Chat now with support
Chat mit Support

Identity Manager 9.1.2 - Target System Synchronization Reference Guide

Target system synchronization with the Synchronization Editor Working with the Synchronization Editor Basics of target system synchronization Setting up synchronization
Starting the Synchronization Editor Creating a synchronization project Configuring synchronization
Setting up mappings Setting up synchronization workflows Connecting systems Editing the scope Using variables and variable sets Setting up start up configurations Setting up base objects
Overview of schema classes Customizing the synchronization configuration Checking the consistency of the synchronization configuration Activating the synchronization project Defining start up sequences
Running synchronization Synchronization analysis Setting up synchronization with default connectors Updating existing synchronization projects Script library for synchronization projects Additional information for experts Troubleshooting errors when connecting target systems Configuration parameters for target system synchronization Configuration file examples

Specifying custom processing methods

Apart from a connector’s default and additional processingClosed methods, the Synchronization EditorClosed can also use customClosed processing methods. This is done using custom scripts.

To set up and use a custom processing method

  1. In the DesignerClosed, create a script to make the necessary modifications to the loaded objects.

    Script structure:

    References VI.Projector.Database.dll
    <Tag("Projector")>
    <BaseObjectType("Table")>
    Public Sub CCC_ScriptName(unit As IUnitOfWork, entity As IEntity(), args As VI.Projector.Database.ScriptMethodArgs)
       'Steps to run
       ...
    End Sub
    • <Tag("Projector")>: Labels the script to use as a processing method. This enables the Synchronization Editor to identify the scripts to use as processing methods.

    • <BaseObjectType("Table")>: Defines the type of objects the script will be applied to. Enter the table that contains the objects to be handled.

      If the script can be applied to several object types, define a separate object type for each table.

    • CCC_ScriptName: Script name. In the Synchronization Editor, you can select the script as the processing method under this name. Enter a name that uniquely describes the processing method.

    For more information about creating scripts with the Script Editor, see the One Identity Manager Configuration Guide.

  2. Compile the script.

  3. In the Synchronization Editor, open the synchronization projectClosed.

  4. Select the Configuration > One Identity Manager connection category and update the One Identity Manager schema.

  5. In the Workflows category, select the synchronization workflowClosed in which you want to use the new processing method.

  6. Find the synchronization step and click Edit.

    The synchronization step must handle the object type defined in the script.

  7. On the Processing tab, you can select processing methods under the script name.

Example scripts

The following example script removes the manager from all departments and location that the script will be applied to as a processing method.

References VI.Projector.Database.dll
<Tag("Projector")>
<BaseObjectType("Department")>
<BaseObjectType("Locality")>
Public Sub CCC_Department_RemoveManager(unit As IUnitOfWork, entities As IEntity(), args As VI.Projector.Database.ScriptMethodArgs)
   For Each currEntity As IEntity In entities
      If Not String.IsNullOrEmpty(currEntity.GetValue("UIDClosed_PersonHead").ToString()) Then
         currEntity.PutValue("UID_PersonHead","")
         unit.Put(currEntity)
      End If 
   Next
End Sub

The following sample script creates or updates database objects.

References VI.Projector.Database.dll
<Tag("Projector")>
<BaseObjectType("ADSAccount")>
Public Sub CCC_SpecialCommit(unit As IUnitOfWork, entities As IEntity(), args As VI.Projector.Database.ScriptMethodArgs)
   For Each entity In entities
      For Each kvp In args.Changes
         entity.PutValue(kvp.Key, kvp.Value)
      Next
      unit.Put(entity)
   Next 
End Sub
Related topics

Specifying quotas

Errors in the synchronizationClosed configuration can cause system objects to be processed incorrectly. Errors in the data through incorrect configuration can be reduced. Often, it is known how many system objects are generally modified, added, or deleted in a connected systemClosed. If this number is exceeded when a processing method is run, a warning appears and synchronization is stopped. The synchronization stepClosed and mapping configurations can be checked and corrected before repeating synchronization.

To specify the maximum set of system objects that can be processed in a synchronization step, define quotasClosed for each processing method. A quota provides the maximum number of objects to process relative to the total number of all objects in the schema class to be synchronized. When a synchronization step is run, One Identity Manager calculates the number of objects to process for each processing method with a quota. If this number exceeds the quota, processing of objects in this schema class stops. Synchronization stops and writes an error message in the synchronization log.

You can define different quotas for synchronizing with the target system and synchronizing with One Identity Manager.

Table 53: Quotas for a synchronization step

Property

Meaning

No quota

Specifies whether quotas are taken into account by synchronization. If this is set, quotas are not included.

Use these settings

Specifies which quotas the connected system and the processing method take into account.

  1. Select the connected system that you want to synchronize.
  2. Select the processing method and enter the quota in percent.

When you configure a new synchronization step for objects in One Identity Manager for the Delete processing taskClosed, a quota of 10% is automatically set. Adjust the quota as required.

One Identity Manager specifies quotas for synchronization in the target system in workflows created with the workflow wizard, by default. Adjust the quota as required.

  • Update processing method: 75%
  • Delete processing method: 10% for single objects, 20% for many-to-many schema types.
Advice
  • Quotas can only be defined for processing methods which modify data (for example, Insert, Update, Delete).

  • When the number of object to process is being calculated, One Identity Manager takes the amount of objects loaded in the slim list. Conditions defined for processing methods are not taken into account!

    Enter an higher quota for processing methods use a condition to limit the number of objects to synchronize.

  • To check whether the quota will be exceeded, all the objects to be processed are loaded first. Only then will the processing method be run. If there is a large amount of data, this can affect synchronization performance.

  • If the quota is exceeded by a single object, that object will still be processed.

    For example, if a quota of 10% is defined for a schema class with only 8 objects and exactly one object has been changed, then this object will be processed even though the quota has already been exceeded.

    In provisioning workflowsClosed, quotas are ineffective because only single objects are ever processed.

  • Quotas affect membership synchronization only when M:N schema types are processed in a separate synchronization step. (Example: Synchronization of assignments of SAP rolesClosed to SAP user accounts. The quota refers to the set of UserInRole objects).

    If memberships are stored as a base object propertyClosed (member list), the quota only affects the base object and not the individual members. (Example: Synchronization of Active Directory groups. The quota refers only to the number of groups and not to the number of members).

Related topics

Rule filters

You can specify which Property mappingClosed rules must be applied to each synchronization stepClosed. For example, dependencies between schema class objects can be resolved this way.

Included rules: Select the property mapping rule to be applied during synchronizationClosed.
Excluded rules: Select the property mapping rules which should not be applied during synchronization.
NOTE: Unmarked rules are included automatically.
Detailed information about this topic

Extended synchronization step properties

You can optimize memory usage for processingClosed synchronization stepClosed data on the Extended tab.

Table 54: Extended synchronization step properties
Property Description
Performance/memory factorClosed This controls the behavior of memory and performance in the synchronizationClosed step. If more memory is available, you can change the performance/memory factor in favor of performance. Reduce the performance/memory factor if there are memory problems.

The performance/memory factor specifies the percentage with which the reload threshold, partition size, and bulk level are applied to an object type.

Use the slider to set the performance/memory factor.

  • Move the slider to the right to increase performance. This requires more memory.
  • Move the slider to the left to reduce the memory requirement. This also reduces the performance.

Reload threshold

Specifies the maximum number of properties that can be loaded by synchronization to prevent partitioned reloading. You can increase this value to accelerate synchronization of target systems with small mappings. However, more memory is required.

The default value for all data to be processed is fixed in the start up configuration. It can be specified separately for every synchronization step.

To specify the threshold for a synchronization step

  1. Disable Use start up configuration settings.
  2. Change the preset reload threshold.

Mode

Specifies whether changes in the in-memory object are committed after the synchronization step has been run. This affects changes that are made through the property mapping rule’s Force mapping against direction of synchronization option.

This setting is required only for object-based synchronization, for example, provisioning, when the object must be handled by more than one synchronization step.

  • None: No changes are committed.

  • Automatic: It is decided automatically, which changes are committed.

  • UserDefined: Changes to the selected schema properties are committed.

    Under Commit changes for, enable the schema properties whose changes are committed in the in-memory object.

TIP: You can adjust the memory requirements for all the data to be processed in the start-up configuration. You can set the reload threshold, partition size, and bulk level here. These setting are only possible in expert mode. For more information, see Extended properties for start up configuration.

Detailed information about this topic
Verwandte Dokumente

The document was helpful.

Bewertung auswählen

I easily found the information I needed.

Bewertung auswählen