node":{"fields":{"slug":"/ssocatalog/AWS","title":"AWS SSO"}}},{"node":{"fields":{"slug":"/ssocatalog/Freshdesk","title":"Freshdesk SSO"}}},{"node":{"fields":{"slug":"/ssocatalog/Gsuite","title":"GSuite SSO"}}},{"node":{"fields":{"slug":"/ssocatalog/Azure","title":"Azure SSO"}}},{"node":{"fields":{"slug":"/ssocatalog/Salesforce","title":"Salesforce.com"}}},{"node":{"fields":{"slug":"/ssocatalog/okta","title":"Okta SSO"}}},{"node":{"fields":{"slug":"/ssocatalog/Office365","title":"Office365 SSO"}}},{"node":{"fields":{"slug":"/troubleshooting/cluster","title":"Cluster"}}},{"node":{"fields":{"slug":"/troubleshooting/environment","title":"Environment"}}},{"node":{"fields":{"slug":"/troubleshooting/docker","title":"Docker Swarm"}}},{"node":{"fields":{"slug":"/troubleshooting/connectors","title":"Connectors"}}},{"node":{"fields":{"slug":"/troubleshooting/operational","title":"Operational"}}},{"node":{"fields":{"slug":"/troubleshooting/rpm","title":"RPM"}}},{"node":{"fields":{"slug":"/whatsnew/1-v420","title":"New in v4.2.0.0"}}},{"node":{"fields":{"slug":"/troubleshooting/v3_update","title":"Update from V3.X to V4.X"}}},{"node":{"fields":{"slug":"/whatsnew/10-v4218","title":"New in v4.2.1.8"}}},{"node":{"fields":{"slug":"/whatsnew/11-v4219","title":"New in v4.2.1.9"}}},{"node":{"fields":{"slug":"/whatsnew/14-v42112","title":"New in v4.2.1.12"}}},{"node":{"fields":{"slug":"/whatsnew/15-v42113","title":"New in v4.2.1.13"}}},{"node":{"fields":{"slug":"/whatsnew/16-v42115","title":"New in v4.2.1.15"}}},{"node":{"fields":{"slug":"/whatsnew/16-v422","title":"New in v4.2.2"}}},{"node":{"fields":{"slug":"/whatsnew/13-v42111","title":"New in v4.2.1.11"}}},{"node":{"fields":{"slug":"/whatsnew/17-v2026.1.1","title":"New in v2026.1.1"}}},{"node":{"fields":{"slug":"/whatsnew/18-v2026.3.1","title":"New in v2026.3.1"}}},{"node":{"fields":{"slug":"/whatsnew/12-v42110","title":"New in v4.2.1.10"}}},{"node":{"fields":{"slug":"/whatsnew/18-v2026.2.1","title":"New in v2026.2.1"}}},{"node":{"fields":{"slug":"/whatsnew/19-v2026.3.2","title":"New in v2026.3.2"}}},{"node":{"fields":{"slug":"/whatsnew/20-v2026.3.3","title":"New in 2026.3.3"}}},{"node":{"fields":{"slug":"/whatsnew/21-v2026.4.2","title":"New in v2026.4.2"}}},{"node":{"fields":{"slug":"/whatsnew/20-v2026.4.1","title":"New in v2026.4.1"}}},{"node":{"fields":{"slug":"/whatsnew/22-v2026.5.2","title":"New in v2026.5.2"}}},{"node":{"fields":{"slug":"/whatsnew/8-v4216","title":"New in v4.2.1.6"}}},{"node":{"fields":{"slug":"/whatsnew/9-v4217","title":"New in v4.2.1.7"}}},{"node":{"fields":{"slug":"/whatsnew/7-v4215","title":"New in v4.2.1.5"}}},{"node":{"fields":{"slug":"/connectorconfig/rexx","title":"Rexx connector"}}},{"node":{"fields":{"slug":"/admin/1-usradmin/10-bulkoperations","title":"Bulk operations"}}},{"node":{"fields":{"slug":"/admin/1-usradmin/1-createuser","title":"Creating a user"}}},{"node":{"fields":{"slug":"/admin/1-usradmin/11-bulkentitlements","title":"Bulk operations with entitlements"}}},{"node":{"fields":{"slug":"/admin/1-usradmin/13-unlock-account","title":"Unlocking an account"}}},{"node":{"fields":{"slug":"/admin/1-usradmin/14-add-remove-entitlements","title":"Adding/Removing entitlements"}}},{"node":{"fields":{"slug":"/admin/1-usradmin/15-rehireuserflow","title":"Rehire user flow"}}},{"node":{"fields":{"slug":"/admin/1-usradmin/12-externaldelegation","title":"Organization level delegation"}}},{"node":{"fields":{"slug":"/admin/1-usradmin/16-user-conversion","title":"User conversion"}}},{"node":{"fields":{"slug":"/admin/1-usradmin/17-newhireworkflow","title":"New hire workflow configuration"}}},{"node":{"fields":{"slug":"/admin/1-usradmin/18-creating-new-dept-division","title":"Creating a new department or division"}}},{"node":{"fields":{"slug":"/admin/1-usradmin/3-adminoperations","title":"Administrative actions on a User"}}},{"node":{"fields":{"slug":"/admin/1-usradmin/4-pageconfiguration","title":"Configuring page templates"}}},{"node":{"fields":{"slug":"/admin/1-usradmin/2-usertypes","title":"Custom user types"}}},{"node":{"fields":{"slug":"/admin/1-usradmin/5-finduser","title":"User search"}}},{"node":{"fields":{"slug":"/admin/1-usradmin/8-serviceaccounts","title":"Service accounts"}}},{"node":{"fields":{"slug":"/admin/1-usradmin/7-customfields","title":"Custom fields"}}},{"node":{"fields":{"slug":"/admin/1-usradmin/9-orphanmanagement","title":"Orphan management"}}},{"node":{"fields":{"slug":"/admin/10-password/1-pswd-compromised","title":"Password breach detection"}}},{"node":{"fields":{"slug":"/admin/12-administration/3-squence-generator","title":"Sequence generators"}}},{"node":{"fields":{"slug":"/admin/1-usradmin/6-relatedAccount","title":"Related accounts"}}},{"node":{"fields":{"slug":"/admin/12-administration/4-otpconfig","title":"Configure OTP Provider"}}},{"node":{"fields":{"slug":"/admin/12-administration/6-languages","title":"Managing languages"}}},{"node":{"fields":{"slug":"/admin/12-administration/5-links","title":"External links on login page"}}},{"node":{"fields":{"slug":"/admin/12-administration/7-reconciliationhistory","title":"Reconciliation history"}}},{"node":{"fields":{"slug":"/admin/12-administration/8-aboutopenIAM-page","title":"About OpenIAM Page"}}},{"node":{"fields":{"slug":"/admin/12-administration/9-reindex_elasticsearch","title":"Reindex Opensearch"}}},{"node":{"fields":{"slug":"/admin/15-audit/2-audit-log-export-connector","title":"Audit log export connector"}}},{"node":{"fields":{"slug":"/admin/12-administration/99-heartbeat","title":"Heartbeat links"}}},{"node":{"fields":{"slug":"/admin/2-authentication/1-auth-overview","title":"Configuring authentication"}}},{"node":{"fields":{"slug":"/admin/2-authentication/11-credentialprovider","title":"Credential provider"}}},{"node":{"fields":{"slug":"/admin/2-authentication/10-fidologin","title":"FIDO-2 authentication"}}},{"node":{"fields":{"slug":"/admin/2-authentication/13-criiptoauth","title":"Criipto authentication"}}},{"node":{"fields":{"slug":"/admin/2-authentication/12-account-unlock","title":"Setting up account unlock"}}},{"node":{"fields":{"slug":"/admin/15-audit/1-audit-events-interpret","title":"Audit events interpretation"}}},{"node":{"fields":{"slug":"/admin/2-authentication/14-duo-auth","title":"Duo authentication"}}},{"node":{"fields":{"slug":"/admin/2-authentication/15-modernauth","title":"Microsoft Modern authentication"}}},{"node":{"fields":{"slug":"/admin/2-authentication/12-certificateauth","title":"Configuring certificate-based authentication"}}},{"node":{"fields":{"slug":"/admin/2-authentication/16-external-multiselect-auth","title":"External/multiselect authentication"}}},{"node":{"fields":{"slug":"/admin/2-authentication/2-auth-policy","title":"Authentication policy"}}},{"node":{"fields":{"slug":"/admin/2-authentication/2-delegatedauth","title":"Managed System authentication"}}},{"node":{"fields":{"slug":"/admin/2-authentication/21-dashboards","title":"Monitoring dashboards"}}},{"node":{"fields":{"slug":"/admin/2-authentication/3-passwordauth","title":"Password-based authentication"}}},{"node":{"fields":{"slug":"/admin/2-authentication/9-adaptiveauth","title":"Adaptive authentication"}}},{"node":{"fields":{"slug":"/admin/3-authz/1-overview","title":"Introduction to access control"}}},{"node":{"fields":{"slug":"/admin/2-authentication/7-otp","title":"OTP over SMS or E-mail"}}},{"node":{"fields":{"slug":"/admin/3-authz/14-menus","title":"Menus"}}},{"node":{"fields":{"slug":"/admin/3-authz/10-accessright","title":"Access rights"}}},{"node":{"fields":{"slug":"/admin/2-authentication/8-social","title":"Social authentication"}}},{"node":{"fields":{"slug":"/admin/3-authz/11-contentprovider","title":"Content provider"}}},{"node":{"fields":{"slug":"/admin/3-authz/3-groups","title":"Managing groups"}}},{"node":{"fields":{"slug":"/admin/3-authz/4-types","title":"Metadata types"}}},{"node":{"fields":{"slug":"/admin/3-authz/3-conflict-groups","title":"Conflict Groups"}}},{"node":{"fields":{"slug":"/admin/3-authz/5-resources","title":"Managing resources"}}},{"node":{"fields":{"slug":"/admin/3-authz/8-accesstossoapps","title":"Access to SSO applications"}}},{"node":{"fields":{"slug":"/admin/3-authz/6-organization","title":"Managing organizations"}}},{"node":{"fields":{"slug":"/admin/3-authz/9-approvalflow","title":"Configuring approval workflows"}}},{"node":{"fields":{"slug":"/admin/3-authz/2-roles","title":"Managing roles"}}},{"node":{"fields":{"slug":"/admin/4-app-onboarding/1-Automated-applications","title":"Connected applications"}}},{"node":{"fields":{"slug":"/admin/4-app-onboarding/2-Manual-applications","title":"Manual applications"}}},{"node":{"fields":{"slug":"/admin/5-lifecycle/10-managedsystemsimulation","title":"Managed system simulation mode"}}},{"node":{"fields":{"slug":"/admin/5-lifecycle/11-provisioning-config","title":"Configure Provisioning"}}},{"node":{"fields":{"slug":"/admin/5-lifecycle/12-LDAP-managedsys-config","title":"LDAP Managed system configuration"}}},{"node":{"fields":{"slug":"/admin/5-lifecycle/2-incrementalsynch","title":"Incremental synchronization"}}},{"node":{"fields":{"slug":"/admin/5-lifecycle/3-recon","title":"Configure reconciliation"}}},{"node":{"fields":{"slug":"/admin/5-lifecycle/6-managedsystem-config","title":"Managed system configuration"}}},{"node":{"fields":{"slug":"/admin/5-lifecycle/4-birthright","title":"Birthright access"}}},{"node":{"fields":{"slug":"/admin/5-lifecycle/5-recon-groovy","title":"Groovy Scripts for Reconciliation"}}},{"node":{"fields":{"slug":"/admin/5-lifecycle/8-importentitlements","title":"Import entitlements"}}},{"node":{"fields":{"slug":"/admin/5-lifecycle/9-importorganization","title":"Import Organizations"}}},{"node":{"fields":{"slug":"/admin/5-lifecycle/1-synch","title":"Configuring synchronization"}}},{"node":{"fields":{"slug":"/admin/6-requestapprov/1-application-category","title":"Application categories"}}},{"node":{"fields":{"slug":"/admin/6-requestapprov/2-approval-flow","title":"Approval flow"}}},{"node":{"fields":{"slug":"/admin/6-requestapprov/5-approve-by-email","title":"Approving requests via Email"}}},{"node":{"fields":{"slug":"/admin/6-requestapprov/3-manualTasks","title":"Manual tasks"}}},{"node":{"fields":{"slug":"/admin/6-requestapprov/4-post-request","title":"After request has been approved"}}},{"node":{"fields":{"slug":"/admin/6-requestapprov/7-questionnaire","title":"Questionnaire"}}},{"node":{"fields":{"slug":"/admin/7-access-cert/1-entitlmentcert","title":"Entitlement based certification"}}},{"node":{"fields":{"slug":"/admin/7-access-cert/11-campaign-dashboard","title":"Campaign dashboard"}}},{"node":{"fields":{"slug":"/admin/7-access-cert/2-risk-event-driven-cert","title":"Risk event driven certification"}}},{"node":{"fields":{"slug":"/admin/7-access-cert/3-certification-reporting","title":"Certification reporting"}}},{"node":{"fields":{"slug":"/admin/7-access-cert/2-risk-factor-config","title":"Risk factors configuration"}}},{"node":{"fields":{"slug":"/admin/7-access-cert/5-delete-campaign","title":"Deleting an access certification campaign"}}},{"node":{"fields":{"slug":"/admin/7-access-cert/10-mitigation-controls","title":"Mitigation controls for SoD"}}},{"node":{"fields":{"slug":"/admin/7-access-cert/4-membership-tags","title":"Membership tags"}}},{"node":{"fields":{"slug":"/admin/7-access-cert/6-campaign-database","title":"Access certification campaigns as database objects"}}},{"node":{"fields":{"slug":"/admin/7-access-cert/7-expiration-policy","title":"Expiration policy"}}},{"node":{"fields":{"slug":"/admin/7-access-cert/2-usercert","title":"User based review"}}},{"node":{"fields":{"slug":"/admin/7-access-cert/9-segregation-of-duties","title":"Segregation of Duties (SoD) policies"}}},{"node":{"fields":{"slug":"/admin/7-access-cert/thesaurus","title":"Access Certification Thesaurus"}}},{"node":{"fields":{"slug":"/admin/7-access-cert/8-multiple-reviwer-campaigns","title":"Multi-reviewer user access review campaigns"}}},{"node":{"fields":{"slug":"/admin/8-sso/2-oauth2","title":"oAuth 2.0"}}},{"node":{"fields":{"slug":"/admin/8-sso/1-saml","title":"Add SAML SP to OpenIAM"}}},{"node":{"fields":{"slug":"/admin/8-sso/3-oidc","title":"OpenID Connect"}}},{"node":{"fields":{"slug":"/admin/8-sso/5-auth_scopes","title":"OpenIAM oAuth scopes"}}},{"node":{"fields":{"slug":"/admin/9-r-Proxy/2-headerinj","title":"Header Injection"}}},{"node":{"fields":{"slug":"/admin/9-r-Proxy/3-urlrewriting","title":"URL Rewriting"}}},{"node":{"fields":{"slug":"/admin/9-r-Proxy/6-example","title":"Examples"}}},{"node":{"fields":{"slug":"/admin/9-r-Proxy/7-rProxy-loadbalancer","title":"Reverse Proxy with Load Balancer"}}},{"node":{"fields":{"slug":"/admin/9-r-Proxy/8-kerberos","title":"Setting up Kerberos via rProxy"}}},{"node":{"fields":{"slug":"/admin/9-r-Proxy/1-formfill","title":"Form Fill"}}},{"node":{"fields":{"slug":"/admin/9-r-Proxy/9-directive-reference","title":"mod_openiam Directive Reference"}}},{"node":{"fields":{"slug":"/connectorconfig/microsoft/1-powershellconnectorinstallation","title":"Installing PowerShell connectors"}}},{"node":{"fields":{"slug":"/connectorconfig/microsoft/10-winlocal","title":"WinLocal OpenIAM connector"}}},{"node":{"fields":{"slug":"/connectorconfig/microsoft/12-WindowsPasswordFilter","title":"AD Password Filter"}}},{"node":{"fields":{"slug":"/connectorconfig/microsoft/13-successfactors","title":"SuccessFactors connector"}}},{"node":{"fields":{"slug":"/connectorconfig/microsoft/12-dynamics365FO","title":"Dynamics365 Finance&Operations connector"}}},{"node":{"fields":{"slug":"/connectorconfig/microsoft/15-powershell-generic","title":"Building a custom PowerShell connector for OpenIAM"}}},{"node":{"fields":{"slug":"/admin/12-administration/2-mail-management","title":"Mail management"}}},{"node":{"fields":{"slug":"/admin/12-administration/1-sysconfig","title":"System configuration"}}},{"node":{"fields":{"slug":"/connectorconfig/microsoft/14-psgraph","title":"Microsoft Graph PowerShell connector"}}},{"node":{"fields":{"slug":"/connectorconfig/microsoft/16-teams","title":"Microsoft Teams connector"}}},{"node":{"fields":{"slug":"/connectorconfig/microsoft/2-powershellconnectorsusage","title":"Using PowerShell connectors"}}},{"node":{"fields":{"slug":"/connectorconfig/microsoft/3-powershellconnectorupdate","title":"Updating PowerShell connectors"}}},{"node":{"fields":{"slug":"/connectorconfig/microsoft/5-azuread","title":"Entra ID/O365 connector"}}},{"node":{"fields":{"slug":"/connectorconfig/microsoft/6-exchange","title":"Exchange connector"}}},{"node":{"fields":{"slug":"/connectorconfig/microsoft/7-azuredevops","title":"Azure DevOps connector"}}},{"node":{"fields":{"slug":"/connectorconfig/scriptConnector/connector-request-template","title":"OpenIAM connector request template"}}},{"node":{"fields":{"slug":"/connectorconfig/microsoft/9-sqlserver","title":"Microsoft SQL Server connector"}}},{"node":{"fields":{"slug":"/connectorconfig/microsoft/8-dynamics365","title":"Dynamics365 connector"}}},{"node":{"fields":{"slug":"/developerguide/1-custom-css/2-cssexamples","title":"CSS file examples"}}},{"node":{"fields":{"slug":"/developerguide/1-custom-css/1-customcss","title":"Creating custom CSS"}}},{"node":{"fields":{"slug":"/connectorconfig/scriptConnector/GroovyScriptConnector","title":"Configuring Groovy Script connector"}}},{"node":{"fields":{"slug":"/developerguide/2-api/1-postman","title":"Getting started with Postman"}}},{"node":{"fields":{"slug":"/developerguide/2-api/3-java","title":"Getting started with Java"}}},{"node":{"fields":{"slug":"/developerguide/4-sheduledtasks/1-provision-on-date","title":"Provision/Deprovision on date"}}},{"node":{"fields":{"slug":"/developerguide/4-sheduledtasks/2-access-certification-reminder","title":"Notification reminders for approvers"}}},{"node":{"fields":{"slug":"/developerguide/2-api/2-python","title":"Getting started with Python"}}},{"node":{"fields":{"slug":"/developerguide/5-datamodel/2-rbacmodel","title":"Access control model"}}},{"node":{"fields":{"slug":"/developerguide/5-datamodel/1-usermodel","title":"User data model"}}},{"node":{"fields":{"slug":"/developerguide/8-api/approver-association","title":"/webconsole - approver-association"}}},{"node":{"fields":{"slug":"/developerguide/8-api/access-right","title":"/webconsole - access-right"}}},{"node":{"fields":{"slug":"/developerguide/8-api/audit-log","title":"/webconsole - audit-log"}}},{"node":{"fields":{"slug":"/developerguide/8-api/authentication-grouping","title":"/webconsole - authentication-grouping"}}},{"node":{"fields":{"slug":"/developerguide/8-api/access-certification","title":"/webconsole - access-certification"}}},{"node":{"fields":{"slug":"/developerguide/8-api/batch","title":"/webconsole - batch"}}},{"node":{"fields":{"slug":"/developerguide/8-api/auth-provider","title":"/webconsole - auth-provider"}}},{"node":{"fields":{"slug":"/developerguide/8-api/challenge-response","title":"/webconsole - challenge-response"}}},{"node":{"fields":{"slug":"/developerguide/8-api/connector","title":"/webconsole - connector"}}},{"node":{"fields":{"slug":"/developerguide/8-api/groovy-manager","title":"/webconsole - groovy-manager"}}},{"node":{"fields":{"slug":"/developerguide/8-api/content-provider","title":"/webconsole - content-provider"}}},{"node":{"fields":{"slug":"/developerguide/8-api/email","title":"/webconsole - email"}}},{"node":{"fields":{"slug":"/developerguide/8-api/field","title":"/webconsole - field"}}},{"node":{"fields":{"slug":"/developerguide/8-api/group","title":"/webconsole - group"}}},{"node":{"fields":{"slug":"/developerguide/8-api/it-policy","title":"/webconsole - it-policy"}}},{"node":{"fields":{"slug":"/developerguide/8-api/idp-oauth","title":"/idp - idp-oauth"}}},{"node":{"fields":{"slug":"/developerguide/8-api/elastic-search","title":"/webconsole - elastic-search"}}},{"node":{"fields":{"slug":"/developerguide/8-api/idp-rest","title":"/idp - idp-rest"}}},{"node":{"fields":{"slug":"/developerguide/8-api/managed-system","title":"/webconsole - managed-system"}}},{"node":{"fields":{"slug":"/developerguide/8-api/menu","title":"/webconsole - menu"}}},{"node":{"fields":{"slug":"/developerguide/8-api/metadata","title":"/webconsole - metadata"}}},{"node":{"fields":{"slug":"/developerguide/8-api/oauth","title":"/webconsole - oauth"}}},{"node":{"fields":{"slug":"/developerguide/8-api/organization-type","title":"/webconsole - organization-type"}}},{"node":{"fields":{"slug":"/developerguide/8-api/organization","title":"/webconsole - organization"}}},{"node":{"fields":{"slug":"/developerguide/8-api/page-template","title":"/webconsole - page-template"}}},{"node":{"fields":{"slug":"/developerguide/8-api/property-value","title":"/webconsole - property-value"}}},{"node":{"fields":{"slug":"/developerguide/8-api/policy","title":"/webconsole - policy"}}},{"node":{"fields":{"slug":"/developerguide/8-api/resource-type","title":"/webconsole - resource-type"}}},{"node":{"fields":{"slug":"/developerguide/8-api/report","title":"/webconsole - report"}}},{"node":{"fields":{"slug":"/developerguide/8-api/resource","title":"/webconsole - resource"}}},{"node":{"fields":{"slug":"/developerguide/8-api/sync-config","title":"/webconsole - sync-config"}}},{"node":{"fields":{"slug":"/developerguide/8-api/role","title":"/webconsole - role"}}},{"node":{"fields":{"slug":"/developerguide/8-api/system","title":"/webconsole - system"}}},{"node":{"fields":{"slug":"/developerguide/8-api/sync-rest","title":"/webconsole - sync-rest"}}},{"node":{"fields":{"slug":"/developerguide/8-api/ui-theme","title":"/webconsole - ui-theme"}}},{"node":{"fields":{"slug":"/developerguide/8-api/uri-pattern","title":"/webconsole - uri-pattern"}}},{"node":{"fields":{"slug":"/developerguide/9-synchronization/1-autoprov","title":"Automated provisioning Scripts"}}},{"node":{"fields":{"slug":"/developerguide/9-synchronization/2-import","title":"Import from application"}}},{"node":{"fields":{"slug":"/developerguide/8-api/user","title":"/webconsole - user"}}},{"node":{"fields":{"slug":"/developerguide/9-synchronization/3-importing_groups","title":"Importing groups from application"}}},{"node":{"fields":{"slug":"/developerguide/9-synchronization/4-relations-with-manager","title":"Populating a manager"}}},{"node":{"fields":{"slug":"/end-user-guide-for-selfservice/2-selfservice/1-forgotpassword","title":"Forgot password"}}},{"node":{"fields":{"slug":"/end-user-guide-for-selfservice/2-selfservice/3-changepassword","title":"Updating your password"}}},{"node":{"fields":{"slug":"/end-user-guide-for-selfservice/2-selfservice/2-updateprofile","title":"Updating user profile"}}},{"node":{"fields":{"slug":"/end-user-guide-for-selfservice/2-selfservice/4-outofoffice","title":"Out of office assistant"}}},{"node":{"fields":{"slug":"/end-user-guide-for-selfservice/2-selfservice/5-forgotusername","title":"Forgot username"}}},{"node":{"fields":{"slug":"/end-user-guide-for-selfservice/2-selfservice/6-updatesecquestions","title":"Updating security questions"}}},{"node":{"fields":{"slug":"/end-user-guide-for-selfservice/4-createrequest/10-positionchange","title":"Position change request"}}},{"node":{"fields":{"slug":"/end-user-guide-for-selfservice/4-createrequest/1-servicecatalog","title":"Requesting access via catalog"}}},{"node":{"fields":{"slug":"/end-user-guide-for-selfservice/4-createrequest/11-accessprofiles","title":"Access profiles"}}},{"node":{"fields":{"slug":"/end-user-guide-for-selfservice/4-createrequest/2-jobprofile","title":"Requesting access from profile"}}},{"node":{"fields":{"slug":"/end-user-guide-for-selfservice/4-createrequest/5-approverequest","title":"Approving requests"}}},{"node":{"fields":{"slug":"/end-user-guide-for-selfservice/4-createrequest/6-requestadministration","title":"Request administration"}}},{"node":{"fields":{"slug":"/end-user-guide-for-selfservice/4-createrequest/12-bulkupload","title":"Uploading users in bulk"}}},{"node":{"fields":{"slug":"/end-user-guide-for-selfservice/4-createrequest/7-requesthistory","title":"Requests history"}}},{"node":{"fields":{"slug":"/end-user-guide-for-selfservice/4-createrequest/8-newgroup","title":"Creating a group request"}}},{"node":{"fields":{"slug":"/end-user-guide-for-selfservice/4-createrequest/9-newuser","title":"Creating a new user"}}},{"node":{"fields":{"slug":"/end-user-guide-for-selfservice/7-useraccess/1-viewmyaccess","title":"View my access"}}},{"node":{"fields":{"slug":"/end-user-guide-for-selfservice/7-useraccess/3-UAR-in-Self-Service","title":"User access review module in SelfService"}}},{"node":{"fields":{"slug":"/getting-started/31-planning-workforce/1-designrole","title":"Designing business roles"}}},{"node":{"fields":{"slug":"/end-user-guide-for-selfservice/7-useraccess/2-directreports","title":"View direct reports"}}},{"node":{"fields":{"slug":"/getting-started/31-planning-workforce/2-openiam-access-role","title":"Designing access roles"}}},{"node":{"fields":{"slug":"/getting-started/31-planning-workforce/3-connector-planning","title":"Connector requirements"}}},{"node":{"fields":{"slug":"/getting-started/6-automatedprovisioning/2-tutorial","title":"Automated provisioning tutorial"}}},{"node":{"fields":{"slug":"/getting-started/6-automatedprovisioning/1-jml","title":"Joiners, movers, leavers processes"}}},{"node":{"fields":{"slug":"/getting-started/4-application-onboarding/1-connect","title":"Deploying and registering connectors"}}},{"node":{"fields":{"slug":"/getting-started/4-application-onboarding/2-importentitlements","title":"Importing entitlements"}}},{"node":{"fields":{"slug":"/getting-started/4-application-onboarding/3-importusers-and-entitlements","title":"Importing users and their entitlement memberships"}}},{"node":{"fields":{"slug":"/installation/1-rpm-installation/1-singlenode","title":"Single VM Install"}}},{"node":{"fields":{"slug":"/installation/1-rpm-installation/12-migrating-onpremises-to-cloud","title":"Migrating OpenIAM from on-premises installation to a cloud-based infrastructure"}}},{"node":{"fields":{"slug":"/installation/1-rpm-installation/11-configuration-options","title":"Configuration options in RPM"}}},{"node":{"fields":{"slug":"/installation/1-rpm-installation/10-ha-rpm","title":"High availability (HA) deployment using RPM"}}},{"node":{"fields":{"slug":"/installation/1-rpm-installation/2-rproxy","title":"r-Proxy installation in RPM"}}},{"node":{"fields":{"slug":"/installation/1-rpm-installation/4-backup","title":"RPM backup / recovery"}}},{"node":{"fields":{"slug":"/installation/1-rpm-installation/5-ports","title":"Deployment architecture in RPM"}}},{"node":{"fields":{"slug":"/installation/1-rpm-installation/6-migrating-non-production-to-production-environment","title":"Migrating non-production to production environment in RPM"}}},{"node":{"fields":{"slug":"/installation/1-rpm-installation/7-remoteDB","title":"Installing OpenIAM with a remote database in RPM environment"}}},{"node":{"fields":{"slug":"/installation/1-rpm-installation/8-ssl","title":"Configuring HTTPS in RPM"}}},{"node":{"fields":{"slug":"/installation/1-rpm-installation/9-rabbitssl","title":"Enable TLS for RabbitMQ in RPM"}}},{"node":{"fields":{"slug":"/installation/2-docker-installation/2-Configuration-options","title":"Configuration options in Docker"}}},{"node":{"fields":{"slug":"/installation/1-rpm-installation/6-upgrading","title":"Upgrading OpenIAM in RPM"}}},{"node":{"fields":{"slug":"/installation/2-docker-installation/1-https","title":"Configuring HTTPS on Docker"}}},{"node":{"fields":{"slug":"/installation/2-docker-installation/3-upgrading","title":"Upgrading OpenIAM in Docker environment"}}},{"node":{"fields":{"slug":"/installation/2-docker-installation/6-externalDB","title":"Installing OpenIAM with a remote database in Docker"}}},{"node":{"fields":{"slug":"/installation/2-docker-installation/5-docker-swarm-backup","title":"Backup / restore in Docker Swarm"}}},{"node":{"fields":{"slug":"/installation/6-kubernetes-installation/1-ssl","title":"Configuring HTTPS in Kubernetes"}}},{"node":{"fields":{"slug":"/installation/6-kubernetes-installation/11-common-scenario","title":"Installing OpenIAM in Kubernetes environment"}}},{"node":{"fields":{"slug":"/installation/6-kubernetes-installation/12-vault-migration-fromRPM-toK8","title":"Migration of Vault from RPM-based cluster to Kubernetes-based OpenIAM cluster"}}},{"node":{"fields":{"slug":"/installation/6-kubernetes-installation/10-backup-and-restoration","title":"Backup and restoration procedure in Kubernetes environment"}}},{"node":{"fields":{"slug":"/installation/6-kubernetes-installation/3-depl-without-terraform","title":"Deploying OpenIAM on Kubernetes using Helm"}}},{"node":{"fields":{"slug":"/installation/6-kubernetes-installation/4-RabbitMQ-TLS","title":"RabbitMQ TLS directory in Kubernetes"}}},{"node":{"fields":{"slug":"/installation/2-docker-installation/4-YAML-files","title":"Docker YAML files"}}},{"node":{"fields":{"slug":"/installation/6-kubernetes-installation/6-k8platforms","title":"Kubernetes Platforms"}}},{"node":{"fields":{"slug":"/installation/6-kubernetes-installation/2-deployment-with-terraform","title":"Deploying OpenIAM with Terraform"}}},{"node":{"fields":{"slug":"/installation/6-kubernetes-installation/5-upgrading","title":"Upgrading OpenIAM in Kubernetes environment"}}},{"node":{"fields":{"slug":"/installation/6-kubernetes-installation/7-useal-keys-restoration","title":"Backing up and restoring the vault unseal keys in Kubernetes"}}},{"node":{"fields":{"slug":"/installation/7-OpenShift-installation/1-create-cluster","title":"Creating an OpenShift cluster on Azure"}}},{"node":{"fields":{"slug":"/installation/6-kubernetes-installation/9-remoteDB","title":"Installing OpenIAM with a remote database in Kubernetes environment"}}},{"node":{"fields":{"slug":"/installation/7-OpenShift-installation/2-connect-to-cluster","title":"Connect to OpenShift cluster on Azure"}}},{"node":{"fields":{"slug":"/installation/7-OpenShift-installation/3-deploy-OpenIAM-helm","title":"Deploy OpenIAM to OpenShift cluster with Helm"}}},{"node":{"fields":{"slug":"/installation/7-OpenShift-installation/4-some-descriptions-helm","title":"Memory requirements for OpenShift deployment with Helm"}}},{"node":{"fields":{"slug":"/installation/7-OpenShift-installation/5-localhost-dev-cluster","title":"Localhost development cluster"}}},{"node":{"fields":{"slug":"/installation/7-OpenShift-installation/6-deploy-from-windows","title":"Deploy OpenIAM to OpenShift cluster with Helm (from Windows)"}}},{"node":{"fields":{"slug":"/installation/8-sizing/1-small-k8","title":"Small Enterprise - K8"}}},{"node":{"fields":{"slug":"/installation/8-sizing/2-medium-k8","title":"Medium Enterprise - K8"}}},{"node":{"fields":{"slug":"/installation/9-miscellaneous/02-hardening","title":"Securing your installation"}}},{"node":{"fields":{"slug":"/installation/6-kubernetes-installation/8-AKS_with_ext_MSSQL","title":"Deploying OpenIAM on AKS (Kubernetes) with an external MSSQL database"}}},{"node":{"fields":{"slug":"/installation/9-miscellaneous/01-log4j","title":"Log4j Vulnerability"}}},{"node":{"fields":{"slug":"/installation/9-miscellaneous/03-db-switch","title":"Change OpenIAM product database"}}},{"node":{"fields":{"slug":"/installation/9-miscellaneous/04-compatibility","title":"Compatibility matrix"}}},{"node":{"fields":{"slug":"/installation/9-miscellaneous/05-postgres-install","title":"Installing PostgreSQL 15"}}},{"node":{"fields":{"slug":"/installation/9-data_migration/1-migrating_ES_Docker","title":"Verifying and migrating Elasticsearch data in Docker-based OpenIAM cluster"}}},{"node":{"fields":{"slug":"/installation/99-miscellaneous/04-compatibility","title":"Compatibility Matrix"}}},{"node":{"fields":{"slug":"/troubleshooting/docker/1-connectorlogs","title":"View container logs"}}},{"node":{"fields":{"slug":"/troubleshooting/docker/3-uninstall","title":"Remove an OpenIAM Docker Install"}}},{"node":{"fields":{"slug":"/troubleshooting/docker/2-containersrestart","title":"Containers Restarting"}}},{"node":{"fields":{"slug":"/troubleshooting/docker/4-troubleshooting-steps","title":"Troubleshooting steps in a container-based cluster"}}},{"node":{"fields":{"slug":"/troubleshooting/environment/disableswap","title":"Disable swap"}}},{"node":{"fields":{"slug":"/troubleshooting/environment/memoryutili","title":"Check memory utilization"}}},{"node":{"fields":{"slug":"/troubleshooting/environment/redismemory","title":"Redis memory utilization"}}},{"node":{"fields":{"slug":"/troubleshooting/docker/5-log-checking-guide","title":"Docker log checking guide"}}},{"node":{"fields":{"slug":"/troubleshooting/operational/access-after-migration","title":"Access problem after migrating OpenIAM"}}},{"node":{"fields":{"slug":"/troubleshooting/operational/activationlink","title":"Error when sending activation link"}}},{"node":{"fields":{"slug":"/troubleshooting/operational/audit-doc-timestamp","title":"Audit document timestamp issue"}}},{"node":{"fields":{"slug":"/troubleshooting/operational/access-forbidden","title":"Access Forbidden error"}}},{"node":{"fields":{"slug":"/troubleshooting/operational/auth-manager","title":"Backend exception error when running authentication manager"}}},{"node":{"fields":{"slug":"/troubleshooting/operational/JDBC-connection-pool","title":"Increasing the JDBC connection pool size"}}},{"node":{"fields":{"slug":"/troubleshooting/operational/database-reset","title":"Database reset"}}},{"node":{"fields":{"slug":"/troubleshooting/operational/elasticsearch-readonly-state","title":"Elasticsearch read-only state"}}},{"node":{"fields":{"slug":"/troubleshooting/operational/flyway_version","title":"Flyway version issue"}}},{"node":{"fields":{"slug":"/troubleshooting/operational/increasing-RAM","title":"Increasing memory for OpenIAM services"}}},{"node":{"fields":{"slug":"/troubleshooting/operational/modifly_system_labels_and_messages","title":"Changing system labels and messages"}}},{"node":{"fields":{"slug":"/troubleshooting/operational/lackof_disk_space","title":"Running out of disk space"}}},{"node":{"fields":{"slug":"/troubleshooting/operational/debug-logs-CassandraJanusGraph","title":"Enabling and disabling debug logs for Cassandra and JanusGraph"}}},{"node":{"fields":{"slug":"/troubleshooting/operational/overriding-app-properties","title":"Overriding UI application properties"}}},{"node":{"fields":{"slug":"/troubleshooting/operational/my-application-page-selfservice","title":"Changing refresh time for My Applications page in SelfService"}}},{"node":{"fields":{"slug":"/troubleshooting/operational/pad-block-corrupted","title":"PAD Block Corrupted"}}},{"node":{"fields":{"slug":"/troubleshooting/operational/remove-navigation-bar","title":"Removing menu items from top navigation bar"}}},{"node":{"fields":{"slug":"/troubleshooting/operational/report-generation-issue","title":"Error during report generating in RPM installations"}}},{"node":{"fields":{"slug":"/troubleshooting/rpm/failed-dependencies","title":"Failed dependencies"}}},{"node":{"fields":{"slug":"/troubleshooting/operational/run_flyway_repair_mode","title":"Run Flyway in repair mode"}}},{"node":{"fields":{"slug":"/troubleshooting/operational/resetting_passwords","title":"Resetting passwords"}}},{"node":{"fields":{"slug":"/troubleshooting/rpm/trobleshooting_guide","title":"Troubleshooting guide for RPM"}}},{"node":{"fields":{"slug":"/troubleshooting/connectors/sync-vs-async-source","title":"Synchronous vs. asynchronous synchronization source for connectors"}}},{"node":{"fields":{"slug":"/troubleshooting/operational/username_in_selfservice","title":"Username not shown in SelfService"}}},{"node":{"fields":{"slug":"/troubleshooting/cluster/1-rabbitmq-reinit","title":"RabbitMQ cluster went out of order"}}},{"node":{"fields":{"slug":"/troubleshooting/operational/unlocksysadmin","title":"Unlock sysadmin"}}},{"node":{"fields":{"slug":"/troubleshooting/cluster/2-rabbitmq-UI","title":"RabbitMQ is not reached from UI in RPM installations"}}},{"node":{"fields":{"slug":"/admin/1-usradmin/4-pageconfiguration/1-userpage","title":"Configuring user page templates"}}},{"node":{"fields":{"slug":"/troubleshooting/cluster/3-Rabbitmq-connection-timeout","title":"RabbitMQ connection timeout issue"}}},{"node":{"fields":{"slug":"/admin/1-usradmin/4-pageconfiguration/4-customtemplates","title":"Custom form templates"}}},{"node":{"fields":{"slug":"/admin/1-usradmin/4-pageconfiguration/2-customuserpage","title":"Creating more custom user edit pages"}}},{"node":{"fields":{"slug":"/admin/12-administration/1-sysconfig/1-system","title":"System tab"}}},{"node":{"fields":{"slug":"/admin/12-administration/1-sysconfig/3-UI","title":"UI tab"}}},{"node":{"fields":{"slug":"/admin/12-administration/1-sysconfig/2-regex-validation","title":"Validation regular expressions"}}},{"node":{"fields":{"slug":"/admin/12-administration/1-sysconfig/4-workflow","title":"Workflow tab"}}},{"node":{"fields":{"slug":"/admin/12-administration/1-sysconfig/5-organization-tab","title":"Organization tab"}}},{"node":{"fields":{"slug":"/admin/12-administration/1-sysconfig/6-password","title":"Password tab"}}},{"node":{"fields":{"slug":"/admin/12-administration/1-sysconfig/7-authentication","title":"Authentication tab"}}},{"node":{"fields":{"slug":"/admin/12-administration/1-sysconfig/8-auditeventstosyslog","title":"Exporting audit events to syslogs"}}},{"node":{"fields":{"slug":"/admin/12-administration/2-mail-management/1-emailtemplates","title":"Email templates"}}},{"node":{"fields":{"slug":"/admin/12-administration/2-mail-management/3-multilanguagemail","title":"Multilanguage emails"}}},{"node":{"fields":{"slug":"/admin/12-administration/2-mail-management/2-smtpconfig","title":"Mailbox Configuration"}}},{"node":{"fields":{"slug":"/admin/12-administration/1-sysconfig/9-health-checks","title":"Configuring health checks for managed systems"}}},{"node":{"fields":{"slug":"/admin/12-administration/2-mail-management/4-mail-via-azure","title":"Mailbox configuration via Azure application"}}},{"node":{"fields":{"slug":"/admin/12-administration/2-mail-management/5-alert-notifications","title":"Configuring alert notifications"}}},{"node":{"fields":{"slug":"/admin/12-administration/2-mail-management/6-email-template-variables","title":"Email template variables reference"}}},{"node":{"fields":{"slug":"/admin/2-authentication/8-social/1-googlesociallogin","title":"Google Social Login"}}},{"node":{"fields":{"slug":"/admin/2-authentication/8-social/2-facebooksociallogin","title":"Facebook Social Login"}}},{"node":{"fields":{"slug":"/admin/2-authentication/8-social/3-linkedinsociallogin","title":"LinkedIn Social Login"}}},{"node":{"fields":{"slug":"/admin/2-authentication/8-social/4-appleidsociallogin","title":"AppleID Social Login"}}},{"node":{"fields":{"slug":"/admin/3-authz/14-menus/2-adminaccess","title":"Admin access role"}}},{"node":{"fields":{"slug":"/admin/3-authz/14-menus/3-FAQ","title":"FAQs about menus and their use"}}},{"node":{"fields":{"slug":"/admin/3-authz/14-menus/1-enduseraccess","title":"End-user access roles"}}},{"node":{"fields":{"slug":"/admin/3-authz/14-menus/4-Config-Lhand-menu-SS-MyInfo","title":"Configurable left-hand menu in SelfService 'My Info' page"}}},{"node":{"fields":{"slug":"/admin/3-authz/2-roles/1-role-types","title":"Types of roles existing in OpenIAM"}}},{"node":{"fields":{"slug":"/admin/3-authz/2-roles/2-createrole","title":"Create role"}}},{"node":{"fields":{"slug":"/admin/3-authz/2-roles/3-findrole","title":"Finding an existing role"}}},{"node":{"fields":{"slug":"/admin/3-authz/3-groups/1-create-group","title":"Creating a group"}}},{"node":{"fields":{"slug":"/admin/4-app-onboarding/2-Manual-applications/1-reg-applications","title":"Register applications"}}},{"node":{"fields":{"slug":"/admin/3-authz/2-roles/5-importingroles","title":"Importing roles"}}},{"node":{"fields":{"slug":"/admin/5-lifecycle/11-provisioning-config/1-prepost-processor","title":"Pre/PostProcessor"}}},{"node":{"fields":{"slug":"/admin/8-sso/1-saml/1-jit-provisioning","title":"Just-in-time Provisioning"}}},{"node":{"fields":{"slug":"/admin/8-sso/2-oauth2/1-Auth-code-grand","title":"Authorization code grant type"}}},{"node":{"fields":{"slug":"/connectorconfig/microsoft/10-winlocal/2-winlocalv5","title":"Version 5"}}},{"node":{"fields":{"slug":"/connectorconfig/microsoft/10-winlocal/1-winlocalv4","title":"Version 4"}}},{"node":{"fields":{"slug":"/developerguide/2-api/1-postman/1-createauthprovider","title":"Create OpenIAM Provider for Postman"}}},{"node":{"fields":{"slug":"/developerguide/2-api/1-postman/2-postmanconfig","title":"Create Postman collection"}}},{"node":{"fields":{"slug":"/developerguide/2-api/1-postman/4-JWT-tokens","title":"Getting started with JWT tokens in Postman"}}},{"node":{"fields":{"slug":"/developerguide/2-api/1-postman/3-add-request","title":"Define an API request in Postman"}}},{"node":{"fields":{"slug":"/developerguide/2-api/1-postman/5-postman-links","title":"Postman API documentation links"}}},{"node":{"fields":{"slug":"/developerguide/2-api/1-postman/6-example","title":"Client credentials flow with a defined scope in Postman"}}},{"node":{"fields":{"slug":"/developerguide/2-api/2-python/2-grantinguathz","title":"Granting authorization to the API with Python"}}},{"node":{"fields":{"slug":"/developerguide/2-api/2-python/3-api-call-examples","title":"API calls examples in Python"}}},{"node":{"fields":{"slug":"/developerguide/2-api/2-python/5-object-oriented-impl-example","title":"Object oriented implementation for REST API in Python"}}},{"node":{"fields":{"slug":"/developerguide/2-api/2-python/4-enabling-disabling-user","title":"Enabling/Disabling a user with API calls examples in Python"}}},{"node":{"fields":{"slug":"/developerguide/2-api/2-python/6-OTP-verification","title":"OTP Verification in Python"}}},{"node":{"fields":{"slug":"/developerguide/2-api/2-python/1-createauthprovider","title":"Create OpenIAM oAuth provider in Python"}}},{"node":{"fields":{"slug":"/developerguide/2-api/3-java/1-createauthprovider","title":"Create OpenIAM Provider"}}},{"node":{"fields":{"slug":"/developerguide/2-api/3-java/2-grantauthz","title":"Granting authorization to the API with Java"}}},{"node":{"fields":{"slug":"/developerguide/9-synchronization/1-autoprov/1-newhires","title":"New hires"}}},{"node":{"fields":{"slug":"/developerguide/9-synchronization/2-import/3-azuread","title":"Entra ID"}}},{"node":{"fields":{"slug":"/developerguide/9-synchronization/2-import/6-importroles","title":"Import Roles"}}},{"node":{"fields":{"slug":"/getting-started/6-automatedprovisioning/2-tutorial/1-provisioningCSV","title":"Creating a synchronization configuration for the source"}}},{"node":{"fields":{"slug":"/developerguide/2-api/3-java/3-creating-searching-users","title":"Creating and searching a user with API call in Java"}}},{"node":{"fields":{"slug":"/developerguide/2-api/3-java/4-calls-examples","title":"API calls examples in Java"}}},{"node":{"fields":{"slug":"/getting-started/6-automatedprovisioning/2-tutorial/2-policymap","title":"Policy map"}}},{"node":{"fields":{"slug":"/developerguide/2-api/3-java/5-enabling-disabling-users","title":"Enabling/Disabling a user with API calls examples in Java"}}},{"node":{"fields":{"slug":"/getting-started/6-automatedprovisioning/2-tutorial/4-birthright","title":"New hire"}}},{"node":{"fields":{"slug":"/getting-started/6-automatedprovisioning/2-tutorial/5-transfer","title":"Transfer"}}},{"node":{"fields":{"slug":"/getting-started/6-automatedprovisioning/2-tutorial/3-creatingrole","title":"Creating role"}}},{"node":{"fields":{"slug":"/getting-started/6-automatedprovisioning/2-tutorial/6-termination","title":"Terminations"}}},{"node":{"fields":{"slug":"/getting-started/4-application-onboarding/1-connect/2-rpm","title":"Connectors via RPM"}}},{"node":{"fields":{"slug":"/getting-started/4-application-onboarding/1-connect/3-docker","title":" Connectors via Docker"}}},{"node":{"fields":{"slug":"/getting-started/4-application-onboarding/1-connect/4-k8","title":" Connectors via Kubernetes"}}},{"node":{"fields":{"slug":"/getting-started/4-application-onboarding/2-importentitlements/2-transformationscripts","title":"Transformation scripts"}}},{"node":{"fields":{"slug":"/getting-started/4-application-onboarding/2-importentitlements/3-troubleshooting","title":"Troubleshooting"}}},{"node":{"fields":{"slug":"/getting-started/4-application-onboarding/3-importusers-and-entitlements/1-config-synch","title":"Configuring synchronization for importing users and their entitlement memberships"}}},{"node":{"fields":{"slug":"/getting-started/4-application-onboarding/3-importusers-and-entitlements/2-transformationscripts","title":"Transformation scripts"}}},{"node":{"fields":{"slug":"/getting-started/4-application-onboarding/3-importusers-and-entitlements/3-common-questions","title":"Common questions"}}},{"node":{"fields":{"slug":"/installation/1-rpm-installation/1-singlenode/1-rpm-with-internet","title":"Installation with Internet access"}}},{"node":{"fields":{"slug":"/installation/1-rpm-installation/1-singlenode/2-rpm-no-internet","title":"Installation without Internet access"}}},{"node":{"fields":{"slug":"/installation/1-rpm-installation/1-singlenode/3-nonroot-partition","title":"Installing OpenIAM on a non-root partition"}}},{"node":{"fields":{"slug":"/installation/1-rpm-installation/5-ports/1-one-node","title":"Single node deployment"}}},{"node":{"fields":{"slug":"/getting-started/4-application-onboarding/2-importentitlements/1-configuring-synch","title":"Configuring synchronization for importing entitlements"}}},{"node":{"fields":{"slug":"/installation/1-rpm-installation/5-ports/2-three-node","title":"Three node cluster"}}},{"node":{"fields":{"slug":"/installation/1-rpm-installation/6-upgrading/1-databasemigration","title":"Database migration from version 3.X to 4.X"}}},{"node":{"fields":{"slug":"/installation/1-rpm-installation/6-upgrading/10-upgrading-2026-4-2","title":"Upgrading OpenIAM to v.2026.4.2 in RPM"}}},{"node":{"fields":{"slug":"/installation/1-rpm-installation/6-upgrading/3-upgradingto-42111","title":"Upgrading from versions 4.2.1.9-4.2.1.10 to version 4.2.1.11 in RPM"}}},{"node":{"fields":{"slug":"/installation/1-rpm-installation/6-upgrading/2-upgradingto-42110","title":"Upgrading from version 4.2.1.5-4.2-4.2.1.8 to version 4.2.1.10 in RPM"}}},{"node":{"fields":{"slug":"/installation/1-rpm-installation/6-upgrading/4-migrating-index-data","title":"Migration of index data from older ElasticSearch versions to newer one"}}},{"node":{"fields":{"slug":"/installation/1-rpm-installation/6-upgrading/4-upgradingto-42112","title":"Upgrading from versions 4.2.1.x to version 4.2.1.12 in RPM"}}},{"node":{"fields":{"slug":"/installation/1-rpm-installation/6-upgrading/5-infrastructure_upgrade","title":"Infrastructure upgrade"}}},{"node":{"fields":{"slug":"/installation/1-rpm-installation/6-upgrading/5-upgradingto-42115","title":"Upgrading from versions 4.2.1.x to version 4.2.1.15 in RPM"}}},{"node":{"fields":{"slug":"/installation/1-rpm-installation/6-upgrading/6-infra-upgrade-42113","title":"Infrastructure upgrade in v4.2.1.13"}}},{"node":{"fields":{"slug":"/installation/1-rpm-installation/6-upgrading/8-upgrade2026.5.2","title":"Upgrading notes for v.2026.5.2 in RPM"}}},{"node":{"fields":{"slug":"/installation/1-rpm-installation/6-upgrading/7-upgradingto-422","title":"Upgrading OpenIAM from versions 4.2.1.x to 4.2.2 in RPM"}}},{"node":{"fields":{"slug":"/installation/1-rpm-installation/6-upgrading/8-upgrading-2026-2-1","title":"Upgrading OpenIAM to v.2026.2.1 in RPM"}}},{"node":{"fields":{"slug":"/installation/1-rpm-installation/6-upgrading/8-upgrading-2026-3-1","title":"Upgrading OpenIAM to v.2026.3.1 in RPM"}}},{"node":{"fields":{"slug":"/installation/1-rpm-installation/6-upgrading/8-upgrading-2026-3-2","title":"Upgrading OpenIAM to v.2026.3.2 in RPM"}}},{"node":{"fields":{"slug":"/installation/1-rpm-installation/6-upgrading/9-422-changes","title":"Known issues related to upgrading from 4.2.1.x to 2026.4.1 version"}}},{"node":{"fields":{"slug":"/installation/1-rpm-installation/7-remoteDB/1-oracle","title":"Installing OpenIAM with a remote Oracle database in RPM environment"}}},{"node":{"fields":{"slug":"/installation/1-rpm-installation/7-remoteDB/2-postgres","title":"Installing OpenIAM with a remote Postgres database in RPM environment"}}},{"node":{"fields":{"slug":"/installation/2-docker-installation/3-upgrading/1-upgrade-4219","title":"Upgrade from version 4.2.1.5-4.2.1.8 to version 4.2.1.10 in Docker"}}},{"node":{"fields":{"slug":"/installation/1-rpm-installation/7-remoteDB/3-MSSQL","title":"Installing OpenIAM with a remote MSSQL database in RPM environment"}}},{"node":{"fields":{"slug":"/installation/2-docker-installation/3-upgrading/2-upgrade-42110","title":"Upgrade from version 4.2.1.9 to version 4.2.1.10 in Docker"}}},{"node":{"fields":{"slug":"/installation/2-docker-installation/3-upgrading/4-upgrade-42115","title":"Upgrade from version 4.2.1.x to version 4.2.1.15 in Docker"}}},{"node":{"fields":{"slug":"/installation/6-kubernetes-installation/5-upgrading/3-upgrade-42113k8-rabbitmq","title":"Upgrading from version below 4.2.1.8 to version 4.2.1.13 in Kubernetes environment"}}},{"node":{"fields":{"slug":"/installation/6-kubernetes-installation/5-upgrading/4-upgrade-42115k8","title":"Upgrading from versions 4.2.1.x to version 4.2.1.15 in Kubernetes environment"}}},{"node":{"fields":{"slug":"/installation/2-docker-installation/3-upgrading/3-upgrade-42111","title":"Upgrade from version 4.2.1.10 to version 4.2.1.11 in Docker"}}},{"node":{"fields":{"slug":"/installation/6-kubernetes-installation/5-upgrading/5-upgrade-42112k8","title":"Upgrading from version 4.2.1.x to version 4.2.1.12 in Kubernetes environment"}}},{"node":{"fields":{"slug":"/installation/6-kubernetes-installation/5-upgrading/7-upg-notes20206.5.2","title":"Upgrading notes for v.2026.5.2 in Kubernetes environment"}}},{"node":{"fields":{"slug":"/installation/6-kubernetes-installation/5-upgrading/6-upgrade-422k8","title":"Upgrading from version 4.2.1.x to version 4.2.2 in Kubernetes environment"}}},{"node":{"fields":{"slug":"/installation/6-kubernetes-installation/6-k8platforms/2-aws","title":"AWS Kubernetes guide"}}},{"node":{"fields":{"slug":"/installation/6-kubernetes-installation/6-k8platforms/3-helm","title":"Private Kubernetes Cluster using Helm"}}},{"node":{"fields":{"slug":"/installation/6-kubernetes-installation/6-k8platforms/4-azure","title":"Azure Kubernetes Guide"}}},{"node":{"fields":{"slug":"/developerguide/9-synchronization/2-import/ldap/1-ldapvalidation","title":"Synchronization Validation Script"}}},{"node":{"fields":{"slug":"/installation/6-kubernetes-installation/6-k8platforms/1-gce","title":"GCE Kubernetes guide"}}},{"node":{"fields":{"slug":"/developerguide/9-synchronization/2-import/ldap/2-ldapsynchusers","title":"LDAP User Synchronization Script"}}},{"node":{"fields":{"slug":"/developerguide/9-synchronization/2-import/ldap/3-ldapattributeslists","title":"LDAP Attribute list for User Synchronization"}}},{"node":{"fields":{"slug":"/getting-started/4-application-onboarding/2-importentitlements/2-transformationscripts/1-ADgroup-transformation","title":"Sample transformation script for AD groups"}}},{"node":{"fields":{"slug":"/getting-started/4-application-onboarding/3-importusers-and-entitlements/2-transformationscripts/3-ADtransformation-usergroup","title":"Sample transformation script for AD users and group memberships"}}},{"node":{"fields":{"slug":"/getting-started/4-application-onboarding/2-importentitlements/2-transformationscripts/2-csv-transformation","title":"Sample transformation script for a CSV file"}}},{"node":{"fields":{"slug":"/getting-started/4-application-onboarding/3-importusers-and-entitlements/2-transformationscripts/4-csv-users-entitlements","title":"Sample transformation script for a CSV file"}}},{"node":{"fields":{"slug":"/changelog/21-Release-4.2.2","title":"Release 4.2.2"}}},{"node":{"fields":{"slug":"/connectorconfig/microsoft/4-adpowershell","title":"Active Directory PowerShell connector"}}},{"node":{"fields":{"slug":"/appendix/5-message_en_file","title":"Message properties"}}}]}},"pageContext":{"id":"0d42cf29-f18b-596d-b243-4a758d635b8b"}}, "staticQueryHashes": ["2619113677","3706406642","417421954"]}