NOTE: The following sequence describes how to configure a synchronization project if the Synchronization Editor is both:
Run in default mode
Started from the Launchpad
If you run the project wizard in expert mode or directly from the Synchronization Editor, additional configuration settings can be made. Follow the project wizard instructions through these steps.
NOTE: Just one synchronization project can be created per target system and default project template used.
To set up an initial synchronization project for an Azure Active Directory tenant
Start the Launchpad and log in on the One Identity Manager database.
NOTE: If synchronization is run by an application server, connect the database through the application server.
Select the Target system type Azure Active Directory entry and click Start.
This starts the Synchronization Editor's project wizard.
On the System access page, specify how One Identity Manager can access the target system.
If access is possible from the workstation on which you started the Synchronization Editor, do not change any settings.
If access is not possible from the workstation on which you started the Synchronization Editor, you can set up a remote connection.
Enable the Connect using remote connection server option and select the server to be used for the connection under Job server.
On the Azure Active Directory tenant page, enter the following information:
Deployment: Select your cloud deployment. Select from Microsoft Graph global service or Microsoft Cloud for US Government (L4) .
Application ID: Enter the application ID. The application ID was generated when registering the One Identity Manager application in the Azure Active Directory tenant.
Login domain: Enter the base domain or a verified domain of your Azure Active Directory tenant.
On the Authentication page, select the type of login and enter the required login data. The information is required depends on how the One Identity Manager application is registered with the Azure Active Directory tenant.
If you have integrated One Identity Manager as a mobile device and desktop application in your Azure Active Directory tenant, select Authenticate as mobile device or desktop application and enter the user account and password for logging in.
If you have integrated One Identity Manager as a web application in your Azure Active Directory tenant, select the option Authenticate as web application and enter the value in the secret.
The secret was generated when the One Identity Manager application was registered with the Azure Active Directory tenant.
On the last page of the system connection wizard, you can save the connection data.
Set the Save connection locally option to save the connection data. This can be reused when you set up other synchronization projects.
Click Finish, to end the system connection wizard and return to the project wizard.
On the One Identity Manager Connection tab, test the data for connecting to the One Identity Manager database. The data is loaded from the connected database. Reenter the password.
NOTE:
If you use an unencrypted One Identity Manager database and have not yet saved any synchronization projects to the database, you need to enter all connection data again.
This page is not shown if a synchronization project already exists.
The wizard loads the target system schema. This may take a few minutes depending on the type of target system access and the size of the target system.
On the Select project template page, select the Azure Active Directory Synchronization template.
Option | Meaning |
---|---|
Specifies that a synchronization workflow is only to be set up for the initial loading of the target system into the One Identity Manager database. The synchronization workflow has the following characteristics:
| |
Read/write access to target system. Provisioning available. |
Specifies whether a provisioning workflow is set up in addition to the synchronization workflow for the initial loading of the target system. The provisioning workflow displays the following characteristics:
|
On the Synchronization server page, select the synchronization server to run the synchronization.
If the synchronization server is not declared as a Job server in the One Identity Manager database yet, you can add a new Job server.
Click to add a new Job server.
Enter a name for the Job server and the full server name conforming to DNS syntax.
The synchronization server is declared as Job server for the target system in the One Identity Manager database.
NOTE: After you save the synchronization project, ensure that this server is set up as a synchronization server.
To close the project wizard, click Finish.
This creates and allocates a default schedule for regular synchronization. Enable the schedule for regular synchronization.
This sets up, saves and immediately activates the synchronization project.
NOTE:
If enabled, a consistency check is carried out. If errors occur, a message appears. You can decide whether the synchronization project can remain activated or not.
Check the errors before you use the synchronization project. To do this, in the General view on the Synchronization Editor‘s start page, click Verify project.
If you do not want the synchronization project to be activated immediately, disable the Activate and save the new synchronization project automatically option. In this case, save the synchronization project manually before closing the Synchronization Editor.
The connection data for the target system is saved in a variable set and can be modified in the Synchronization Editor in the Configuration > Variables category.
All the information, tips, warnings, and errors that occur during synchronization are recorded in the synchronization log. You can configure the type of information to record separately for each system connection.
To configure the content of the synchronization log
To configure the synchronization log for target system connection, select the Configuration > Target system category in the Synchronization Editor.
- OR -
To configure the synchronization log for the database connection, select the Configuration > One Identity Manager connection category in the Synchronization Editor.
Select the General view and click Configure.
Select the Synchronization log view and set Create synchronization log.
Enable the data to be logged.
NOTE: Some content generates a particularly large volume of log data. The synchronization log should only contain data required for error analysis and other analyzes.
Synchronization logs are stored for a fixed length of time.
To modify the retention period for synchronization logs
In the Designer, enable the DPR | Journal | LifeTime configuration parameter and enter the maximum retention period.
Having used the Synchronization Editor to set up a synchronization project for initial synchronization of an Azure Active Directory tenant, you can use the synchronization project to load Azure Active Directory objects into the One Identity Manager database. If you manage user accounts and their authorizations with One Identity Manager, changes are provisioned in the Azure Active Directory environment.
You must customize the synchronization configuration to be able to regularly compare the database with the Azure Active Directory environment and to synchronize changes.
To use One Identity Manager as the primary system during synchronization, create a workflow with synchronization in the direction of the Target system.
You can use variables to create generally applicable synchronization configurations that contain the necessary information about the synchronization objects when synchronization starts. Variables can be implemented in base objects, schema classes, or processing method, for example.
Use variables to set up a synchronization project for synchronizing different clients. Store a connection parameter as a variable for logging in to the clients.
To specify which Azure Active Directory objects and database objects are included in synchronization, edit the scope of the target system connection and the One Identity Manager database connection. To prevent data inconsistencies, define the same scope in both systems. If no scope is defined, all objects will be synchronized.
Update the schema in the synchronization project if the One Identity Manager schema or target system schema has changed. Then you can add the changes to the mapping.
To synchronize additional schema properties, update the schema in the synchronization project. Include the schema extensions in the mapping.
For more information about configuring synchronization, see the One Identity Manager Target System Synchronization Reference Guide.
© 2024 One Identity LLC. ALL RIGHTS RESERVED. Termini di utilizzo Privacy Cookie Preference Center