Install Privileged Identity Software
In this section, we'll cover how to install Privileged Identity and its components.
- Install the Management Console
- Set Up the Program Database
- Register the Privileged Identity Instance
- Install the Web Application
- Install the Web Service
Before you install the management console, make sure your server meets the prerequisites as defined in Management Console and Deferred Processing Host Requirements.
- Launch the Privileged Identity installer. You should have received this from BeyondTrust Support or from the Self-Service Center.
- On the welcome screen click Next.
- Read the license agreement. If you agree, select I accept the license agreement, and then click Next.
- Enter your name and organization name, and then click Next.
- Select which features to install:
- BeyondTrust Privileged Identity - (Required) Installs the Privileged Identity software. This is the only required element.
- PDF Encoder - (Recommended) Allows you to turn compliance reports into PDF documents.
- PuTTY Terminal Emulator - Installs the open source PuTTY software.
- RSA SecurID
- If RSA multi-factor authentication is required to access the management console but this machine will NOT host the web application, install this option.
- If this machine will host the web application, leave this option unchecked. The RSA agent is installed automatically when the web application is installed.
- PeopleSoft - Allows you to integrate Privileged Identity with a PeopleSoft database.
- To change the installation location, click Browse.
- To make sure you don't exceed your available disk space, click Disk Cost.
- Click Next.
- Choose which identity should run the Common Language Runtime (CLR) application. The default is Network Service.
The CLR COM identity provides Privileged Identity with network and local system access to various cloud services. Individual account stores (Azure, AWS, ESX, etc.) are configured with specific connection credentials when they are enrolled.
Options for the identity are:
- Interactive User - Use the same login information as the calling identity. This is an administrator-level account, as the calling identity will be either the admin running the console or the deferred processor service account. This option requires the least configuration but provides far more privileges than are required.
- Network Service - (Recommended) Use the system's NetworkService account. This does not require you to manage a password or grant additional rights, although in some cloud management cases, you may need to grant additional permissions on the file system.
- Local Service - Use the system's LocalService account. This does not require you to manage a password or grant additional rights, although in some cloud management cases, you may need to grant additional permissions on the file system. The LocalService account has many more rights than NetworkService.
- This User - Use a specified username and password. This user could be a local account that is configured to never authenticate to any other machine in the network (unlike NetworkService or LocalService), but it is another account whose credential you'll need to manage. You must grant this account Logon as a batch rights. In some cloud management cases, you may need to grant it additional permissions on the file system.
- Click Next.
- On Ready to Install the Application, click Back to make any needed changes or Next to complete the installation.
- When the installation completes, you have the option to run Privileged Identity immediately.
The first time Privileged Identity launches, the program database setup wizard begins.
For more information, see Set Up the Program Database.