Data Synchronization use cases
There are two ways data can be synchronized from One Identity Manager to ServiceNow.
-
Full sync: This means that all data will be loaded from One Identity Manager.
-
Delta sync: This means that all data will be loaded from One Identity Manager, which was added or updated after the last synchronization date. These configuration parameters are updated after every synchronization.
For example, only those employees that are created/updated after the date defined in the configuration parameter “delta_xdateupdated_person” will be imported. This reduces the import duration.
Performing a full synchronization through scheduled job
Scheduled Script Executions: InitializeConfigurationParametersAndLoadData.
The configuration parameter job_load_data_from_oneim_server_full_load determines if the scheduled job should perform a full synchronization. This parameter takes a boolean value (default value is true) and setting the value to true would enable a full synchronization.
NOTE: One Identity recommends performing Delta load of users and service items through a scheduled background job on a daily basis during non peak hours. Full load of users and service items could be performed once a month or according to customer requirements during non peak hours.
Performing delta synchronization through scheduled job
Scheduled Script Executions: InitializeConfigurationParametersAndLoadData.
The configuration parameter job_load_data_from_oneim_server_delta_load is used to configure delta synchronization by the scheduled job service. This parameter takes a Boolean value (default value is false) and setting the value to true would cause a delta synchronization to be performed if full synchronization is not enabled.
Once the delta synchronization has been enabled, configure the following additional configuration parameters that specify what entities will be delta synchronized
Additional delta synchronization configuration parameters
Roles and Permissions
Details of the roles that are currently supported by the One Identity Manager for Service Catalog App are explained below.
-
x_oni_oneim_addon.admin – This is the One Identity Manager for Service Catalog App Administrator role. It is the responsibility of the SysAdmin to assign this role to appropriate users. Users with this Role would be able to view the application in the application navigator and will have Read/Write access to all the application tables.
-
x_oni_oneim_addon.businessuser – This is the One Identity Manager for Service Catalog application business user role. These users can request service items only for themselves and their subordinates. All users synchronized into ServiceNow from One Identity Manager will be assigned to this role.
-
x_oni_oneim_addon.helpdesk - This is the One Identity Manager for Service Catalog App helpdesk role. It is the responsibility of the SysAdmin to assign this role to appropriate users. Users with this Role can request service items for any user that has a matching identity record in One Identity Manager. These are detailed steps to configure helpdesk role –
- Assign x_oni_oneim_addon.helpdesk role to appropriate users.
- Assign ServiceNowHelpDesk role to the same user in one identity manager.
- Open Apiserver and login to Admin portal using system admin credential.
- Navigate to configuration and select “Web portal” in dropdown.
- Navigate to “Feature configuration(QER)”.
- Append this query in “Identities for which request can be placed”
OR (EXISTS(SELECT 1 FROM PersonInAERole WHERE UID_Person = '%useruid%' AND UID_AErole = ‘SCN-e47781323bd34e799e5ed9a2f4664f89') AND (uid_person IN (SELECT uid_person FROM Person)))
Schedule job OneIdentity Manager user permissions required
Currently we support DialogUser authentication module and following are the minimum permissions required for the system user:
