Setting up synchronization with the One Identity Manager connector
The One Identity Manager connector allows One Identity Manager databases to synchronize with each other. For example, in this way, you can transfer application data from a production database to a test database or have time-consuming tasks, such as attestations or the report generation, run in a separate environment. You can optimize use of One Identity Manager functionality by synchronizing with a central database, containing all the data, on a regular basis.
As of One Identity Manager version 8.2, there is support for synchronizing databases with different product versions or a different number of modules.
One Identity Manager offers two ways to set up a synchronization project:
-
Generate a synchronization project based on predefined criteria
The synchronization configuration is created completely automatically and cannot be edited. Three schedules can be selected to start synchronization.
-
Individual, manual configuration of the synchronization
The synchronization configuration is created completely manually and can be adapted at any time if requirements change. The synchronization can be scheduled as well as started manually.
Detailed information about this topic
Architecture overview
As of One Identity Manager version 8.2, there is support for synchronizing databases with different product versions or a different number of modules. The central database must be connected over an application server for this. To be able to use the latest features and bug fixes, the database on which the synchronization project is set up must always have the latest product version.
Figure 1: The synchronization architecture
The work database is the database on which the synchronization project is set up. After synchronization, the work database contains an image of the application data from the central database. The central database is the database in the connected system (target system).
If both databases have the same product version and the same modules installed, you do not have to connect the central database through an application server.
Synchronization set up methods
Method 1 (system synchronization): The synchronization project is created automatically
To allow a synchronization project to be created automatically, first select the tables and columns fro all the tables that contain application data. On basis of this, the Synchronization Editor generates a complete synchronization configuration. If the selection of tables to synchronize changes, the synchronization project updates automatically.
Use the system synchronization to map selected One Identity Manager database application data. The same schema types (tables) and schema properties (columns) are synchronized with each other in the connected databases. For example, if you have selected the BaseTree table for synchronization, the objects of the BaseTree table in the central database will be synchronized with the BaseTree table in the work database.
Only one synchronization project can be created automatically for the work database.
Only the connection credentials for the connected systems may be changed manually in a generated synchronization project.
Method 2 (custom configuration): You create the synchronization project manually
This allows you to create all the components of the synchronization configuration manually with the Synchronization Editor. The One Identity Manager connector does not provide a project template for setting up synchronization. The synchronization project can be adjusted at any time as needed.
Since the synchronization configuration is fully customized, the schema types and schema properties of the central database can be mapped to any schema types and properties in the work database.
Selecting a method
Use the system synchronization if the following criteria apply:
-
You want to map selected application data from the central database. The application data are mapped in both databases in the same tables.
-
Numerous tables are to be synchronized.
-
Different startup behavior is to be defined for different tables.
-
One Identity Manager creates the system configuration automatically. The synchronization configuration does not require manual adjustments.
Use custom synchronization if the following criteria apply:
-
Only individual tables are to be synchronized.
-
You want to be able to create mappings and workflows yourself and customize the synchronization configuration.
-
You want to use custom processing methods in synchronization steps.
-
Objects that have been deleted in the central database should be marked as outstanding during synchronization and can then be post-processed in the work database.
-
Single object synchronization is to be used.
Connect the central database over an application server if the following criteria apply:
-
A different number of modules is installed in the work than in the central database.
-
Work and central databases have different product versions, but at least One Identity Manager version 8.2.
Related topics
Prerequisites and guidance for connecting a One Identity Manager database
Requirements for the central database
To synchronize One Identity Manager databases with different modules or different product versions:
To synchronize One Identity Manager databases with different product versions:
-
The following plugins are enabled on the application server:
-
The HTTP request methods POST, GET, PUT, and DELETE must be permitted by the application server’s web server.
-
The central database has at least version 8.2.
Notes about the application server's REST API
The REST API is not as powerful as the primary interface because it is designed for backward compatibility, among other things. This enables communication with older One Identity Manager systems. Some secondary functions are not available when using this interface. One Identity Manager versions from 8.2 are supported, but possibly not to the full extent.
-
Customized processing methods in synchronization steps cannot be used.
-
Data errors cannot be ignored during synchronization.
-
No detailed error messages are output.
Notes about the work database
-
If both databases have different One Identity Manager versions, the work database should have the latest product version to take advantage of the latest features and bug fixes of the One Identity Manager connector.
-
The work database has at least version 8.2.
Related topics