Tchater maintenant avec le support
Tchattez avec un ingénieur du support

Quick Connect Sync Engine 6.1 - Administrator Guide

One Identity Quick Connect Overview Deploying One Identity Quick Connect Sync Engine Getting started Connections to external data systems Synchronizing identity data Mapping objects Automated password synchronization Synchronization history Scenarios of use Appendices

Deleting a password sync rule

To delete a password sync rule

  1. In the Quick Connect Administration Console, open the Password Sync tab.
  2. Locate the rule you want to delete, and then click Delete this rule below the rule.

Modifying settings of a password sync rule

You can modify the following settings of an existing password sync rule:

  • Specify how many times you want the One Identity Quick Connect Sync Engine to retry the password synchronization operation in the case of a password synchronization failure.
  • Specify a PowerShell script to transform a source Active Directory user password into an object password in the target connected system.
  • Specify rules to modify the attributes of the target connected system objects on which Quick Connect changes passwords.

To modify the settings of a password sync rule

  1. In the Quick Connect Administration Console, open the Password Sync tab.
  2. Click the Password sync settings link below the password sync rule you want to modify.
  3. In the dialog box that opens, use the following tabs:
    • Password Sync Retry Options. Use this tab to specify how many times you want Quick Connect to retry the password synchronization operation in the event of a password synchronization failure. You can select one of the following options:
      • Unlimited number of times. Causes Quick Connect to retry the password synchronization operation until it succeeds.
      • This maximum number of times. Specify the maximum number of times you want Quick Connect to retry the password synchronization operation.
    • Password Transformation Script. Use this tab to type a PowerShell script that transforms source Active Directory user passwords into object passwords for the target connected system. Use this tab if you want the object passwords in the source and target connected systems to be different. If you do not want to transform passwords, leave the text box blank.
    • Rules to Modify Object Attributes. Use this tab to specify rules for modifying attribute values on the target connected system objects. These rules will only apply to the objects on which One Identity Quick Connect Sync Engine modifies passwords in the target connected system.
  4. When you are finished, click OK to save your changes.

Fine-tuning automated password synchronization

This section provides information about the optional tasks related to configuring the automated password synchronization from an Active Directory domain to connected data systems.

In this section:

Configuring Capture Agent

Capture Agent has a number of parameters you can modify. After you install the agent, each of these parameters is assigned a default value, as described in the following table:

 

Table 12: Capture Agent parameters

Parameter

Description

Default value

Maximum connection point age

Determines the period of time (in hours) during which a connection between Capture Agent and Quick Connect Service remains valid.

24 hours

Set interval between attempts to reconnect to service

Determines the time interval (in minutes) during which Capture Agent tries to reconnect to Quick Connect Service.

10 minutes

Set time period for attempts to connect to service

Determines the period of time (in days) during which Capture Agent tries to connect to Quick Connect Service to send the information about changed user passwords.

During this period Capture Agent stores the user passwords to be synchronized in an encrypted file.

7 days

Set certificate

Specifies a certificate for encrypting the password sync data transferred between Capture Agent and Quick Connect Service.

For more information, see Specifying a custom certificate for encrypting password sync traffic.

By default, a built-in certificate is used.

Connection Point 1

Define the Quick Connect Service instances to which Capture Agent provides information about changed user passwords.

If none of these parameters is set, Capture Agent looks for available instances of the Quick Connect Service in the following container:

CN=QuickConnect,CN=One Identity,CN=System,DC=<DomainName>

Connection Point 2

Connection Point 3

Connection Point 4

Connection Point 5

Connection Point 6

Connection Point 7

You can modify the default values of these parameters by using Group Policy and the Administrative Template supplied with the One Identity Quick Connect Sync Engine. The next steps assume that all the domain controllers where the Capture Agent is installed are held within organizational units.

Complete these steps to modify the default Capture Agent settings:

Documents connexes