UNIFYBroker Installation Prerequisites


The following are the software requirements for UNIFYBroker:

  • Microsoft Windows Server (2008 R2 SP1 or later). Tested with:
    • Microsoft Windows Server 2008 R2 SP1;
    • Microsoft Windows Server 2012;
    • Microsoft Windows Server 2012 R2;
    • Microsoft Windows Server 2016.
  • Microsoft .NET 4.5.1 Framework (external download);
  • A compatible database server
    • Microsoft SQL Server Standard Edition or higher 
    • PostgreSQL Server (supported from UNIFYBroker v5.3 onwards)
  • Minimum version of Microsoft SQL Server 2008, recommended Microsoft SQL Server 2014 or newer. Tested with:
    • Microsoft SQL Server 2008;
    • Microsoft SQL Server 2008 R2;
    • Microsoft SQL Server 2012;
    • Microsoft SQL Server 2014;
    • Microsoft SQL Server 2016;
    • Microsoft SQL Server 2017;
    • Azure SQL Database;
  • Minimum version of PostgreSQL 9.5 or newer, on-premise or Azure Database for PostgreSQL. Tested with:
    • PostgreSQL 9.5
    • PostgreSQL10.1

The following are recommended minimum hardware requirements for UNIFYBroker:

  • 4GB RAM for the Operating System. For larger sets of identities (over 5000) more than this will be required (e.g. 16GB for over 1 million identities or 32GB for a highly complex solution).
  • 2 or more cores/CPUs. For larger sets of identities and/or multiple target systems more than this will be required.
  • 20MB hard drive space per 1000 identities brokered for the Microsoft SQL Server/PostgreSQL database.
  • 40MB free on the server for installation of UNIFYBroker application and service.
  • Additional free space on the server for logs and temporary internet files.

The following are the recommend minimum software requirements for accessing UNIFYBroker Management Studio:

  • A JavaScript-enabled modern desktop web browser (Microsoft Internet Explorer 9+, Mozilla Firefox (current - 1)+, Google Chrome™ (current - 1)+ browser, etc.)


The following information will need to be retained by the administrator in order to install and maintain UNIFYBroker:

  • UNIFYBroker service account
  • Microsoft SQL Server/PostgreSQL instance
  • Logging directory
  • IIS permissions (if using the web installer)

UNIFYBroker Service Account

This is the account that the UNIFYBroker service will be configured to use. This service must have the following rights:

  • Log on as a service. For details see Log on as a service. The installer is able to add this permission.
  • Permission to access the UNIFYBroker database as created, as described in Database Recommendations. (Note that this does not apply if you wish to use SQL Server Authentication, which is not recommended). This may include either enabling the appropriate network library in the SQL Server configuration, or forcing the connection to use the desired network library, as described in How To Set the SQL Server Network Library in an ADO Connection String.
  • Permission to write to the Windows Event Log. For Windows Server 2008 and above see Event Log. For Windows Server 2003 see How to set event log security locally or by using Group Policy. (A typical installation of Windows should not require additional configuration, unless permissions have been locked down).
  • Access to network services, including Kerberos. (The service account must have access to all systems that it uses. For example: To access SQL Server on another machine in the domain, the account must be a domain account).

Microsoft SQL Server/PostgreSQL instance

This is the Microsoft SQL Server or PostgreSQL instance on which the UNIFYBroker database will be installed. Note the host and instance name which are used to connect to the database server. Also note the database server account name and password when using SQL Server Authentication or PostgreSQL.

The configuration must be appropriate for the deployment scenario. For example, for remote access to SQL Server, named pipes must be enabled and suitable account permissions set up. Also make sure the correct Windows Services are running (e.g. SQL Server Browser).

LDAP Firewall Exceptions

If UNIFYBroker and the identity management platform instance is not installed on the same machine, any separating firewalls may need to be configured to allow LDAP traffic (default port 389) to pass unobstructed in both directions.

Logging directory

This is the directory that the service will log to. It must be somewhere that the UNIFYBroker Service Account has permission to write to.

IIS Permissions (when using the Web installer)

If UNIFYBroker is being configured to use IIS, the application pool identity will require read and write permissions to the UNIFYBroker Web directory. Contact your IIS administrator, or refer to Application Pool Identities for information on configuring the application pool with additional permissions.

This article was helpful for 3 people. Is this article helpful for you?


Hi - when is support for Win2019 likely to be announced please?