To delete a property mapping
- Select the Mappings category.
- Select a mapping in the navigation view.
- Click
in the rule view menu bar for property mapping rules.
- Confirm the security prompt with Yes.
Target system synchronization with the Synchronization Editor
Working with the Synchronization Editor
Synchronization Editor views
Status bar information
Menu items
Customizing the program settings
Wizard for entering filters
Support for scripting
Save changes permanently
Establish remote connection
Working with an encrypted database
Changing a synchronization user's password
Basics of target system synchronization
Synchronization Editor communications
How are schemas mapped
What are filters?
What is a scope?
How does revision filtering work?
How does dependency resolution work?
Unresolvable references
Direction of synchronization and mapping
Mapping against the direction of synchronization
Detecting rogue modifications
Synchronizing user data with different systems
Deleting objects in One Identity Manager
How to remove unnecessary project data
Updating schemas
Synchronizing and provisioning memberships
Performance and memory optimization
Improving loading performance
Setting up synchronization
Starting the Synchronization Editor
Creating a synchronization project
Running synchronization
How to create a synchronization project
How to edit a synchronization project
How to delete a synchronization project
General properties of a synchronization project
Specifying the script language in synchronization projects
Templates for creating synchronization projects
Restricting system access
Configuring synchronization
Setting up mappings
Overview of schema classes
Customizing the synchronization configuration
Checking the consistency of the synchronization configuration
Activating the synchronization project
Defining start up sequences
Mapping editor
How to create a mapping
How to edit a mapping
How to delete a mapping
Properties of a mapping
Schema class properties
Edit schema properties
Setting up synchronization workflows
How to add virtual schema properties
How to display and edit schema properties
How to delete virtual schema properties
Editing property mapping rules
How to create property mapping rules
How to edit property mapping rules
How to delete property mapping rules
Property mapping rule details
Editing object matching rules
Toolbars in the workflow editor
How to create a workflow
How to edit a workflow
How to copy a workflow
How to delete a workflow
Creating workflows with the workflow wizard
Properties of a workflow
Editing synchronization steps
Connecting systems
How to create synchronization steps
How to edit synchronization steps
How to delete synchronization steps
General properties of a synchronization step
Specifying processing methods
Specifying quotas
Rule filters
Extended synchronization step properties
Show execution plan
How to edit system connection properties
System connection properties
Configuring the synchronization log
Editing the scope
Using variables and variable sets
How to create variables
How to edit variables
How to delete variables
How to create specialized variable sets
How to delete specialized variable sets
Variable properties
Using scripts in variables
Setting up start up configurations
How to create start up configurations
How to edit start up configurations
How to delete start up configurations
Start up configuration properties
Grouping
Maintenance modes
Specifying a schedule
Setting up base objects
Simulating synchronization
Starting synchronization manually
Executing start up sequences
Monitoring start up sequences
Handling unexpected termination of synchronization
Resetting revisions
Synchronization analysis
Toolbars in the log view
How to display synchronization logs
Target system synchronization
Help for the analysis of synchronization issues
Setting up synchronization with default connectors
Updating existing synchronization projects
Script library for synchronization projects
Views in the script library
Adding scripts to script libraries
Editing scripts in the script library
Using scripts across projects
Additional information for experts
Additional properties of a mapping
Extended properties for start up configuration
Using the local cache
Schema browser
Schema editor
Using custom project templates
Resolving errors when connecting target systems
Configuration parameters for target system synchronization
Configuration file examples
Creating project templates
Creating synchronization projects from a custom project template
Managing project templates
Include custom tables in the synchronization
Validating scripts
Starting synchronization
Defining downstream processes
Processing synchronization steps
Exporting a synchronization configuration
Operations for provisioning and single object synchronization
Load balancing during provisioning and single object synchronization
Automatically create and update synchronization projects
Customizing the configuration file
Maintaining the data store
Troubleshooting
Parameter definitions
Global definitions
Defining the editor for new synchronization projects
Defining the editor for existing synchronization projects
Synchronization Editor Command Line Interface
Synchronization Editor Module for Windows PowerShell
Configuration file for creating new synchronization projects
Configuration file for updating existing synchronization projects
Glossary
How to delete property mapping rules
Property mapping rule details
Enter the following details for a property mapping
Tip: To create a rule from a template, click 
.
.|
Detail |
Description | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
Rule Types |
Select the rule type for a new rule.
| ||||||||||
|
Rule name |
Name for the rule. The rule name must be unique within a mapping. Click | ||||||||||
|
Display name |
Rule display name. | ||||||||||
|
Mapping direction |
Specify the permitted mapping direction for mapping selected schema properties.
| ||||||||||
|
Ignore mapping direction restrictions on adding |
Specifies whether the given direction of mapping is ignored when new objects are added. If this option is set, the property mapping rule can also be run if the synchronization mapping is in the opposite direction. Property mapping rules not assigned a mapping direction are also ignore when new objects are added. If this option is not set, the specify mapping direction is valid when new objects are added. Example: A telephone system is managed with One Identity Manager. The telephone system is the data master when the telephone numbers are synchronized. The direction of mapping is set to One Identity Manager. The telephone number is a mandatory value in the target system. In One Identity Manager, a new employee is added. Each employee is given and initial telephone number. These employees should be added to the target system by synchronizing them. So that the telephone numbers are written to the target system during synchronization, the Ignore mapping direction restrictions on adding option must be set on the property mapping rule. | ||||||||||
|
Description |
Text field for additional explanation. | ||||||||||
|
Schema property |
Select the schema properties to be mapped. | ||||||||||
|
Do not overwrite |
The schema property value is only changed by synchronization if the schema property does not contain a value. | ||||||||||
|
Mapping condition |
Condition under which the property mapping rule is used. Click Create condition to create the condition with the wizard. For more information, see Wizard for entering filters. Example: Left.CanonicalName = 'Managed Service Accounts' The property mapping rule is applied to all objects assigned to the container "Managed Service Accounts" in One Identity Manager. |
to change rule names. The rule name is used as key. Changes to the rule name may cause errors.|
Detail |
Description |
|---|---|
|
Force mapping against direction of synchronization |
If this option is set, the property mapping rule can also be applied if the synchronization mapping is in the opposite direction. For more information, see Mapping against the direction of synchronization. The option can only be set if:
The property mapping rule may not be executed in both directions. |
|
Detecting rogue modifications |
Specifies whether rogue modifications are identified and logged if the direction of synchronization is opposite to the mapping direction. The option can only be set if:
If this option is set, rogue modifications are detected and logged. The log can be evaluated after synchronization. For more information, see Synchronization analysis. If the option is not set, the property mapping rule is ignored by synchronization. |
|
Correct rogue modifications |
Specifies whether rogue modifications are corrected if the direction of synchronization is opposite to the mapping direction. The option can only be set if:
If the option is set, the property mapping rule is executed by synchronization. The object property in the connected system is overwritten with the value from the data master. Thus rogue changes are ignored. If the option is not set, rogue changes are only logged. |
|
Ignore case |
Specifies whether changes that only differ through case are ignored by the mapping. This option affects only schema properties with the String data type. |
|
Deal with the first value of the property as a single value |
If a multi-value schema property is mapped using a value compare rule, the first value from the value list is taken into account by synchronization. |
|
Disable merge mode support |
Specifies whether to disable merge mode for single provisioning of memberships in this property mapping rule. If the option is set, when memberships are provisioned and merge mode is enabled on the assignment table, the entire membership list is also transferred. Weitere Informationen finden Sie unter Einzelprovisionierung von Mitgliedschaften. |
| Member filter | Description |
|---|---|
| Only include these | Select all members in the value list to be mapped to the schema property of the connected system. |
| Exclude these | Select all members in the value list not to be mapped to the schema property of the connected system. |
Editing object matching rules
Object matching rules assign schema properties through which system objects can be uniquely identified. For example, Active Directory groups can be uniquely identified by the DistinguishedName and ObjectGUID schema properties.
Object matching rules can be added or created from property mapping
NOTE: Using object matching rules of this type can slow down synchronization
If several object matching rules are set up, they are executed in the order in which they are listed in the rule view. The rule at the top is the primary rule, all other are marked as alternatives. If a system object can be identified uniquely by the primary rule, the alternative rule are not executed. If a system object cannot be identified by the primary rule, One Identity Manager uses the next alternative rule to determine a suitable system object. If non of the rules can identify a suitable system object, the object does not have a partner can is handled as new or deleted.
Example
The following object matching rules are defined for mapping Active Directory groups:
- Object GUID <-> Object GUID (primary rule)
- Distinguished name <-> Obj-Dist-Name (alternative rule)
- Object SID <-> Object-Sid (alternative rule no. 2)
Properties of an Active Directory group are modified in One Identity Manager. During provisioning, the Active Directory connector tries to identify the group in the target system by using the object GUID. It does not find an object with this object GUID so the alternative object matching rule is applied. The connector identifies an object with the same distinguished name and updates this object in the target system.
NOTE:
-
Object matching rules must use schema properties with read-access. Write-only schema properties are not suitable for identification of system objects.
-
Schema property
-
Schema
-
If several system objects that fulfill the matching criteria are found, a message appears in the synchronization log. These objects are ignored as processing continues.
If several system objects are found, either there is corrupt data in connected systems or the matching critera is not unique. Clean up the data in the connected systems and adjust the object matching rules.
How to create object matching rules
To create an object matching rule from a property mapping
- Select the Mappings category.
- Select a mapping in the navigation view.
- Select the property mapping rule in the rule view.
- Click
in the rule view toolbar.
A message appears.
- To convert the property mapping rule to an object matching rule, click No in the message dialog.
- OR -
To convert the property mapping rule into an object matching rule and create a copy of the property mapping rule, click Yes in the message dialog.
To create a new object matching rule
- Select the Mappings category.
- Select a mapping in the navigation view.
- Click
in the rule view toolbar for object matching rules.
- Select a rule type and enter the rule details.
- Click OK.
One Identity Manager helps you to set up new object matching rules based on existing rules. Use the mapping wizard for this.
To create an object matching rules with the mapping wizard
- Select the Mappings category.
- Select a mapping in the navigation view.
- Click
- Follow the mapping wizard's instructions.
- Test the new rule.