Chatee ahora con Soporte
Chat con el soporte

Identity Manager 9.2.1 - Generic Database Connector User Guide for Connecting SQL Server Databases

Prerequisites and notes for connecting a One Identity Manager database as a target system

NOTE: As of One Identity Manager version 8.2, there is One Identity Manager connector support for synchronizing databases with different product versions or a different number of modules. If possible, use the One Identity Manager connector for synchronizing of One Identity Manager databases. For more information, see the One Identity Manager User Guide for the One Identity Manager Connector.

The generic database connector can also be used to synchronize One Identity Manager databases with different product versions or modules. The following prerequisites apply for connecting this type of database:

  • If the two databases have different One Identity Manager versions, the database with the earlier version must be connected as the target system. This means that synchronization is configured on the database with the newer version.

  • To have write access to the target system database, this database must

    • Be connected through an application server

    • Have at least Version 7.0.

  • For data changes in the target system database, the REST API of the application server is used. The HTTP request methods POST, GET, PUT, and DELETE must be permitted by the application server’s web server.

  • The following applies for encrypted databases:

    • Both databases to be synchronized use the same private key.

    • The encrypted data is transmitted in encrypted form during synchronization. The data is not decrypted in this process.

  • The following applies to synchronizing in the Target system direction:

    Objects that are only in the target system database cannot be marked as outstanding in the target system. The MarkAsOutstanding processing method is not available for the synchronization steps.

Creating a synchronization project

A synchronization project collects all the information required for synchronizing the One Identity Manager database with a target system. Connection data for target systems, schema types and properties, mapping, and synchronization workflows all belong to this.

Make the following information available for setting up a synchronization project for synchronizing with the generic database connector.

Table 5: Information required for setting up a synchronization project

Data

Explanation

Synchronization server

All One Identity Manager Service actions are run against the target system environment on the synchronization server. Data entries required for synchronization and administration with the One Identity Manager database are processed by the synchronization server.

Installed components:

  • One Identity Manager Service (started)

The synchronization server must be declared as a Job server in One Identity Manager. The Job server name is required.

For more information, see Setting up the synchronization server.

Remote connection server

To configure synchronization with a target system, One Identity Manager must load the data from the target system. One Identity Manager communicates directly with the target system to do this. Sometimes direct access from the workstation, on which the Synchronization Editor is installed, is not possible. For example, because of the firewall configuration or the workstation does not fulfill the necessary hardware and software requirements. If direct access is not possible from the workstation, you can set up a remote connection.

Remote connection server configuration:

  • One Identity Manager Service is started

  • RemoteConnectPlugin is installed and an authentication method is set up

The remote connection server must be declared as a Job server in One Identity Manager. The Job server name is required.

TIP: The remote connection server requires the same configuration as the synchronization server (with regard to the installed software and entitlements). Use the synchronization server as remote connection server as well by installing the RemoteConnectPlugin.

For more detailed information about setting up a remote connection, see the One Identity Manager Target System Synchronization Reference Guide.

Synchronization workflow

Set the Data import option in the synchronization step if synchronization data is imported from a secondary system. If a One Identity Manager database is connected as a target system, this option works in both directions, that is, also including synchronization with the target system.

For more detailed information about synchronizing user data with different systems, see the One Identity Manager Target System Synchronization Reference Guide.

Base object

You cannot normally specify a base object for synchronizing with database connectors. In this case, assignment of one base table and the synchronization server is sufficient.

  • Select the table from the Base table menu in which to load the objects. The base table can be used to defined downstream processes for synchronization. For more information about downstream processes, see the One Identity Manager Target System Synchronization Reference Guide.

  • The Synchronization servers menu displays all Job servers for which the Generic database connector server function is set.

Variable set

If you implement specialized variable sets, ensure that the start up configuration and the base object use the same variable set.

To configure synchronization with the generic database connector

  1. Create a new synchronization project.

  1. Add mappings. Define property mapping rules and object matching rules.

  2. Create synchronization workflows.

  3. Create a start up configuration.

  4. Define the synchronization scope.

  5. Specify the base object of the synchronization.

  6. Specify the extent of the synchronization log.

  7. Run a consistency check.

  8. Activate the synchronization project.

  9. Save the new synchronization project in the database.

Detailed information about this topic

Creating a synchronization project

There is a wizard to assist you with setting up a synchronization project. This wizard takes you through all the steps you need to set up initial synchronization with a target system. Click Next once you have entered all the data for a step.

NOTE: The following sequence describes how to configure a synchronization project if the Synchronization Editor is both:

  • Run in default mode

  • Started from the Launchpad

If you run the project wizard in expert mode or directly from the Synchronization Editor, additional configuration settings can be made. Follow the project wizard instructions through these steps.

To set up a synchronization project

  1. Start the Launchpad and log in on the One Identity Manager database.

    NOTE: If synchronization is run by an application server, connect the database through the application server.

  1. Select the Generic Database Connector and click Run.

    This starts the Synchronization Editor's project wizard.

  1. On the wizard's start page, click Next.

  2. On the System access page, specify how One Identity Manager can access the target system.

    • If access is possible from the workstation on which you started the Synchronization Editor, do not change any settings.

    • If access is not possible from the workstation on which you started the Synchronization Editor, you can set up a remote connection.

      Select the Connect using remote connection server and enter the remote connection properties.

  • Click Next to start the system connection wizard to create a connection to an external database.

  1. On the Select database system page, select the database system to which you want to connect.

    • Select SQL Server.

  2. Configure the system connection.

    For more information, see Connecting a system to an SQL Server database.

  3. On the Save configuration page, you can save the current configuration as a template. When you reconnect to a database system of the same type, you can use this configuration as a template.

    • Click and enter the name and repository of the configuration file.

  4. On the last page of the system connection wizard, you can save the connection data.

    • Set the Save connection locally option to save the connection data. This can be reused when you set up other synchronization projects.

    • Click Finish, to end the system connection wizard and return to the project wizard.

  1. On the One Identity Manager Connection tab, test the data for connecting to the One Identity Manager database. The data is loaded from the connected database. Reenter the password.

    NOTE:

    • If you use an unencrypted One Identity Manager database and have not yet saved any synchronization projects to the database, you need to enter all connection data again.

    • This page is not shown if a synchronization project already exists.

  2. The wizard loads the target system schema. This may take a few minutes depending on the type of target system access and the size of the target system.

  1. On the Select project template page, select a project template to use for setting up the synchronization configuration.

    NOTE: The generic database connector does not provide a default project template for setting up synchronization. If you have created your own project template, you can select it to configure the synchronization project. Otherwise, select Create blank project.
  1. Enter the general setting for the synchronization project under General.

    Table 6: General properties of the synchronization project

    Property

    Description

    Display name

    Display name for the synchronization project.

    Description

    Text field for additional explanation.

  1. To close the project wizard, click Finish.

  2. Save the synchronization project in the database.

Connecting a system to an SQL Server database

Table 7: Required information for connecting the system
Data Explanation

Server

Name of the server on which the database server is installed. The fully qualified server name or the IP address may be given.

User and password

User account and password used by the generic database connector to log in to the external database. Make a user account available with sufficient permissions.

Database

Name of the external database to be synchronized.

Windows authentication

Specifies whether the integrated Windows authentication is used. This type of authentication is not recommended. If you decide to use it anyway, ensure that your environment supports Windows authentication.

URL

Web address for the application server if a One Identity Manager database is to be connected as the target system

Synchronization user's password

Password of the Synchronization default system user if a One Identity Manager database is to be connected as the target system

To configure the connection to an SQL Server database

  1. On the Database connection page, enter the connection parameters. Enter all the parameters required by the generic database connector to create a connection with the selected database system.

    • To enter additional system-specific information about the system connection, click Advanced.

    The database system connection is tested the moment you click Next.

  1. On the Describe the database page, enter a display name and a unique identifier for the database connection.

    • Database display name: Display name of the database for displaying in the One Identity Manager tools.

    • System identifier: Unique system identifier.

      IMPORTANT: The system identifier of the database must be unique. These identifiers help to differentiate between the databases. To prevent incorrect behavior and loss of data ensure that the system identifiers are unique within the One Identity Manager environment.

      • Identifiers may not be defined more than once.

      • Identifiers must not be changed after the connection is saved.

    • System category: Category for further differentiation of system types. A maximum of 16 characters, consisting of numbers and letters, are permitted for the identifier.

      Connections with the generic database connector are usually stored with the DB system type. The system category allows one more classification into subtypes. This allows different database connections with differing content to be distinguished from one another.

      Example:

      Connection 1: type =DB, system category=Rights

      Connection 2: type=DB, system category=PersonImport

  2. On the Load configuration page, you can enter a file from which the connection configuration can be loaded. This data is used in subsequent steps in the connection wizard and can be modified there.

  3. On the Time zone selection page, select the time zone for the time zone data in the database. The time zone is required to convert the time saved in the database into the local time. The local time is displayed in One Identity Manager tools.

  4. On the Initializing page, you can specify additional connection settings. Write a script in the database syntax to specify number and date formats, language, and data sort order, for example. This script is then run every time you connect the system.

  1. On the Select partial schemas page, you can reduce the database schema by selecting partial schemas. If the database contains several schema, specify here, which schemas are loaded into the synchronization project.

    • In the Partial schemas/owner list, enable the schemas you want to be processed.

  1. The database schema is loaded on the Schema detection page. during which One Identity Manager tries to identify a known schema.

    • If a One Identity Manager schema is detected, the Fill in system description completely option is displayed. If you only want allow read-only access to the database, you can deactivate this option.

    If the schema is loaded successfully, the next step in the sequence can be carried out.

  1. On the Load schema page, if you enable the Fill in system description completely option, the Configure system access page opens. Enter the connection data for the application server of the target system database.

    Table 8: Connection data for the application server

    Property

    Description

    URL

    Web address for the application server

    Synchronization user's password

    Password of the Synchronization default system user

    • Click Test connection to test the connection data.

  2. The following pages are displayed if no One Identity Manager schema was detected. This information is determined automatically if a One Identity Manager scheme was detected.

    1. On the Extend key information page, specify columns for each table to be used as unique keys for identifying objects.

      NOTE:

      • This page is only displayed if the schema of the external database there are tables with no identifiable unique keys.

      • Tables without unique keys are not used in the synchronization configuration.

      Table 9: Defining unique keys

      Property

      Description

      Hide unconfigured tables

      Specifies whether tables are hidden if no settings have been changed.

      Schema

      Tables without a unique key.

      Column is key

      Specifies whether the column contains a unique key.

      Column group

      Button for editing column groups. Create a column group, if a unique key can only be made of a combination of more than one column.

      • To create a column group, click Add.

      • To edit or remove an existing column group, click Edit or remove.

      Table 10: Column group properties

      Property

      Description

      Key name

      Column group identifier. Permitted characters are letters and underscore. A virtual schema property is formed from the column group called vrtColumnGroup<column group>.

      Columns

      Columns included in the column group. Mark all the columns that together make up the unique key.

      NOTE: Columns of type Char are not supported.

    1. On the Define data relations page, you can enter information about object relations.

      Table 11: Defining column relations

      Property

      Description

      Hide unconfigured tables

      Specifies whether tables are hidden if no settings have been changed.

      Schema

      Database schema tables.

      Target(s)

      Columns to which the reference refers. Enter the table and column name in the following syntax:

      <schema>.]<table name>.<column name>

      If a reference points to several column, enter the targets in a comma delimited list. The target columns must be labeled as key columns.

      TIP: You can copy the column name of a referenced column using the Copy fully qualified column names item in the context menu and add this as a target.

      Referential integrity enabled

      Specifies whether the referential integrity of the data in the target table has been tested.

    2. On the Complete schema page, you can enter additional schema information.

      Table 12: Additional schema information

      Property

      Description

      Hide unconfigured tables

      Specifies whether tables are hidden if no settings have been changed.

      Schema

      Tables and schemas of the database schema.

      Display value

      Column used in the display pattern.

      • To use the column in the display pattern, click Add.

      Preferred key

      Specifies whether the column is primarily used for object identification. A preferred key can defined, if a table has more than one unique key. Only columns with the String or Integer data type can be selected.

      Contains sensitive data

      Specifies whether the column contains sensitive data.

      Revision counter

      Specifies whether the column contains the revision counter. The data in this column form the comparison value for revision filtering.

      Sort criteria for hierarchies

      Specifies whether the value in this column maps the path in an object hierarchy. If this table’s objects are sorted by this column, it results in a list sorted in hierarchical order. This makes it possible to resolve object dependencies. Only one column per table can be marked as a sort criterion. An example is the CanonicalName column.

      Scope reference

      Specifies whether the column can be used to form the reference scope. Only one column per schema type can be labeled as the reference scope.

      Auto fill behavior

      Specifies whether the values entered in the column are identified automatically.

      Enable compatible null handling

      Specifies whether a null value in the column is converted to an empty string.

      Incompatible data handling

      Specifies how to handle data that is not allowed in Microsoft .NET Framework and thus cannot be mapped in One Identity Manager.

      • Post error: Cancels schema type matching with an error message.

      • Use default value: Uses the One Identity Manager default value.

      • Use minimum value: Uses the minimum value of the data type.

      • Use maximum value: Uses the maximum value of the data type.

      Table 13: Table properties

      Property

      Description

      Display template

      Display pattern with which the objects in the Synchronization Editor are displayed. The display pattern is, for example, used in error messages or test result from object matching rules. The display pattern is, for example, used in error messages or in the test results from object matching rules. Enter a display table for each display pattern.

      • To use a column in the display pattern, select a column and click Add.

  1. On the Define data operations page, you can specify special operations for changing data in the external database. This is only required, if the default operations INSERT, UPDATE, and DELETE cannot be used in the external database system.

    WARNING: A good knowledge of programming is required to implement data operations. Errors in this implementation can lead to loss of data.

    To define a data operation

    1. Select a table and mark the operation you want to define.

    2. Select a strategy.

    3. Enter the data operation you want to run in the Settings input field.

    Table 14: Defining data operations

    Property

    Description

    Hide unconfigured tables

    Specifies whether tables are hidden if no settings have been changed.

    Table/operation

    Tables for which the data operations are to be defined.

    Strategy

    Strategy with which the data operation is created and run. A simple procedure can be called for a data operation or a script can be run. Select the strategy you want use to define the data operation.

    • Pattern based: Simple procedure call that runs the operation.

      NOTE: If column names are referenced that contain special characters, replace the special characters with an underscore (_). Special characters are everything apart from letters, numbers and underscore.

    • Script based: Script that performs a complex data operation.

      You can use custom code snippets in the script. The code snippets must contain a keyword element with the DML keyword. For more detailed information about support for writing scripts, see the One Identity Manager Target System Synchronization Reference Guide.

    • Click to delete a data operation.

    Required columns

    List of required key columns in a script-based data operation. The columns must be entered if they are not part of the display name.

    Settings

    Define the data operation that is to be run when objects are added, updated, or deleted. Enter the procedure call or create a script depending on the selected strategy.

    Example of a pattern-based data operation:

    exec CreateUser('%Uid%','%FirstName%','%LastName%')

    It has an advanced edit mode which provides additional actions. For more information about support for creating scripts, see the One Identity Manager Target System Synchronization Reference Guide.

  2. The Extend target system schema page opens if you enable the Fill in system description completely option on the Load schema page or make settings on the Define data operations page. You can add virtual schema properties to the target system schema here. Use the virtual schema properties to provide additional data for your own DML handling.

    Table 15: Virtual schema properties

    Property

    Description

    Hide unconfigured tables

    Specifies whether tables are hidden if no settings have been changed.

    Schema

    Tables in the target system schema for which virtual schema properties can be added or exist already.

    Virtual schema properties

    Buttons for editing virtual schema properties

    • Click Add to add a virtual schema property.

    • Click Edit or remove to edit or delete a virtual schema property.

    Data type

    Data type of the schema property

    Multivalue

    Specifies whether the schema property has multiple values

    Required field

    Specifies whether the schema property is a mandatory property

    Secret

    Specifies whether the schema property value may be displayed in the Synchronization Editor or in logs, reports, and messages. If this option is set, the value is not displayed.

    To edit or delete a virtual schema property

    1. In the Schema column, open the node of the table with the schema properties that you want to edit or delete.

    2. Click Edit or remove.

    3. Edit the properties of the virtual schema property.

      - OR -

      Click Delete.

Related topics
Documentos relacionados

The document was helpful.

Seleccionar calificación

I easily found the information I needed.

Seleccionar calificación