Help for the analysis of synchronization issues
You can generate a report for analyzing problems that arise during synchronization, inadequate performance for example. The report contains information such as:
- Consistency check results
- Revision filter settings
- Scope applied
- Analysis of the data store
- Object access times in the One Identity Manager database and in the target system
To generate a synchronization analysis report
-
Open the synchronization project in the Synchronization Editor.
- Select the Help | Generate synchronization analysis report menu item and click Yes in the security prompt.
The report may take a few minutes to generate. It is displayed in a separate window.
- Print the report or save it in one of the available output formats.
Disabling synchronization
Regular synchronization cannot be started until the synchronization project and the schedule are active.
To prevent regular synchronization
-
Open the synchronization project in the Synchronization Editor.
-
Select the start up configuration and deactivate the configured schedule.
Now you can only start synchronization manually.
An activated synchronization project can only be edited to a limited extend. The schema in the synchronization project must be updated if schema modifications are required. The synchronization project is deactivated in this case and can be edited again.
Furthermore, the synchronization project must be deactivated if synchronization should not be started by any means (not even manually).
To deactivate the synchronization project
-
Open the synchronization project in the Synchronization Editor.
-
Select the General view on the start page.
-
Click Deactivate project.
Detailed information about this topic
Basic data for managing a Universal Cloud Interface environment
The following data is relevant for managing cloud application in the Cloud Systems Management Module.
- Configuration parameter
Use configuration parameters to configure the behavior of the system's basic settings. One Identity Manager provides default settings for different configuration parameters. Check the configuration parameters and modify them as necessary to suit your requirements.
Configuration parameters are defined in the One Identity Manager modules. Each One Identity Manager module can also install configuration parameters. In the Designer, you can find an overview of all configuration parameters in the Base data | General | Configuration parameters category.
For more information, see Configuration parameters for managing cloud target systems.
- Target system types
Target system types are required for configuring target system comparisons. Tables containing outstanding objects are maintained on target system types.
For more information, see Post-processing outstanding objects.
- Account definitions
One Identity Manager has account definitions for automatically allocating user accounts to employees during working hours. You can create account definitions for every target system. If an employee does not yet have a user account in a target system, a new user account is created. This is done by assigning account definitions to an employee.
For more information, see Setting up account definitions.
- Password policy
provides you with support for creating complex password policies, for example, for system user passwords, the employees' central password as well as passwords for individual target systems. Password polices apply not only when the user enters a password but also when random passwords are generated.
Predefined password policies are supplied with the default installation that you can use or customize if required. You can also define your own password policies.
For more information, see Password policies for user accounts.
- Initial password for new user accounts
You have the different options for issuing an initial password for user accounts. The central password of the assigned employee can be aligned with the user account password, a predefined, fixed password can be used, or a randomly generated initial password can be issued.
For more information, see Initial password for new user accounts.
- Email notifications about credentials
When a new user account is created, the login data are sent to a specified recipient. In this case, two messages are sent with the user name and the initial password. Mail templates are used to generate the messages.
For more information, see Email notifications about login data.
- Target system managers
A default application role exists for the target system manager in One Identity Manager. Assign the employees who are authorized to edit all cloud target system in One Identity Manager to this application role.
Define additional application roles if you want to limit the edit permissions for target system managers to individual cloud target systems. The application roles must be added under the default application role.
For more information, see Target system managers.
- Server
Servers must be aware of your server functionality in order to handle target-system-specific processes in One Identity Manager. For example, the synchronization server.
For more information, see Editing a server.
Setting up account definitions
One Identity Manager has account definitions for automatically allocating user accounts to employees during working hours. You can create account definitions for every target system. If an employee does not yet have a user account in a target system, a new user account is created. This is done by assigning account definitions to an employee.
The data for the user accounts in the respective target system comes from the basic employee data. The employee must own a central user account. The assignment of the IT operating data to the employee’s user account is controlled through the primary assignment of the employee to a location, a department, a cost center, or a business role. Processing is done through templates. There are predefined templates for determining the data required for user accounts included in the default installation. You can customize templates as required.
For detailed information about account definitions, see the One Identity Manager Target System Base Module Administration Guide.
The following steps are required to implement an account definition: