Chatta subito con l'assistenza
Chat con il supporto

Identity Manager 8.2.1 - Target System Synchronization Reference Guide

Target system synchronization with the Synchronization Editor Working with the Synchronization Editor Basics of target system synchronization Setting up synchronization
Starting the Synchronization Editor Creating a synchronization project Configuring synchronization
Setting up mappings Setting up synchronization workflows Connecting systems Editing the scope Using variables and variable sets Setting up start up configurations Setting up base objects
Overview of schema classes Customizing the synchronization configuration Checking the consistency of the synchronization configuration Activating the synchronization project Defining start up sequences
Running synchronization Synchronization analysis Setting up synchronization with default connectors Updating existing synchronization projects Script library for synchronization projects Additional information for experts Troubleshooting errors when connecting target systems Configuration parameters for target system synchronization Configuration file examples

Properties of a mapping

Enter the following properties for a mappingClosed.

Table 37: Properties of a mapping

Properties

Meaning

Mapping name

Display name for the mapping. The name must be unique within a synchronization projectClosed. Mapping name is used as key. It cannot be changed after saving.

Mapping directionClosed

Mapping direction permitted for all property mapping rules.

Both directions

Property mapping rules are applied to synchronization in both the direction of the target system and One Identity Manager.

Target systemClosed

Property mapping rules are only used for synchronizing in the direction of the target system.

One Identity Manager

Property mapping rules are only used for synchronizing in the direction of One Identity Manager.

Description

Text field for additional explanation.

Hierarchy synchronization

Specifies whether the mapping is part of the hierarchy. This option is important for optimizing synchronization.

Example:

In Active Directory, all the objects in one container are subordinate. Therefore, the containers map a part of the object hierarchy. Set the Hierarchy synchronization option in the container mapping.

Only suitable for updates

Specifies whether schema class objects are never added during synchronization but only updated or deleted.

This option can be used, for example, if not all target system type mandatory properties in One Identity Manager are editable. Example: Active Directory domains.

Can map through multiply referenced objects

Specifies whether mapping by multi-reference rule should be used to mapped referenced objects.

This option must be set, if more than one mapping is set up for a schema type and the schema type is used as a member in a multiple reference rule. You must decide which of these mappings is going to used to map schema properties and to identify the system objects, Normally, the schema type's default mapping is used.

The option can only be set on one mapping of each schema type.

If more than one mapping is defined for a schema type and the option is not set on any mapping, a message appears on all property mapping rules that the schema type uses.

Schema classClosed in One Identity Manager

One Identity Manager schema class valid for this mapping. Displays all schema classes with a configured mapping, in the menu.

  • Click to edit schema class properties.

Create a new schema class to set up a mapping for another schema type.

  • Click to create a new schema class.

SchemaClosed class in the target system

Target system schemaClosed class valid for this mapping. Displays all schema classes with a configured mapping, in the menu.

  • Click to edit schema class properties.

Create a new schema class to set up a mapping for another schema type.

  • Click to create a new schema class.

Detailed information about this topic

Schema class properties

Enter the following properties for a schema class:

Table 38: Schema class properties

Property

Meaning

Class types

Types of schema classes. The class type can only be specified when a new schema class is added.

Generic schema class

Schema classClosed without a filter function.

Unique objects

SchemaClosed classes, which filter objects based on unique values from different properties. Only distinct objects are filtered. This prevents the system connector from trying to add objects that already exist.

Schema typeClosed

Select the schema type for which you want to create a schema class.

Display name

Schema class display name.

Class name

Unique schema class identifier By default, the class name is based on the schema type. The class name must be unique within a schema type.

Description

Text field for additional explanation.

Distinction

Schema properties, which form a unique value when combined.

This only applies to schema classes with the class type "Unique objects"

CAUTION: The schema class filters objects in an undefined order. Therefore, the result may not be the same each time the filter is used.

Only use this class type for mapping in the direct of One Identity Manager. Otherwise, you cannot guarantee that the same object is updated every time the CSV file is written.

FilterClosed

System filterClosed

Filter that immediately affects the connection system.

Enter the filter in system specific notation, for example, as Where clause for a database system or as LDAP filter for an LDAP system.

If tested against a fixed value that contains at least two dollar characters, the dollar characters must be masked.

NOTE: The system filter does not work, if changes are being provisioned. Therefore, it may not filter more objects than the object selection.

Object selectionClosed

Filter that affects loaded objects.

Condition

Formulate a query for loaded objects. Use the wizard for entering filter.

Script

You can also store a script which determines system objects. The script must be written in the script language specified in the synchronization projectClosed.

NOTE: Object selection must include the filter criteria of the system filter so that One Identity Manager can also assign schema class object when provisioning.

Related topics

Use cases for class types

You want to import employee and organizationClosed data from an external personnel management system into One Identity Manager. All the data is provided in a CSV file and transferred to the database through the CSV connectorClosed in the One Identity Manager database.

Table 39: Example of a CSV file

 

Lastname

FirstName

Department

Location

1

Harris

Clara

Marketing

London

2

Bloggs

Jan

Marketing

Berlin

3

King

Jenny

Marketing

London

4

Basset

Jenny

Sales

Berlin

5

King

Ben

Sales

London

6

Harris

Ben

Sales

Berlin

Employee objects, departments, and location will be added to the One Identity Manager database from this data. The CSV synchronizationClosed exits with an error when a second object with the same name is added because the names of the departments and location are not unique. This can be prevented.

Which objects should be created?

  1. Employees with the LastName and FirstName properties. Object can be uniquely identified through these two properties. The file contain six different objects.

  2. Departments with the Department and Location properties. The file contains four different objects.

  3. Location with the Location property. The file contains two different objects.

For 2. and 3. distinct objects must be supplied Therefore, schema classes with the class type "Unique objects" are created in the mapping.

To set up the mappings

  1. Create a mapping for employees.

    • Create a new schema class in the target system.

      Select the Generic schema class class type and enter the mandatory data.

  2. Create a mapping for the department.

    • Create a new schema class in the target system.

      1. Select the Unique objects class type and enter the mandatory data.

      2. Enable Department and Location on the Distinction tab.

        The schema class filters exactly those objects from the CSV file that are unique identifiable by the combination of Department and Location.

  3. Create a mapping for the location.

    • Create a new schema class in the target system.

      1. Select the Unique objects class type and enter the mandatory data.

      2. Enable Location on the Distinction tab.

        The schema class filters exactly those objects from the CSV file that are unique identifiable by the Location property.

  4. Check the filter results in the target system browser.

    Table 40: SchemaClosed class definition results

    Schema classClosed

    Filtered Objects

    Employees

    Harris; Clara

    Bloggs; Jan

    King; Jenny

    Basset; Jenny

    King; Ben

    Harris; Ben

    Departments

    Marketing; London

    Marketing; Berlin

    Sales; London

    Sales; Berlin

    Locations

    London

    Berlin

Edit schema properties

Important: SchemaClosed properties should only be added, modified, or deleted by experienced Synchronization EditorClosed users and system administrators.

All schema properties of a schema class are displayed in the mapping editor's schema view. There are two different sorts of schema property:

  • Schema properties of schema types from the target system and One Identity Manager schema.

  • Virtual schema propertiesClosed that are:

    • Added by the system connector to extend the target system schema or the One Identity Manager schema

    • Added by the user to extend the connector schema or the One Identity Manager schema

You can use virtual schema properties to represent combinations of schema properties as well as processing stepClosed results as schema properties. They are used amongst other things to map lists of members to One Identity Manager database auxiliary tables. Some virtual schema properties are added by the system connector when you set up the synchronization projectClosed. You can create user specific schema properties. You can use these, for example, to include customClosed One Identity Manager database schema extensions in the mapping.

NOTE: Virtual schema properties are only saved in the synchronization project. They do not modify basic One Identity Manager schema or target system schema.

NOTE You can use variables with fixed values in schema properties. In this case, variable names with dollar signed are included. If the schema property value contains a dollar sign, which is not used to label a variable, it must be masked with $.

Example: Enter the value '300 $$' for a variable with the value '300 $$'.

Related topics
Related Documents

The document was helpful.

Seleziona valutazione

I easily found the information I needed.

Seleziona valutazione