Managing password sync rules
To synchronize passwords from an Active Directory domain to other connected systems, you need to create and configure a password synchronization rule for each target connected system where you want to synchronize passwords.
A password synchronization rule allows you to specify the following:
- The Active Directory domain you want to be the source for password synchronization operations.
- The source object type for password synchronization operations (typically, this is the user object type in Active Directory).
- The target connected system in which you want to synchronize passwords with the source Active Directory domain.
- The target object type for password synchronization operations.
Optionally, you can configure a password synchronization rule to modify attribute values of the target connected system objects whose passwords are being synchronized.
This section covers:
Creating a password sync rule
To create a password sync rule
- In the Quick Connect Administration Console, open the Password Sync tab.
- Click Add password sync rule.
- On the Specify source for password sync page, do the following:
- In the Source connected system option, specify the Active Directory domain you want to be the source for password synchronization operations. Alternatively, you can select the ActiveRoles Server instance that manages such an Active Directory domain.
- In the Connected system object type option, select the object type you want to be the source for password synchronization.
- Click Next.
- On the Specify target for password sync page, do the following:
- In the Target connected system option, specify the target connected system in which you want to synchronize passwords.
- In the Connected system object type option, select the object type you want to be the target for password synchronization.
- Optionally, you can click the Password Sync Settings button and then use the following tabs to configure more password sync settings:
- Password Sync Retry Options. Use this tab to specify how many times you want Quick Connect to retry the password synchronization operation in the event of a password synchronization failure. You can select one of the following options:
- Unlimited number of times. Causes Quick Connect to retry the password synchronization operation until it succeeds.
- This maximum number of times. Specify the maximum number of times you want Quick Connect to retry the password synchronization operation.
- Password Transformation Script. Use this tab to type a PowerShell script that transforms source Active Directory user passwords into object passwords for the target connected system. Use this item if you want the object passwords in the source and target connected systems to be different. If you do not want to transform passwords, leave the text box blank.
- Rules to Modify Object Attributes. Use this tab to specify rules for modifying attribute values on the target connected system objects. These rules will only apply to the objects on which One Identity Quick Connect Sync Engine modifies passwords in the target connected system.
- When you are finished, click OK.
- Click Finish to create the password sync rule.
Deleting a password sync rule
To delete a password sync rule
- In the Quick Connect Administration Console, open the Password Sync tab.
- Locate the rule you want to delete, and then click Delete this rule below the rule.
Modifying settings of a password sync rule
You can modify the following settings of an existing password sync rule:
- Specify how many times you want the One Identity Quick Connect Sync Engine to retry the password synchronization operation in the case of a password synchronization failure.
- Specify a PowerShell script to transform a source Active Directory user password into an object password in the target connected system.
- Specify rules to modify the attributes of the target connected system objects on which Quick Connect changes passwords.
To modify the settings of a password sync rule
- In the Quick Connect Administration Console, open the Password Sync tab.
- Click the Password sync settings link below the password sync rule you want to modify.
- In the dialog box that opens, use the following tabs:
- Password Sync Retry Options. Use this tab to specify how many times you want Quick Connect to retry the password synchronization operation in the event of a password synchronization failure. You can select one of the following options:
- Unlimited number of times. Causes Quick Connect to retry the password synchronization operation until it succeeds.
- This maximum number of times. Specify the maximum number of times you want Quick Connect to retry the password synchronization operation.
- Password Transformation Script. Use this tab to type a PowerShell script that transforms source Active Directory user passwords into object passwords for the target connected system. Use this tab if you want the object passwords in the source and target connected systems to be different. If you do not want to transform passwords, leave the text box blank.
- Rules to Modify Object Attributes. Use this tab to specify rules for modifying attribute values on the target connected system objects. These rules will only apply to the objects on which One Identity Quick Connect Sync Engine modifies passwords in the target connected system.
- When you are finished, click OK to save your changes.