The main feature of One Identity Manager is to employees together with the master data and permissions available to them in different target systems. To achieve this, information about user accounts and permissions can be read from the target system into the One Identity Manager database and linked to employees. This provides an overview of the permissions for each employee in all of the connected target systems. One Identity Manager offers the option of managing user accounts and their permissions. You can provision modifications in the target systems. Employees are supplied with the necessary permissions in the connected target systems according to their function in the company. Regular keeps data consistent between target systems and the One Identity Manager database.
One Identity Manager instantiates connecting the various target systems to the . Use this tool to configure data synchronization for any target system and specify which target system data is mapped to the One Identity Manager database. You also define the object properties mapping and the synchronization sequence as a workflow.
One Identity Manager provides default mappings and workflows for synchronizing all target systems which are supported by the installed modules.
Use the to configure synchronization between the One Identity Manager database and a target system. A system connector takes over the connection to and communication with the target system. The system connector prepares target system objects, properties, and methods such that they can be read and written by One Identity Manager. The system connector communicates with the target system and carries out all read and write operations.
Figure 1: One Identity Manager synchronization components
During with the One Identity Manager database, system objects and their properties are compared with one another. Synchronization results in the target system and One Identity Manager database having an identical data structure. Some target systems are supported by default. For these target systems, One Identity Manager provides default processes and workflows.
In addition, changes to One Identity Manager database objects can be promptly provisioned in the connected target systems. For standard target systems, One Identity Manager provides default processes and workflows for provisioning.
The same workflows and can be used for provisioning as for synchronization. The processing methods defined in the are only executed during provisioning if the condition defined in the processing method is fulfilled and the synchronization and mapping directions for the object to process match.
Object changes are not provisioned in target system connections with read-access only.
Synchronization of single objects
For standard target systems, Changes made to individual objects in the target system can be immediately applied in the One Identity Manager database without having to start a full synchronization of the target system environment. provides dOne Identity Managerefault processes and workflows for synchronizing single objects.
The same workflows and mappings can be used for single object synchronization as for synchronization. The processing methods defined in the synchronization step are only executed during single object synchronization if the condition defined in the processing method is fulfilled and the synchronization and mapping directions for the object to process match.
Individual objects can only be synchronized if the object is already present in the One Identity Manager database. The changes are applied to the mapped object properties. If a member list is belongs to one of these properties, then the entries in the assignment table will also be updated. If the object is no longer present in the target system, then it is deleted from the One Identity Manager database.
The is the One Identity Manager tool you use to configure synchronization of the One Identity Manager database on the one side and any target system on the other. The Synchronization Editor provides a homogeneous interface for all target systems to be controlled.
You can run the following tasks with the Synchronization Editor:
- Set up a connection to any target system
- Load target system schema and with the One Identity Manager database schema (called "One Identity Manager schema" in the following)
- Specify key object properties based on which the other associated objects are identified during synchronization (object matching rules).
- Specify the base object and scope of synchronization
- Define filters to limit the number of objects to synchronize
- Specify the
- Define the synchronization workflow
- Select schema classes to be synchronized
- Specifying processing methods
- Define the sequence of
- Specify the time and frequency of synchronization
There are different ways to start the Synchronization Editor.
- From the Windows start menu using the entry One Identity | One Identity Manager | Configuration | Synchronization Editor.
- From the Launchpad.
- In the Manager