By default, objects with incorrect data are not synchronized. These objects can be synchronized once the data has been corrected. In certain situations, however, it might be necessary to synchronize objects like these and ignore the data properties that have errors. This synchronization behavior can be configured in One Identity Manager.
To ignoring data errors during synchronization in One Identity Manager
-
In the Synchronization Editor, open the synchronization project.
-
Select the Configuration > One Identity Manager connection category.
-
In the General view, click Edit connection.
This starts the system connection wizard.
-
On the Additional options page, enable Try to ignore data errors.
This option is only effective if Continue on error is set in the synchronization workflow.
Default columns, such as primary keys, UID columns, or mandatory input columns cannot be ignored.
- Save the changes.
IMPORTANT: If this option is set, One Identity Manager tries to ignore commit errors that could be related to data errors in a single column. This causes the data changed in the affected column to be discarded and the object is subsequently saved again. This effects performance and leads to loss of data.
Only set this option in the exceptional circumstance of not being able to correct the data before synchronization.
To manage an Exchange Online environment in One Identity Manager, the following basic data is relevant.
-
Account definitions
One Identity Manager has account definitions for automatically allocating user accounts to employees. You can create account definitions for every target system. If an employee does not yet have a user account in a target system, a new user account is created. This is done by assigning account definitions to an employee.
For more information, see Account definitions for Exchange Online mail users and Exchange Online mail contacts.
-
Password policies
provides you with support for creating complex password policies, for example, for system user passwords, the employees' central password as well as passwords for individual target systems. Password polices apply not only when the user enters a password but also when random passwords are generated.
Predefined password policies are supplied with the default installation that you can use or customize if required. You can also define your own password policies.
Azure Active Directory configuration settings are used for implementing password policies. For more information, see the One Identity Manager Administration Guide for Connecting to Azure Active Directory.
-
Initial password for new mail users.
You can issue an initial password for mail users in the following ways: Enter a password or use a random generated initial password when you create a mail user.
Azure Active Directory configuration settings are used for generating random passwords for new mail users. For more information, see the One Identity Manager Administration Guide for Connecting to Azure Active Directory.
-
Email notifications about credentials
When a new mail user is created, the login data are sent to a specified recipient. In this case, two messages are sent with the user name and the initial password. Mail templates are used to generate the messages.
Azure Active Directory configuration settings are used for sending login credentials. For more information, see the One Identity Manager Administration Guide for Connecting to Azure Active Directory.
-
Target system types
Target system types are required for configuring target system comparisons. Tables with outstanding objects are maintained with the target system types and settings are configured for provisioning memberships and single objects synchronization. Target system types also map objects in the Unified Namespace.
For more information, see Post-processing outstanding objects.
-
Target system managers
A default application role exists for the target system manager in One Identity Manager. Assign the employees who have permission to edit all Exchange Online objects in One Identity Manager to this application role.
Define additional application roles if you want to limit the permissions for target system managers to individual tenants with Exchange Online. The application roles must be added under the default application role.
For more information, see Target system managers for Exchange Online.
-
Servers
Servers must be informed of your server functionality in order to handle Exchange Online-specific processes in One Identity Manager. For example, the synchronization server.
For more information, see Job server for Exchange Online-specific process handling.
NOTE: Exchange Online user mailboxes are create or deleted respectively by assigning and removing licenses through Azure Active Directory subscriptions. For more information, see the One Identity Manager Administration Guide for Connecting to Azure Active Directory.
One Identity Manager has account definitions for automatically allocating mail users and mail contacts to employees. You can create account definitions for every target system. If an employee does not yet have a mail user or mail contact in a target system, a new mail user or mail contact is created by assigning the account definition to an employee.
For detailed information about account definitions, see the One Identity Manager Target System Base Module Administration Guide.
The following steps are required to implement an account definition:
-
Creating account definitions
-
Configuring manage levels
-
Creating the formatting rules for IT operating data
-
Collecting IT operating data
-
Assigning account definitions to employees and target systems
Detailed information about this topic
To create a new account definition
-
In the Manager, select the Azure Active Directory > Basic configuration data > Account definitions > Account definitions category.
-
Click in the result list.
-
On the main data form, enter the main data of the account definition.
-
Save the changes.
Detailed information about this topic