Creating a synchronization project
A synchronization project collects all the information required for synchronizing the One Identity Manager database with a target system. Connection data for target systems, schema types and properties, mapping, and synchronization workflows all belong to this.
Make the following information available for setting up a synchronization project for synchronizing with the generic database connector.
Table 5: Information required for setting up a synchronization project
Synchronization server |
All One Identity Manager Service actions are run against the target system environment on the synchronization server. Data entries required for synchronization and administration with the One Identity Manager database are processed by the synchronization server.
Installed components:
The synchronization server must be declared as a Job server in One Identity Manager. The Job server name is required.
For more information, see Setting up the synchronization server. |
Remote connection server |
To configure synchronization with a target system, One Identity Manager must load the data from the target system. One Identity Manager communicates directly with the target system to do this. Sometimes direct access from the workstation, on which the Synchronization Editor is installed, is not possible. For example, because of the firewall configuration or the workstation does not fulfill the necessary hardware and software requirements. If direct access is not possible from the workstation, you can set up a remote connection.
Remote connection server configuration:
The remote connection server must be declared as a Job server in One Identity Manager. The Job server name is required.
TIP: The remote connection server requires the same configuration as the synchronization server (with regard to the installed software and entitlements). Use the synchronization server as remote connection server as well by installing the RemoteConnectPlugin.
For more detailed information about setting up a remote connection, see the One Identity Manager Target System Synchronization Reference Guide. |
Synchronization workflow |
Set the Data import option in the synchronization step if synchronization data is imported from a secondary system.
For more information about synchronizing user data with different systems, see the One Identity Manager Target System Synchronization Reference Guide. |
Base object |
You cannot normally specify a base object for synchronizing with database connectors. In this case, assignment of one base table and the synchronization server is sufficient.
-
Select the table from the Base table drop-down in which to load the objects. The base table can be used to defined downstream processes for synchronization. For more information about downstream processes, see the One Identity Manager Target System Synchronization Reference Guide.
-
The Synchronization servers drop-down displays all Job servers for which the Generic database connector server function is set. |
Variable set |
If you implement specialized variable sets, ensure that the start up configuration and the base object use the same variable set. |
To configure synchronization with the generic database connector
-
Create a new synchronization project.
-
Add mappings. Define property mapping rules and object matching rules.
-
Create synchronization workflows.
-
Create a start up configuration.
-
Define the synchronization scope.
-
Specify the base object of the synchronization.
-
Specify the extent of the synchronization log.
-
Run a consistency check.
-
Activate the synchronization project.
-
Save the new synchronization project in the database.
Detailed information about this topic
Creating a synchronization project
There is a wizard to assist you with setting up a synchronization project. This wizard takes you through all the steps you need to set up initial synchronization with a target system. Click Next once you have entered all the data for a step.
NOTE: The following sequence describes how to configure a synchronization project if the Synchronization Editor is both:
If you run the project wizard in expert mode or directly from the Synchronization Editor, additional configuration settings can be made. Follow the project wizard instructions through these steps.
To set up a synchronization project
-
Start the Launchpad and log in on the One Identity Manager database.
NOTE: If synchronization is run by an application server, connect the database through the application server.
-
Select the Generic Database Connector and click Run.
This starts the Synchronization Editor's project wizard.
-
On the wizard's start page, click Next.
-
On the System access page, specify how One Identity Manager can access the target system.
-
If access is possible from the workstation on which you started the Synchronization Editor, do not change any settings.
-
If access is not possible from the workstation on which you started the Synchronization Editor, you can set up a remote connection.
Select the Connect using remote connection server and enter the remote connection properties.
-
Access parameters
-
Server: Full server name or IP address of the server.
To select an existing Job server as the remote connection server, click and select the server from the drop-down. This displays all the Job servers that have the One Identity Manager Service installed server function selected.
-
Port: Port that is configured for the RemoteConnectPlugin.
-
Authentication
If SecretAuthentication is configured for the RemoteConnectPlugin:
If ADGroupAuthentication is configured for the RemoteConnectPlugin, no data is required.
-
Options
-
Request timeout: Maximum time allowed for a server query in seconds. If the time is exceeded, the request is canceled.
-
Accept self-signed certificates: Specifies whether self-signed certificates can be accepted.
-
On the Select database system page, select the database system to which you want to connect.
-
Configure the system connection.
For more information, see Connecting a system using a generic ADO.NET provider.
-
On the Save configuration page, you can save the current configuration as a template. When you reconnect to a database system of the same type, you can use this configuration as a template.
-
On the last page of the system connection wizard, you can save the connection data.
-
Set the Save connection locally option to save the connection data. This can be reused when you set up other synchronization projects.
-
Click Finish, to end the system connection wizard and return to the project wizard.
-
On the One Identity Manager Connection tab, test the data for connecting to the One Identity Manager database. The data is loaded from the connected database. Reenter the password.
NOTE:
-
If you use an unencrypted One Identity Manager database and have not yet saved any synchronization projects to the database, you need to enter all connection data again.
-
This page is not shown if a synchronization project already exists.
-
The wizard loads the target system schema. This may take a few minutes depending on the type of target system access and the size of the target system.
-
On the Select project template page, select a project template to use for setting up the synchronization configuration.
NOTE: The generic database connector does not provide a default project template for setting up synchronization. If you have created your own project template, you can select it to configure the synchronization project. Otherwise, select Create blank project.
-
Enter the general setting for the synchronization project under General.
Table 6: General properties of the synchronization project
Display name |
Display name for the synchronization project. |
Script language |
Language in which the scripts for this synchronization project are written.
Scripts are implemented at various points in the synchronization configuration. Specify the script language when you set up an empty project.
IMPORTANT: You cannot change the script language once the synchronization project has been saved.
If you use a project template, the template's script language is used. |
Description |
Text field for additional explanation. |
-
To close the project wizard, click Finish.
-
Save the synchronization project in the database.
Connecting a system using a generic ADO.NET provider
Once One Identity Manager has connected to an external database using a generic ADO.NET provider, it adds a local SQLite database. One Identity Manager runs all the data operations against this database before finally writing the changes to the external database. The local database is deleted when it is no longer connected to the external database.
Table 7: Required information for connecting the system
Provider and connection data |
Provider and connection parameters required for connecting to the database. |
To configure the connection to an external database
-
On the Database connection page, enter the following connection parameters.
-
On the Describe the database page, enter a display name and a unique identifier for the database connection.
-
Database display name: Display name of the database for displaying in the One Identity Manager tools.
-
System identifier: Unique system identifier.
IMPORTANT: The system identifier of the database must be unique. These identifiers help to differentiate between the databases. To prevent incorrect behavior and loss of data ensure that the system identifiers are unique within the One Identity Manager environment.
-
System category: Category for further differentiation of system types. A maximum of 16 characters, consisting of numbers and letters, are permitted for the identifier.
Connections with the generic database connector are usually stored with the DB system type. The system category allows one more classification into subtypes. This allows different database connections with differing content to be distinguished from one another.
Example:
Connection 1: type =DB, system category=Rights
Connection 2: type=DB, system category=PersonImport
-
On the Load configuration page, you can enter a file from which the connection configuration can be loaded. This data is used in subsequent steps in the connection wizard and can be modified there.
-
On the Time zone selection page, select the time zone for the time zone data in the database. The time zone is required to convert the time saved in the database into the local time. The local time is displayed in One Identity Manager tools.
-
On the Initializing page, you can specify additional connection settings. Write a script in the database syntax to specify number and date formats, language, and data sort order, for example. This script is then run every time you connect the system.
-
Define the views of database data you require on the Define views page. This way, you specify, which data to load from the external database.
The views defined here are created in the local SQLite database. The data is read from the external database corresponding to the queries and saved in the local database. Only these views are used for configuring synchronization and for synchronization itself.
Table 8: Define database views
Database is case sensitive |
Specifies whether the connected database is case sensitive. |
Available views |
Selecting a view for editing.
-
To create a new view, click .
-
To edit an existing view, select it in the drop-down.
-
To delete an existing view, click . |
Definition |
Definition of the view. Enter a unique name for the view and a query in the syntax of the database system. |
-
On the Select partial schemas page, you can reduce the database schema by selecting partial schemas. If the database contains several schema, specify here, which schemas are loaded into the synchronization project.
NOTE: This page is only shown for database systems that allow more than one schema.
-
The database schema is loaded on the Schema detection page. during which One Identity Manager tries to identify a known schema.
If the schema is loaded successfully, the next step in the sequence can be carried out.
-
On the Extend key information page, specify columns for each table to be used as unique keys for identifying objects.
NOTE: Tables without unique keys are not used in the synchronization configuration.
Table 9: Defining unique keys
Hide unconfigured tables |
Specifies whether tables are hidden if no settings have been changed. |
Schema |
Tables without a unique key. |
Column is key |
Specifies whether the column contains a unique key. |
Column group |
Button for editing column groups. Create a column group, if a unique key can only be made of a combination of more than one column.
-
To create a column group, click Add.
-
To edit or remove an existing column group, click Edit or remove. |
Table 10: Column group properties
Key name |
Column group identifier. Permitted characters are letters and underscore. A virtual schema property is formed from the column group called vrtColumnGroup<column group>. |
Columns |
Columns included in the column group. Mark all the columns that together make up the unique key.
NOTE: Columns of type Char are not supported. |
-
On the Define data relations page, you can enter information about object relations.
Table 11: Defining column relations
Hide unconfigured tables |
Specifies whether tables are hidden if no settings have been changed. |
Schema |
Database schema tables. |
Target(s) |
Columns to which the reference refers. Enter the table and column name in the following syntax:
<schema>.]<table name>.<column name>
If a reference points to several column, enter the targets in a comma delimited list. The target columns must be labeled as key columns.
TIP: You can copy the column name of a referenced column using the Copy fully qualified column names item in the context menu and add this as a target. |
Referential integrity enabled |
Specifies whether the referential integrity of the data in the target table has been tested. |
-
On the Complete schema page, you can enter additional schema information.
Table 12: Additional schema information
Hide unconfigured tables |
Specifies whether tables are hidden if no settings have been changed. |
Schema |
Tables and schemas of the database schema. |
Display value |
Column used in the display pattern.
|
Preferred key |
Specifies whether the column is primarily used for object identification. A preferred key can defined, if a table has more than one unique key. Only columns with the String or Integer data type can be selected. |
Contains sensitive data |
Specifies whether the column contains sensitive data. |
Revision counter |
Specifies whether the column contains the revision counter. The data in this column form the comparison value for revision filtering. |
Sort criteria for hierarchies |
Specifies whether the value in this column maps the path in an object hierarchy. If this table’s objects are sorted by this column, it results in a list sorted in hierarchical order. This makes it possible to resolve object dependencies. Only one column per table can be marked as a sort criterion. An example is the CanonicalName column. |
Scope reference |
Specifies whether the column can be used to form the reference scope. Only one column per schema type can be labeled as the reference scope. |
Auto fill behavior |
Specifies whether the values entered in the column are identified automatically. |
Enable compatible null handling |
Specifies whether a null value in the column is converted to an empty string. |
Incompatible data handling |
Specifies how to handle data that is not allowed in Microsoft .NET Core and thus cannot be mapped in One Identity Manager.
-
Post error: Cancels schema type matching with an error message.
-
Use default value: Uses the One Identity Manager default value.
-
Use minimum value: Uses the minimum value of the data type.
-
Use maximum value: Uses the maximum value of the data type. |
Table 13: Table properties
Display template |
Display pattern with which the objects in the Synchronization Editor are displayed. The display pattern is, for example, used in error messages or test result from object matching rules. The display pattern is, for example, used in error messages or in the test results from object matching rules. Enter a display table for each display pattern.
|
-
On the Commit data changes page, define whether data changes from the One Identity Manager database are transferred to the external database.
|
CAUTION: The implementation of the data transfer requires competent programming skills. Errors in this implementation can lead to loss of data. |
-
Specify how to commit the modifications on the Commit data modifications page. Define the operations to run and the sequence of data transfer.
NOTE: This page is only displayed if the Commit data changes to the external database option is enabled on the Commit data changes page.
To define a data operation
-
Select a strategy.
-
Select the Processing tab and define the processing steps.
-
Mark a step.
-
Select the Script code tab and create a script that transfers the data.
-
On the Real-time data transfer page, select the views whose data changes must be transferred immediately to the external database.
By default, data changes are transferred only after the database has disconnected. However, to be able to read back data during synchronization (for example, automatically formatted IDs), the data changes must be transferred to the external database immediately.
NOTE: This page is only displayed if the Commit data changes to the external database option is enabled on the Commit data changes page.
Updating schemas
All the schema data (schema types and schema properties) of the target system schema and the One Identity Manager schema are available when you are editing a synchronization project. Only a part of this data is really needed for configuring synchronization. If a synchronization project is finished, the schema is compressed to remove unnecessary data from the synchronization project. This can speed up the loading of the synchronization project. Deleted schema data can be added to the synchronization configuration again at a later point.
If the target system schema or the One Identity Manager schema has changed, these changes must also be added to the synchronization configuration. Then the changes can be added to the schema property mapping.
To include schema data that have been deleted through compression and schema modifications in the synchronization project, update each schema in the synchronization project. This may be necessary if:
To update a system connection schema
-
In the Synchronization Editor, open the synchronization project.
-
Select the Configuration > Target system category.
- OR -
Select the Configuration > One Identity Manager connection category.
-
Select the General view and click Update schema.
- Confirm the security prompt with Yes.
This reloads the schema data.
To edit a mapping
-
In the Synchronization Editor, open the synchronization project.
-
Select the Mappings category.
-
Select a mapping in the navigation view.
Opens the Mapping Editor. For more information about mappings, see the One Identity Manager Target System Synchronization Reference Guide.
NOTE: The synchronization is deactivated if the schema of an activated synchronization project is updated. Reactivate the synchronization project to synchronize.