SailPoint IdentityIQ (IIQ) is a solid IAM solution that stores and retrieves data, including logs and identity details, using a database. For IIQ to work properly, it must create a secure and efficient connection to its database server. This article explains how IIQ identifies which database to connect to and what happens when this connection fails.
- How IIQ’s Database Connection works
- IIQ uses a configuration file named iiq.properties to create its database connection. Serving as a roadmap, this file tells IIQ on where to find of the database, how to access to it, and what login credentials to use.
- IIQ uses a configuration file named iiq.properties to create its database connection. Serving as a roadmap, this file tells IIQ on where to find of the database, how to access to it, and what login credentials to use.
- Configuration in iiq.properties
- The
iiq.propertiesfile contains information about the database configuration. Below are the main parameters:- Database Type:
IIQ work with a relational database and supports many databases, including MySQL, Oracle, and Microsoft SQL Server. It must be clearly defined: db.type = mysql - Database URL:
It is the address where the database server is hosted. It includes the server name, port, and database name:db.url = jdbc:mysql://<server name>:<port>/name. Ex: jdbc:mysql://localhost:3306/iiq - Database Credentials:
IIQ needs authentication credentials to access the database. These include a username and password:db.user = sailpointdb.password = secretpassword - JDBC Driver Class:
IIQ and the database are connected by the JDBC driver. To ensure effective communication, the right driver needs to be specified, taking into consideration the database type. Mysql is the type in this example:db.driver = com.mysql.cj.jdbc.DriverIf the JDBC driver JAR file is not already present in the SailPoint IIQ installation, you might have to manually add it. IIQ include multiple JDBC drivers by default and has built-in connection with certain database versions.
- Database Type:
- The
- How IIQ Uses This Information
IIQ follows a process to connect when it first starts up:- Identifies database connection parameters by scanning the iiq.properties file.
- Creates a connection using the JDBC driver (db.driver)
- Verifies identity with the provided username and password.
- Once successfully connected, it begins reading and writing identity-related data.
- What Happens If the Database Connection Fails?
A failed database connection can prevent IIQ from functioning properly. Here are common causes of connection failures:- Incorrect credentials (wrong username or password).
- The database server is down or unreachable.
- The wrong JDBC driver is specified.
- The database URL is incorrect.
If IIQ cannot connect, it will throw an error, and the system administrator must troubleshoot by verifying the details in theiiq.propertiesfile and ensuring the database server is accessible.
- Changing the Database Connection
If the database configuration needs to be updated (e.g., migrating to a new server or switching to another database type), the administrator must:- Modify the
iiq.propertiesfile with the new connection details. - Restart the IIQ application to apply the changes.
- Modify the
- Final Thoughts
The iiq.properties file is a critical component in the IIQ architecture, as it manages database connectivity. Understanding how this file works enables administrators to troubleshoot issues efficiently and make necessary modifications when moving to a new database environment. Keeping these parameters correctly configured ensures seamless operation and reliability of the SailPoint IdentityIQ system.