Analyzing synchronization
Synchronization results are summarized in the synchronization log. You can specify the extent of the synchronization log for each system connection individually. One Identity Manager provides several reports in which the synchronization results are organized under different criteria.
To display a synchronization log
-
Open the synchronization project in the Synchronization Editor.
-
Select the Logs category.
-
Click in the navigation view toolbar.
Logs for all completed synchronization runs are displayed in the navigation view.
-
Select a log by double-clicking it.
An analysis of the synchronization is shown as a report. You can save the report.
Synchronization logs are stored for a fixed length of time.
To modify the retention period for synchronization logs
Post-processing outstanding objects
Objects, which do not exist in the target system, can be marked as outstanding in One Identity Manager by synchronizing. This prevents objects being deleted because of an incorrect data situation or an incorrect synchronization configuration.
Outstanding objects:
-
Cannot be edited in One Identity Manager.
-
Are ignored by subsequent synchronizations.
-
Are ignored by inheritance calculations.
This means, all memberships and assignments remain intact until the outstanding objects have been processed.
Start target system synchronization to do this.
To allow post-processing of outstanding objects
Related topics
Configuring target system synchronization
Create a target system for post-processing outstanding objects. Assign tables you want to be populated by synchronization, to this target system type. Specify the tables for which outstanding objects can be published in the target system during post-processing. Define a process for publishing the objects.
To create a target system type
-
In the Manager, select the Data Synchronization | Basic configuration data | Target system types category.
-
Click in the result list.
-
Edit the target system type master data.
- Save the changes.
Enter the following data for a target system type.
Table 15: Master data for a target system type
Target system type |
Target system type description. |
Description |
Text field for additional explanation. |
Display name |
Name of the target system type as displayed in One Identity Manager tools. |
Cross-boundary inheritance |
Specifies whether user accounts can be assigned to groups if they belong to different custom target systems.
NOTE: If this option is not set, the target system type is used to group the target systems. |
Show in compliance rule wizard |
Specifies whether the target system type for compliance rule wizard can be selected when rule conditions are being set up. |
Text snippet |
Text snippets used for linking text in the compliance rule wizard. |
To add tables to target system synchronization
-
In the Manager, select the Data Synchronization | Basic configuration data | Target system types category.
-
In the result list, select the target system type.
-
Select the Assign synchronization tables task.
-
In the pane, assign custom tables to the outstanding objects you want to handle.
- Save the changes.
-
Select the Configure tables for publishing task.
-
Select the tables that contain the outstanding objects that can be published in the target system and set the Publishable option.
- Save the changes.
NOTE: The connector must have write access to the target system in order to publish outstanding objects that are being post-processed. That means, the Connection is read-only option must not be set for the target system connection.
To publish outstanding objects
-
For each table for which you want to publish outstanding objects, create a process, which is triggered by the event HandleOutstanding and which executes the provisioning of the objects. Use the AdHocProjection process task of the ProjectorComponent process component. For detailed information about defining processes, see the One Identity Manager Configuration Guide.
How to post-process outstanding objects
To post-process outstanding objects
-
In the Manager, select the Data synchronization | Target system synchronization: <target system type> category.
All tables assigned to the target system type are displayed in the navigation view.
-
Select the table whose outstanding objects you want to edit in the navigation view.
All objects marked as outstanding are shown on the form.
TIP:
To display object properties of an outstanding object
- Select the object on the target system synchronization form.
- Open the context menu and click Show object.
-
Select the objects you want to rework. Multi-select is possible.
-
Click on one of the following icons in the form toolbar to execute the respective method.
Table 16: Methods for handling outstanding objects
|
Delete |
The object is immediately deleted from the One Identity Manager database. Deferred deletion is not taken into account. The Outstanding label is removed from the object.
Indirect memberships cannot be deleted. |
|
Publish |
The object is added to the target system. The Outstanding label is removed from the object.
The method triggers the HandleOutstanding event. This runs a target system specific process that triggers the provisioning process for the object.
Prerequisites:
-
The table containing the object can be published.
-
The target system connector has write access to the target system.
-
A custom process is set up for provisioning the object. |
|
Reset |
The Outstanding label is removed for the object. |
- Confirm the security prompt with Yes.
NOTE: By default, the selected objects are processed in parallel, which speeds up execution of the selected method. If an error occurs during processing, the action is stopped and all changes are discarded.
Bulk processing of objects must be disabled if errors are to be localized, which means the objects are processed sequentially. Failed objects are named in the error message. All changes that were made up until the error occurred are saved.
To disable bulk processing
Related topics