Chat now with support
Chat mit Support

Active Roles 8.2.1 - Synchronization Service Administration Guide

Synchronization Service overview Deploying Synchronization Service Deploying Synchronization Service for use with AWS Managed Microsoft AD Getting started Connections to external data systems
External data systems supported with built-in connectors
Working with Active Directory Working with an AD LDS (ADAM) instance Working with Skype for Business Server Working with Oracle Database Working with Oracle Database user accounts Working with Exchange Server Working with Active Roles Working with One Identity Manager Working with a delimited text file Working with Microsoft SQL Server Working with Micro Focus NetIQ Directory Working with Salesforce Working with ServiceNow Working with Oracle Unified Directory Working with an LDAP directory service Working with an OpenLDAP directory service Working with IBM DB2 Working with IBM AS/400 Working with IBM RACF Working with MySQL database Working with an OLE DB-compliant relational database Working with SharePoint Working with Microsoft 365 Working with Microsoft Azure Active Directory Configuring data synchronization with the SCIM Connector Configuring data synchronization with the Generic SCIM Connector
Using connectors installed remotely Creating a connection Renaming a connection Deleting a connection Modifying synchronization scope for a connection Using connection handlers Specifying password synchronization settings for a connection
Synchronizing identity data Mapping objects Automated password synchronization Synchronization history Scenarios of use Developing PowerShell scripts for attribute synchronization rules Using PowerShell script to transform passwords

Mapping tab

The Mapping tab allows you to manage mapping pairs and mapping rules for existing connections. To view or modify mapping pairs or rules for a connection, click the name of that connection. For more information on mapping pairs and rules, see Mapping objects.

On the Mapping tab, you can use the following elements (some of these elements become available only after you create at least one connection to an external data system):

  • Filter by: Allows you to filter existing connections by the letters or text you type in the text box. The filter only applies to the connection names.

  • Sort by: Allows you to sort existing connections by connection name, name of the connector used, or the frequency of usage in the sync workflow steps.

  • <Connection Name>: Displays the name of a connection. You can click a connection name to view or modify the mapping settings for the corresponding connection.

When you click a connection name on this tab, you can manage mapping pairs for the connection by using the following elements (some of these elements become available after you create at least one mapping pair for the connection):

  • Add mapping pair: Allows you to specify the types of objects in two connected systems for which you want to create a mapping pair.

  • <ObjectType1> - <ObjectType2>: Represents a mapping pair and displays the object types that belong to the same mapping pair. You can click a mapping pair to view and change the scope of conditions where the object types belonging to that mapping pair will be mapped. To define these conditions, you can create mapping rules.

  • Schedule: Allows you to schedule a recurring map operation for the current pair of objects.

  • Map now: Allows you to manually run the map operation on the current pair of objects.

  • Delete: Deletes the mapping pair on which you click this link.

When you click a mapping pair, you can manage mapping rules for the mapping pair by using the following elements (some of these elements become available only after you create at least one mapping rule for the mapping pair):

  • Map now: Allows you to manually run the map operation on the mapping pair by using the conditions specified in the existing mapping rules.

  • Unmap: Allows you to unmap the objects that were earlier mapped according to the settings specified for the mapping pair.

  • Schedule mapping: Allows you to schedule a recurring map operation for the mapping pair.

  • Add mapping rule: Allows you to create a rule that will define a condition for mapping objects that belong to the mapping pair.

  • Delete rule: Deletes the mapping rule on which you click this link.

  • Move up: Moves the current mapping rule one position up in the list.

  • Move down: Moves the current mapping rule one position down in the list.

Mapping rules are applied in the order they are listed.

Password Sync tab

The Password Sync tab allows you to manage password sync rules to automate password synchronization from a specified Active Directory domain to other connected data systems. For more information, see Automated password synchronization.

On the Password Sync tab, you can use the following elements (some of these elements become available only after you create at least one password sync rule):

  • Add password sync rule: Allows you to create a rule for synchronizing passwords from an Active Directory domain to another connected system.

  • Password sync settings: Allows you to specify how many times you want to retry the password synchronization operation in the event of a failure. Also allows you to type a Windows PowerShell script to generate passwords for the target connected system. For more information, see Using PowerShell script to transform passwords.

  • Delete rule: Deletes the password sync rule on which you click this link.

Configuring diagnostic logging

In the Synchronization Service Console, you can configure a number of settings to write the Synchronization Service diagnostic data to a separate log file or to the Windows Event Log.

To configure diagnostic logging

  1. In the upper right corner of the Synchronization Service Console, select Settings > Diagnostic Logging.

  2. In the dialog that opens, use the following options:

    • Windows Event Log Level: Drag the slider to select one of the following options to write Synchronization Service data to the Windows Event Log:

      • Error, Warning, and Information: Records errors, warnings, and information events generated by Synchronization Service to the Windows Event Log.

      • Error and Warning: Records error and warning events generated by Synchronization Service to the Windows Event Log.

      • Error: Records error events generated by Synchronization Service to the Windows Event Log.

      • Off: Disables writing Synchronization Service data to the Windows Event Log.

    • Synchronization Service log level: Drag the slider to select one of the following logging levels for the Synchronization Service log:

      • All Possible Events: Writes detailed diagnostic data to the Synchronization Service log file.

      • Important Events: Writes only essential events to the Synchronization Service log file.

      • Off: Disables writing data to the Synchronization Service log file.

  3. When you are finished, click OK to apply your settings.

How to synchronize identity data

On a very high level, you need to complete the following steps to synchronize identity data between two external data systems:

  1. Connect the Synchronization Service to the data systems between which you want to synchronize identity data.

    For more information, see External data systems supported with built-in connectors.

  2. Configure synchronization scope for the connected data systems.

    For more information, see Modifying synchronization scope for a connection.

  3. Create a sync workflow.

    For more information, see Creating a sync workflow.

  4. Create one or more steps in the sync workflow, and, if necessary, define synchronization rules for these steps.

    For more information, see Synchronizing identity data.

  5. Run the sync workflow you have created.

    For more information, see Running a sync workflow.

You can also use the Synchronization Service to automatically synchronize passwords from a specified Active Directory domain to other connected data systems. For more information, see Automated password synchronization.

Verwandte Dokumente

The document was helpful.

Bewertung auswählen

I easily found the information I needed.

Bewertung auswählen