Tchater maintenant avec le support
Tchattez avec un ingénieur du support

Identity Manager 8.1.4 - Administration Guide for Privileged Account Governance

Mapping a Privileged Account Management system in One Identity Manager Synchronizing a Privileged Account Management system
Setting up the initial synchronization of a One Identity Safeguard Customizing the synchronization configuration for One Identity Safeguard Executing synchronization Tasks after a synchronization Troubleshooting
Managing PAM user accounts and employees Managing the assignments of PAM user groups Provision of login information for PAM user accounts Mapping of PAM objects in One Identity Manager PAM access requests Handling of PAM objects in the Web Portal Basic data for managing a Privileged Account Management system Configuration parameters for the management of a Privileged Account Management system Default project template for One Identity Safeguard Editing One Identity Safeguard system objects Known issues about connecting One Identity Safeguard appliances About us

Configuring the synchronization log

All the information, tips, warnings, and errors that occur during synchronization are recorded in the synchronization log. You can configure the type of information to record separately for each system connection.

To configure the content of the synchronization log

  1. To configure the synchronization log for target system connection, select the Configuration | Target system category in Synchronization Editor.

    - OR -

    To configure the synchronization log for the database connection, select the Configuration | Synchronization Editor connection category in One Identity Manager.

  2. Select the General view and click Configure.

  3. Select the Synchronization log view and set Create synchronization log.

  4. Enable the data to be logged.

    NOTE: Some content generates a particularly large volume of log data!

    The synchronization log should only contain data required for error analysis and other analyzes.

  5. Click OK.

Synchronization logs are stored for a fixed length of time.

To modify the retention period for synchronization logs

  • In the Designer, enable the DPR | Journal | LifeTime configuration parameter and enter the maximum retention period.

Related topics

Customizing the synchronization configuration for One Identity Safeguard

Having used the Synchronization Editor to set up a synchronization project for initial synchronization of a One Identity Safeguard appliance, you can use the synchronization project to load PAM objects into the One Identity Manager database. If you manage user accounts and their authorizations with One Identity Manager, changes are provisioned in the Privileged Account Management system.

NOTE: If you want to change the configuration of existing synchronization projects, check the possible effects of these changes on the data that has already been synchronized.

Adjust the synchronization configuration in order to compare the One Identity Safeguard appliance on a regular basis and to synchronize changes.

  • To use One Identity Manager as the master system during synchronization, create a workflow with synchronization in the direction of the Target system.
  • To specify which PAM objects and database objects are included in synchronization, edit the scope of the target system connection and the One Identity Manager database connection. To prevent data inconsistencies, define the same scope in both systems. If no scope is defined, all objects will be synchronized.
  • You can use variables to create generally applicable synchronization configurations that contain the necessary information about the synchronization objects when synchronization starts. Variables can be implemented in base objects, schema classes, or processing methods, for example.
  • Use variables to set up a synchronization project for the synchronization of multiple appliances. Save the connection parameters for logging on to the appliance as variables.
  • Update the schema in the synchronization project if the One Identity Manager schema or target system schema has changed. Then you can add the changes to the mapping.

  • To synchronize additional schema properties, update the schema in the synchronization project. Include the schema extensions in the mapping.

For more detailed information about configuring synchronization, see the One Identity Manager Target System Synchronization Reference Guide.

Detailed information about this topic

Configuring synchronization to a One Identity Safeguard appliance

The synchronization project for initial synchronization provides a workflow for initial loading of target system objects (initial synchronization) and one for provisioning object modifications from the One Identity Manager database to the target system (provisioning). To use One Identity Manager as the master system during synchronization, you also require a workflow with synchronization in the direction of the Target system.

To create a synchronization configuration for synchronizing to the appliance

  1. Open the synchronization project in the Synchronization Editor.

  2. Check whether existing mappings can be used for synchronizing the target system. Create new maps if required.
  3. Create a new workflow with the workflow wizard.

    This creates a workflow with Target system as its synchronization direction.

  4. Create a new start up configuration. Use the new workflow to do this.
  5. Save the changes.

  6. Run a consistency check.

Related topics

Configuring synchronization of multiple One Identity Safeguard appliances

In some circumstances, it is possible to use a synchronization project to synchronize multiple appliances.

Prerequisites

  • The target system schemas of the appliances are identical.

  • All virtual schema properties used in the mapping must exist in the extended schemas of the appliances.

  • The connection parameters to the target system are defined as variables.

To customize a synchronization project for synchronizing another appliance

  1. Set up a user with sufficient permissions in the additional appliance.

  2. Open the synchronization project in the Synchronization Editor.

  1. Create a new base object for the appliance. Use the wizard to attach a base object.

    • In the wizard, select the One Identity Safeguard connector and declare the connection parameters. The connection parameters are saved in a special variable set.

      A start up configuration is created that uses the newly created variable set.

  2. Change other elements of the synchronization configuration as required.

  3. Save the changes.

  4. Run a consistency check.

Related topics
Documents connexes

The document was helpful.

Sélectionner une évaluation

I easily found the information I needed.

Sélectionner une évaluation