Get Started with Identity Mesh
On-premises installation guide. Install the sync engine, connect your identity systems, and run your first import.
Prerequisites
Before you begin, ensure you have:
- Windows Server 2019 or later for hosting the sync engine service
- SQL Server 2019 or later for the Identity Mesh database
- .NET 8 Desktop Runtime x64 for the Sync Engine (
windowsdesktop-runtime-8.0-win-x64) - ASP.NET Core 10 Runtime x64 for the Admin API (
aspnetcore-runtime-10.0-win-x64) - IIS (optional, for hosting the Admin Portal)
- Active Directory domain (if using the AD connector)
Installation & Setup
Install the Windows Service
The Identity Mesh sync engine runs as a Windows Service. Install it using the MSI installer.
- 1. Run the IdentityMesh.msi installer on your Windows Server
- 2. Choose features: Sync Engine (default), Admin API (optional), Admin UI (optional)
- 3. Enter the SQL Server instance and database name
- 4. Configure service accounts for the Sync Engine and Admin API (domain account, gMSA, or Local System)
- 5. Map AD security groups to roles: Admin, Operator, Viewer (pre-populated with domain)
- 6. The installer creates the database, deploys the schema, configures services, and optionally creates an IIS site for the Admin Portal
Verify Database Setup
The installer automatically creates the database, deploys the schema, configures the connection string, and grants the service account access. Verify everything is running.
- 1. Check that the IdentityMeshEngine and IdentityMeshAdmin Windows services are running
- 2. Open http://localhost:5100 to verify the Admin API (Swagger UI)
- 3. If Admin UI was installed, open the IdentityMesh Admin Portal desktop shortcut
- 4. Review
%TEMP%\IdentityMesh.DbSetup.logif services fail to start
Add Your First Connector
Use the Admin UI to configure an Active Directory or SQL Database connector with connection details.
- 1. Open the Admin UI and navigate to Connectors → Add Connector
- 2. Select Active Directory or SQL Database as the connector type
- 3. Enter the server hostname, port, and base DN (for AD) or connection string (for SQL)
- 4. Provide service account credentials with read access to the target directory or database
- 5. Test the connection and save
Create Join and Flow Rules
Define how identities are correlated across systems and how attributes flow between them.
- 1. Navigate to Rules in the Admin UI
- 2. Create a join rule to define anchor-based identity correlation (e.g., match AD
objectGUIDto an HR databaseEmployeeID) - 3. Create flow rules to map attributes between connectors (e.g., AD
displayName→ meshFullName) - 4. Apply transforms where needed (concatenation, formatting, case conversion)
- 5. Set confidence scores on flow rules to control which source wins when multiple connectors provide the same attribute
Run Your First Import
Trigger a full import from the Admin UI to pull identities into the mesh.
- 1. Go to Connectors and select the connector you configured
- 2. Click Full Import to read all objects from the connected system
- 3. Monitor progress in the import run log as identities are pulled into the management space
- 4. Once import completes, the projection engine applies your join and flow rules to populate mesh objects
Verify in Mesh Objects
Browse imported identities in the Mesh Objects viewer in the Admin UI.
- Open Mesh Objects in the Admin UI to see correlated identities
- Verify that attributes flowed correctly from the source connector
- Check join status to confirm identities are linked across connectors
- Review the audit log for any import errors or rule evaluation warnings