The following provides you with an overview of synchronization templates. Patches are made available for updating synchronization templates in existing synchronization projects. For more information, see Patches for synchronization projects.
Table 16: Overview of synchronization templates and patches
Target System Synchronization Module |
Automatic One Identity Manager synchronization |
none |
Azure Active Directory Module |
Azure Active Directory synchronization |
none |
Azure Active Directory B2C tenant |
none |
Active Directory Module |
Active Directory synchronization |
none |
Active Roles Module |
Synchronize Active Directory domain via |
none |
Cloud Systems Management Module |
Universal Cloud Interface synchronization |
none |
Oracle E-Business Suite Module |
Oracle E-Business Suite synchronization |
none |
Oracle E-Business Suite CRM data |
none |
Oracle E-Business Suite HR data |
none |
Oracle E-Business Suite OIM data |
none |
Microsoft Exchange Module |
Microsoft Exchange 2013/2016/2019 synchronization (v2) |
none |
Google Workspace Module |
Google Workspace synchronization |
none |
LDAP Module |
AD LDS synchronization |
none |
AD LDS Synchronization (version 2) |
none |
OpenDJ synchronization |
none |
OpenDJ Synchronization (version 2) |
none |
Generic LDAP Synchronization (version 2) |
none |
Oracle DSEE Synchronization (version 2) |
none |
Domino Module |
Lotus Domino Synchronization |
none |
Exchange Online Module |
Exchange Online synchronization (v2) |
none |
Microsoft Teams Module |
Microsoft Teams (via Azure Active Directory) |
none |
OneLogin Module |
OneLogin Domain Synchronization |
none |
Privileged Account Governance Module |
One Identity Safeguard synchronization |
none |
SAP R/3 User Management Module |
SAP R/3 Synchronization (Base Administration) |
none |
SAP R/3 (CUA subsystem) |
none |
SAP R/3 Analysis Authorizations Add-on Module |
SAP R/3 BW |
none |
SAP R/3 Compliance Add-on Module |
SAP R/3 authorization objects |
none |
SAP R/3 Structural Profiles Add-on Module |
SAP R/3 HCM authentication objects |
none |
SAP R/3 HCM employee objects |
none |
SharePoint Module |
SharePoint synchronization |
none |
SharePoint Online Module |
SharePoint Online synchronization |
none |
Universal Cloud Interface Module |
SCIM Connect via One Identity Starling Connect |
changed |
SCIM synchronization |
changed |
Unix Based Target Systems Module |
Unix Account Management |
changed |
AIX Account Management |
changed |
The following is a list of all patches provided for synchronization projects in One Identity Manager 9.1.3. Every patch contains a script, which tests whether the patch can be applied to the synchronization project. This depends on the specific configuration of the synchronization.
For more information, see Applying patches to synchronization projects.
Table 17: Patches for the SCIM interface (in Universal Cloud Interface Module)
ADO#444262 |
New variable for configuring the transfer of access data |
Inserts the dprauthoauthusebody variable into the standard variable set and the connection parameters. This can be used to configure the transfer of access data in the header or body.
This patch is applied automatically when One Identity Manager is updated. |
444262 |
Table 18: General patches
VPR#36755 |
Disables the synchronization buffer for the central database |
Disables the synchronization buffer for various virtual schema properties in the central database schema in synchronization projects for system synchronization. |
36755 |
Table 19: Patches for Azure Active Directory
VPR#36799 |
Sets filters in multi-reference rules |
Inserts member filters in various multi-reference rules for the Owners schema property.
This patch is applied automatically when One Identity Manager is updated. |
36799 |
Table 20: Patches for Microsoft Exchange
VPR#37274 |
Adjusts variable descriptions |
Adjusts descriptions of variables for synchronization projects.
This patch is applied automatically when One Identity Manager is updated. |
37274 |
Table 21: Patches for SAP R/3
VPR#36970 |
Sets reload threshold of user accounts |
Sets the reload threshold in the user synchronization step to the value 4. |
36970 |
Table 22: Patches for SharePoint Online
VPR#37272 |
Set filters for the vrtLcid and vrtLanguage schema properties |
Sets system filters in the vrtLcid and vrtLanguage schema properties in the Site, Web, and WebTemplate mappings. |
37272 |
Table 23: Patches for the SCIM interface (in Universal Cloud Interface Module)
VPR#36985 |
Schema extension corrections |
Saves the name of the schema type extensions in the schema.
This patch is applied automatically when One Identity Manager is updated. |
36985 |
Table 24: Patches for Active Directory
VPR#35808 |
Correction of the property mapping rule for StructuralObjectClass |
Corrects the StructuralObjectClass_vrtobjectClass property mapping rule in the domainDNS mapping. Ignore case is enabled.
This patch is applied automatically when One Identity Manager is updated. |
35808 |
Table 25: Patches for Microsoft Exchange
VPR#36151 |
Correction of property mapping rules for Mailbox database and Archive mailbox database |
Corrects the property mapping rule for Mailbox database and Archive mailbox database in the Mailbox mapping, to prevent changes to mailbox databases in One Identity Manager being overwritten by old values.
This patch is applied automatically when One Identity Manager is updated. |
36151 |
Table 26: Patches for LDAP
VPR#36271 |
New property mapping rule for the UserPassword schema property |
Inserts a property mapping rule for the UserPassword schema property into the User and InetOrgPerson mappings. |
36271 |
VPR#36450 |
New property mapping rule for the AccountDisabled schema property |
Inserts a property mapping rule for the AccountDisabled schema property into all mappings with the LDAPAccount schema type. |
36450 |
Table 27: Patches for HCL Domino
VPR#35816 |
Correction of the InternetAddress mapping |
Corrects details of the vrtInternetAddress1st schema property in the Database, Group, and Person mappings.
This patch is applied automatically when One Identity Manager is updated. |
35816 |
Table 28: Patches for OneLogin
VPR#35969 |
Correction of schema properties for resolving references |
Corrects details of schema properties from the OLGEvent (all) schema class.
This patch is applied automatically when One Identity Manager is updated. |
35969 |
Table 29: Patches for SAP R/3
VPR#35991 |
Correction of property mapping rules in the userExternalID mapping |
Sets the Force mapping against direction of synchronization option on various property mapping rules in the userExternalID mapping.
This patch is applied automatically when One Identity Manager is updated. |
35991 |
Table 30: Patches for SAP R/3 authorization objects
VPR#35944 |
Correction of the reload threshold in the start up configuration |
Increases the reload threshold in the Initial Synchronization start up configuration.
This patch is applied automatically when One Identity Manager is updated. |
35944 |
Table 31: Patches for the SCIM interface (in Universal Cloud Interface Module)
VPR#36108 |
Updates the target system schema |
Updates the target system schema.
This patch is applied automatically when One Identity Manager is updated. |
36108 |
Table 32: Patches for the Universal Cloud Interface (in Cloud Systems Management Module)
VPR#36150 |
Correction of handling ineffective assignments in the Provisioning workflow |
Extends a condition on the Insert processing method in synchronization steps for handling memberships of cloud groups and cloud system entitlements in the Provisioning workflow. This prevents provisioning of ineffective assignments. |
36150 |
Table 33: General patches
|
Milestone 9.1 |
Milestone for the context DPR. |
|
|
Milestone 9.1 |
Milestone for the context One Identity Manager. |
|
Table 34: Patches for Azure Active Directory
VPR#33400 |
New property mapping rule for assigning administrator roles to Azure Active Directory groups |
Adds a property mapping rule for the IsAssignableToRole schema property to the Group mapping.
This patch is applied automatically when One Identity Manager is updated.
Dependent on the Filter members of directory roles patch (VPR#33399). |
33400 |
VPR#34744 |
New property mapping rule for mapping the properties of dynamic Azure Active Directory groups |
Adds property mapping rules for the membershipRuleProcessingState and membershipRule schema properties to the Group mapping.
This patch is applied automatically when One Identity Manager is updated. |
34744 |
VPR#35033 |
Support for B2C tenants |
Adds property mapping rules for the TenantType and Identities schema properties in the Organization and User mappings. |
35033 |
VPR#35286 |
Allows writing of email addresses of Azure Active Directory user accounts. |
Corrects the property mapping rule for the Mail schema property in the User mapping.
This patch is applied automatically when One Identity Manager is updated. |
35286 |
VPR#35289 |
Support for administrative units |
Extends the synchronization configuration to support administrative units.
This patch is applied automatically when One Identity Manager is updated. |
35289 |
VPR#35290 |
New property mapping rule for the creation type of Azure Active Directory user accounts. |
Adds a property mapping rule for the CreationType schema property to the Group mapping.
This patch is applied automatically when One Identity Manager is updated. |
35290 |
VPR#35303_AAD |
Supports classifications |
Extends the synchronization configuration to support classification of Exchange Online Office 365 groups. |
35303 |
VPR#35768 |
Correction of the ServicePrincipal mapping |
Corrects the property mapping rule for the Owners schema property in the ServicePrincipal mapping.
This patch is applied automatically when One Identity Manager is updated.
Depending on patch Azure Active Directory service principal support (VPR#33088). |
35768 |
|
Milestone 9.1 |
Milestone for the context Azure Active Directory. |
|
Table 35: Patches for Active Directory
VPR#35533 |
Removes unused schema properties |
Removes unused virtual schema properties from the site mapping.
This patch is applied automatically when One Identity Manager is updated. |
35533 |
VPR#33793 |
New property mapping rule for mapping the domain's RID master |
Adds a property mapping rule for the UID_ADSMachineRIDMaster schema property to the domainDNS mapping.
This patch is applied automatically when One Identity Manager is updated. |
33793 |
|
Milestone 9.1 |
Milestone for the context Active Directory. |
|
Table 36: Patches for
VPR#35122 |
Updates the target system schema |
Updates the target system schema to update data types in the stored schema.
This patch is applied automatically when One Identity Manager is updated. |
35122 |
|
Milestone 9.1 |
Milestone for the context . |
|
Table 37: Patches for Microsoft Exchange
VPR#31374 |
Support for room lists |
Adds property mapping rules for the RecipientType and RecipientTypeDetails schema properties to the DistributionGroup mapping.
This patch is applied automatically when One Identity Manager is updated. |
31374 |
VPR#35506 |
Corrects the behavior of "unlimited" values |
Corrects the treatment of "unlimited" values. Schema properties and property mapping rules are adjusted for this.
This patch is applied automatically when One Identity Manager is updated. |
35506 |
|
Milestone 9.1 |
Milestone for the context Microsoft Exchange. |
|
Table 38: Patches for Exchange Online
VPR#30841 |
Prevents the creation of additional base objects |
Changes synchronization project settings to prevent more than one base object being added.
This patch is applied automatically when One Identity Manager is updated. |
30841 |
VPR#34568 |
New property mapping rules for mapping quota settings for mailboxes |
Adds property mapping rules for the ProhibitSendQuota, IssueWarningQuota and ProhibitSendReceiveQuota schema properties to the mailbox mapping. |
34568 |
VPR#34265 |
Mailbox permissions support |
Extends the synchronization configuration to map the Full Access and Send As mailbox permissions.
This patch is applied automatically when One Identity Manager is updated. |
34265 |
VPR#34766 |
Support for certificate-based authentication |
Adds the AADOrganization variable to the default variable set.
This patch is applied automatically when One Identity Manager is updated. |
34766 |
VPR#35343_O3E |
Supports classifications |
Extends the synchronization configuration to support classification of Exchange Online Office 365 groups.
This patch is applied automatically when One Identity Manager is updated. |
35303 |
|
Milestone 9.1 |
Milestone for the context Exchange Online. |
|
Table 39: Patches for Microsoft Teams
VPR#35410 |
Updating the One Identity Manager schema |
Updates the One Identity Manager schema to properly set the scope for O3TTeam and O3TTeamChannel.
This patch is applied automatically when One Identity Manager is updated. |
35410 |
|
Milestone 9.1 |
Milestone for the context Azure Active Directory. |
|
Table 40: Patches for Google Workspace
VPR#34885 |
Extensions for synchronizing Google Workspace external email addresses |
Extends the synchronization configuration for synchronizing external email addresses. |
34885 |
|
Milestone 9.1 |
Milestone for the context Google Workspace. |
|
Table 41: Patches for LDAP
VPR#35702 |
Ignore upper and lower case when comparing values |
Sets the Ignore case option in the property mapping rules of the ObjectClass and StructuralObjectClass schema properties.
This patch is applied automatically when One Identity Manager is updated. |
35702 |
|
Milestone 9.1 |
Milestone for the context LDAP. |
|
Table 42: Patches for HCL Domino
VPR#35500 |
Correction of the vrtProxyDataBaseName schema property |
Corrects the script for loading the vrtProxyDataBaseName schema property of the AdminRequest (all) schema class.
This patch is applied automatically when One Identity Manager is updated. |
35500 |
VPR#35745 |
Check value of variable MailFileAccessType |
Checks and corrects the MailFileAccessType variable in all variable sets.
This patch is applied automatically when One Identity Manager is updated. |
35745 |
|
Milestone 9.1 |
Milestone for the context HCL Domino. |
|
Table 43: Patches for OneLogin
VPR#35834 |
New object matching rule in the UserCustomAttribute mapping |
Inserts another object matching rule in the UserCustomAttribute mapping.
This patch is applied automatically when One Identity Manager is updated. |
35834 |
Table 44: Patches for Privileged Account Management
VPR#35621 |
Support for One Identity Safeguard 7.0 (LTS) |
Extends the synchronization configuration to support One Identity Safeguard version 7.0 (LTS). |
35621 |
|
Milestone 9.1 |
Milestone for the context Privileged Account Management. |
|
Table 45: Patches for SAP R/3
VPR#34646_SAP |
Updates the target system schema |
Updates the target system schema.
This patch is applied automatically when One Identity Manager is updated. |
34646 |
|
Milestone 9.1 |
Milestone for the context SAP R/3. |
|
Table 46: Patches for SAP R/3 personnel planning data and structural profiles
VPR#32154 |
Introduces some revision counters |
Enables revision filtering in the Main Identity, Workdates of Employee, and Communication Data synchronization steps. |
32154 |
|
Milestone 9.1 |
Milestone for the context SAP R/3 structural profile add-on. |
|
Table 47: Patches for SAP R/3 BI analysis authorizations
|
Milestone 9.1 |
Milestone for the context SAP R/3 analysis authorizations add-on. |
|
Table 48: Patches for SAP R/3 authorization objects
|
Milestone 9.1 |
Milestone for the context SAP R/3. |
|
Table 49: Patches for SharePoint
|
Milestone 9.1 |
Milestone for the context SharePoint. |
|
Table 50: Patches for SharePoint Online
VPR#30841 |
Prevents the creation of additional base objects |
Changes synchronization project settings to prevent more than one base object being added.
This patch is applied automatically when One Identity Manager is updated. |
30841 |
|
Milestone 9.1 |
Milestone for the context SharePoint Online. |
|
Table 51: Patches for the SCIM interface (in Universal Cloud Interface Module)
VPR#34952 |
Additional certificate options for system connections |
Adds new variables to the default variable set and connection parameters.
This patch is applied automatically when One Identity Manager is updated. |
34952 |
VPR#35571 |
New variable for configuring a request timeout |
Adds a variable to configure the request timeout to the default variable set and connection parameters. |
35571 |
|
Milestone 9.1 |
Milestone for the context SCIM. |
|
Table 52: Patches for the Universal Cloud Interface (in Cloud Systems Management Module)
VPR#35451 |
Handling of XIsInEffect columns for all UserInGroup* and UserHasGroup* tables. |
Adds special handling of the XIsInEffect columns for all UserInGroup* and UserHasGroup* tables to the corresponding mappings and workflows. |
35451 |
|
Milestone 9.1 |
Milestone for the context Universal Cloud Interface. |
|
Table 53: Patches for Unix
|
Milestone 9.1 |
Milestone for the context Unix. |
|
Table 54: Patches for the One Identity Manager connector
|
Milestone 9.1 |
Milestone for the context Database. |
|
Table 55: Patches for the CSV connector
|
Milestone 9.1 |
Milestone for the context CSV. |
|
The following features are no longer supported with this version of One Identity Manager:
-
In future, mutual aid as well as password questions and password answers will not be supported in the Manager.
Use the Password Reset Portal to change passwords. Save your password questions and password answers in the Web Portal.
-
The SOAP Web Service is no longer supported.
-
The SPML Webservice is no longer supported.
-
The API Designer is no longer supported.
Added instructions in the One Identity Manager API Development Guide on how to convert XML-based API definition code into a plugin library.
-
Administration of different versions of a compiled project using compilation branches is no longer supported.
-
The Visual Studio Code extension for HTML application development is no longer supported.
-
Compiling HTML applications in the Database Compiler is no longer supported.
-
The SharePoint 2010 connector is no longer supported.
-
The Microsoft Exchange 2010 connector is no longer supported.
-
The Relevance for compliance property for IT Shop requests (PWODecisionStep.ComplianceRelevance and QERWorkingStep.ComplianceRelevance) is no longer supported.
-
Starling Two-Factor Authentication and the Starling 2FA app are no longer supported as the Starling Two-Factor Authentication service was disconnected on November 1, 2022.
-
The generic LDAP connector is no longer supported. Use the LDAP Connector (version 2).
-
The Domino connector no longer supports synchronization of the following environments:
-
IBM Domino Server versions 8, 9, and 10
-
IBM Notes Client versions 8.5.3 and 10.0
Update your target system environment to a supported version. For more information, see Supported data systems.
The following features will be discontinued in later One Identity Manager versions and should no longer be utilized:
-
The following scripts are labeled obsolete. A warning to this effect is issued during compilation.
-
VI_GetValueOfObject
-
VID_GetValueOfDialogObject
-
VI_ITDataFromOrg
-
VI_AE_ITDataFromOrg
-
VI_GetOrgUnitFromCertifier
-
VI_ConvertDNToCanonicalName
-
VI_PersonAuto_LDAP
-
VI_PersonAuto_ADS
-
VI_PersonAuto_EBS
-
VI_PersonAuto_Notes
-
VI_PersonAuto_SAP
-
VI_PersonAuto_SharePoint_SPSUser
-
VI_GetAttestationObject
-
In future, the Domino connector will no longer support synchronization of the following environments:
Before installing One Identity Manager 9.1.3, ensure that your system meets the following minimum hardware and software requirements.
For more detailed information about system prerequisites, see the One Identity Manager Installation Guide.
NOTE: When setting up a virtual environment, carefully consider the configuration aspects such as CPU, memory availability, I/O subsystem, and network infrastructure to ensure the virtual layer has the necessary resources available. For more information about environment virtualization, see One Identity's Product Support Policies.
Every One Identity Manager installation can be virtualized. Ensure that performance and resources are available to the respective One Identity Manager component according to system requirements. Ideally, resource assignments for the database server are fixed. Virtualization of a One Identity Manager installation should only be attempted by experts with strong knowledge of virtualization techniques.