Working with an encrypted database
When you set up a in an encrypted One Identity Manager database, sensitive data is encrypted. This affects passwords for connection data as well as variables that are labeled as secret. The requires all connection data in decrypted form in order to access connected systems. You can nevertheless open the synchronization project and edit it partially.
If the Synchronization Editor now accesses the connection system, it cannot establish a system connection because certain connection parameters are encrypted. The values can be decrypted through an appropriately configured remote connection. Set up a remote connection server to do this. For more information, see Establish remote connection. Note here the relevant restrictions for setting up a remote connection server.
To enable the system connection despite encrypted connection data
-
Edit the system connection.
For more information, see How to edit system connection properties.
An extra dialog box is displayed.
-
Set the first option and click OK.
-
Enter the remote connection properties.
For more information, see Remote connection properties.
-
Click Connect.
This sets up the remote connection. The connection remains in place for as long as the synchronization project is open in the Synchronization Editor.
NOTE: If a remote connection is not possible, you have the option, at this point, to enter values for establishing the system connection.
- Set the second option for this and enter the missing values. Click OK.
To decrypt encrypted values by default when you open a synchronization project
Table 17: Decryption dialog
| Encrypted value |
Value required by the connector to establish a system connection. |
| Ignore this value |
Specifies whether to ignore the value. The synchronization project can be selectively edited. However, all actions which required accessing the connected system, cannot be executed. |
| Show values |
Specifies whether the values entered are shown. If this option is not set, input is masked. |
| Remember the values and save locally |
Specifies whether the data entered is saved locally. The next time the synchronization project is opened, the stored values are applied and can be confirmed or altered.
IMPORTANT: If an encrypted value has been changed in the One Identity Manager database, the changed value must also be changed on the workstation as soon as the synchronization project is next opened.
Otherwise, the value is overwritten by the locally stored data when the synchronization project is saved. Modifications (of passwords, for example) go missing this way!
To avoid overwriting
- Update the pre-set values and enable the Remember the values and save locally option.
To delete locally saved data
- Select the Database | Settings... menu item.
- Select the Security tab.
- Select a value and click Delete.
|
|
Ignore all |
Ignores encrypted values and open the synchronization project. |
Changing a synchronization user's password
One Identity Manager provides a system user with all the permissions necessary to set up through an application server and to run it. When you set up the One Identity Manager database, you entered a password for the Synchronization system user. You can change this password in the . The password must then be changed in all that connect to the database through an application server. One Identity Manager can try to update these passwords automatically. If this is not possible, modify the synchronization projects manually.
IMPORTANT: The password may not be changed while synchronization is starting up or running. Only change the password outside working hours!
Only passwords that are managed in One Identity Manager can be changed. There is no menu item shown for externally managed passwords. For detailed information about managing system user passwords, see the One Identity Manager Authorization and Authentication Guide.
To change the system user's Password
- Select Database | Change synchronization user password.
- Enter the required data:
- Click OK.
Table 18: Password data
| Old password |
Password valid until now. |
| New password and password confirmation |
New password for the system user to log on o the database. |
| Show passwords |
Passwords are not masked. |
| Try to update existing synchronization projects |
One Identity Manager checks all the synchronization projects and tries to update the password. The password is only changed in synchronization projects that are connected with the database through an application server. |
To manually update the database connection password
- Open the synchronization project which needs to have its password updated.
- Select Configuration | One Identity Manager Connection.
- Confirm the prompt with OK.
Do not establish a remote connection.
- Click Edit connection.
- Select the Connection parameter page in the system connection wizard.
- Enter the new password in Synchronization user's password.
- Click Test.
- If the connection is successfully established, click Next.
- Close the system connection wizard.
- Save the changes.
Basics of target system synchronization
To configure you must have knowledge of the One Identity Manager's basic procedure for synchronizing and provisioning data. These basics are explained in the following sections.
Synchronization Editor communications
A server installed with the One Identity Manager Service and, if necessary, other target system specific software, is required for . This server (named the synchronization server in the following) requires direct access to the target system. The synchronization server communicates directly with the One Identity Manager database by default. You can also set up a connection over an application server for this.
Figure 4: Communication paths for synchronization
To configure synchronization with a target system, One Identity Manager must load the data from the target system. One Identity Manager communicates directly with the target system to do this. Sometimes direct access from the workstation, on which the is installed, is not possible. For example, because of the firewall configuration or the workstation does not fulfill the necessary hardware and software requirements. If direct access is not possible from the workstation, you can set up a remote connection.
Figure 5: Communication paths for configuration
Related topics
