Chatta subito con l'assistenza
Chat con il supporto

Identity Manager 9.3 - Target System Synchronization Reference Guide

Target system synchronization with the Synchronization Editor Working with the Synchronization Editor Basics of target system synchronization Setting up synchronization
Starting the Synchronization Editor Creating a synchronization project Configuring synchronization
Setting up mappings Setting up synchronization workflows Connecting systems Configuring the synchronization log Editing the scope Using variables and variable sets Setting up start up configurations Setting up base objects
Overview of schema classes Customizing the synchronization configuration Checking the consistency of the synchronization configuration Activating the synchronization project Defining start up sequences Copying synchronization projects
Running synchronization Synchronization analysis Setting up synchronization with default connectors Updating existing synchronization projects Script library for synchronization projects Additional information for experts Troubleshooting errors when connecting target systems Configuration parameters for target system synchronization Configuration file examples

Connecting remotely to the target system

Remote access to a target system might be necessary if:

  1. A synchronization projectClosed must be set up.

  2. An existing synchronization project must be configured but there is generally no direct access to the target system.

  3. A existing synchronization project must be configured but there is temporarily no direct access to the target system.

    One IdentityClosed Manager requires a connection to the target system to update the target system schema, to define the scope, or to test the object matching rules, for example. A message appears if you cannot connect to the target system when editing the synchronization configuration. Then you can decide whether you want to connect through a remote connection server, temporarily. In this case, a remote connection dialog opens.

  4. An existing synchronization project needs to be configured but some connection data is encrypted and the encryption values are not known to the Synchronization EditorClosed user.

To set up a remote connection for a new synchronization project.

  1. In the project wizard, on the System access page, set the Connect using remote connection server option.

  2. Enter the remote connection properties.

    For more information, see Remote connection properties.

The remote connection stays connected as long as the project wizard is open.

To set up a remote connection for an existing synchronization project.

  1. In the Synchronization Editor, open the synchronization project.

  2. In the Synchronization Editor toolbar, click Remote connection.

    This opens the remote connection dialog.

  3. Enter the remote connection properties.

    For more information, see Remote connection properties.

  4. Click Connect.

The remote connection remains established as long as the synchronization project is open in the Synchronization Editor.

To close a remote connection

  • In the Synchronization Editor toolbar, click Remote connection.

Remote connection properties
  • Access parameters

    • Server: Full server name or IP address of the server.

      To select an existing Job serverClosed as the remote connection server, click and select the server from the drop-down. This displays all the Job servers that have the One Identity Manager ServiceClosed installed server function selected.

    • Port: Port that is configured for the RemoteConnectPlugin.

  • Authentication

    If SecretAuthentication is configured for the RemoteConnectPlugin:

    • Secret: Secret used by the Synchronization Editor to authenticate on the RemoteConnectPlugin.

    If ADGroupAuthentication is configured for the RemoteConnectPlugin, no data is required.

  • Options

    • RequestClosed timeout: Maximum time allowed for a server query in seconds. If the time is exceeded, the request is canceled.

    • Accept self-signed certificates: Specifies whether self-signed certificates can be accepted.

Related topics

Run Synchronization Editor without target system connection

Sometimes is not necessary to access the connected systemClosed with the Synchronization EditorClosed. In this case the Synchronization Editor can be run with a disconnected target system connection. For example, connection configurations can be viewed and edited without the One Identity Manager attempting to connect to the system in question. However, Synchronization Editor functions, which absolutely require a system connection, cannot be run or cannot be run correctly with it.

To start the Synchronization Editor without target system connection

  1. Start a command line program and go to the One Identity Manager installation directory.
  2. Run the Synchronization Editor with the -o option.

    SynchronizationEditor.exe -o

The target system connection is disconnected by default. The Disconnected button on the toolbar allows you to cancel the disconnect and reconnect.

Related topics

Working with an encrypted database

When you set up a synchronization projectClosed in an encrypted One IdentityClosed Manager database, sensitive data is encrypted. This affects passwords for connection data as well as variables that are labeled as secret. The Synchronization EditorClosed requires all connection data in decrypted form in order to access the connected systemsClosed.

Initially, you can open the synchronization project and edit it partially. If the Synchronization Editor tries to access the connected system, it cannot establish a connection to the system because certain connection parameters are encrypted. The Synchronization Editor offers two ways of deploying the necessary values.

  • By remote connection

    The values can be decrypted through an appropriately configured remote connection. Set up a remote connection server to do this. Note the restrictions mentioned for setting up a remote connection server.

  • By entering the required values

    NOTE: If a remote connection is not possible, you have the option of manually entering the values for establishing a system connection.

To enable the system connection despite encrypted connection data

  1. Edit the system connection.

    An extra dialog is displayed.

  2. To establish a remote connection, enable the first option and click OK.

    1. Enter the remote connection properties.

    2. Click Connect

      This establishes the remote connection. The connection remains in place for as long as the synchronization project is open in the Synchronization Editor.

  3. To enter the required values manually, select the second option.

    • Enter the missing values and click OK.

One Identity Manager can be configured such that sensitive data is encrypted when a synchronization project is opened.

To decrypt encrypted values by default when you open a synchronization project

  • In the DesignerClosed, set the DPR | UI | EncryptedValueHandling configuration parameterClosed and on the Options tab, select the ByUser value.

The user can decide whether encrypted values should be ignored or not.

Table 16: Decryption dialog



Encrypted value

Value required by the connector to establish a system connection.

Ignore this value

Specifies whether to ignore the value. The synchronization project can be selectively edited. However, all actions which required accessing the connected system, cannot be run.

Show values

Specifies whether the values entered are shown. If this option is not set, input is masked.

Remember the values and save locally

Specifies whether the data entered is saved locally. The next time the synchronization project is opened, the stored values are applied and can be confirmed or altered.

IMPORTANT: If an encrypted value has been changed in the One Identity Manager database, the changed value must also be changed on the workstation as soon as the synchronization project is next opened.

Otherwise, the value is overwritten by the locally stored data when the synchronization project is saved. Modifications (of passwords, for example) go missing this way!

To avoid overwriting

  • Update the pre-set values and enable the Remember the values and save locally option.

To delete locally saved data

  1. In the Synchronization Editor, select the Database > Settings menu.

  2. Select the Security tab.

  3. Select a value and click Delete.

Ignore all

Ignores encrypted values and open the synchronization project.

Related topics

Changing a synchronization user's password

One IdentityClosed Manager provides a system user with all the permissions necessary to set up target system synchronizationClosed through an application server and to run it. When you set up the One Identity Manager database, you entered a password for the Synchronization system user. You can change this password in the Synchronization EditorClosed. The password must then be changed in all synchronization projectsClosed that connect to the database through an application server. One Identity Manager can try to update these passwords automatically. If this is not possible, modify the synchronization projects manually.

IMPORTANT: The password may not be changed while synchronization is starting up or running. Only change the password outside working hours!

Only passwords that are managed in One Identity Manager can be changed. There is no menu item shown for externally managed passwords. For more information about managing system user passwords, see the One Identity Manager Authorization and Authentication Guide.

To change the system user's Password

  1. Select the Database > Change synchronization user password menu item.
  2. Enter the required data:
  3. Click OK.
Table 17: Password data
Property Description
Old password Password valid until now.
New password and password confirmation New password for the system user to log on to the database.
Show passwords Passwords are not masked.
Try to update existing synchronization projects One Identity Manager checks all the synchronization projects and tries to update the password. The password is only changed in synchronization projects that are connected with the database through an application server.

To manually update the database connection password

  1. Open the synchronization project which needs to have its password updated.
  2. Select the Configuration > One Identity Manager connection category.
  3. Confirm the prompt with OK.

    Do not establish a remote connection.

  4. Click Edit connection.
  5. Select the Connection parameter page in the system connection wizard.
  6. Enter the new password in Synchronization user's password.
  7. Click Test.
  8. If the connection is successfully established, click Next.
  9. Close the system connection wizard.
  10. Save the changes.
Related Documents

The document was helpful.

Seleziona valutazione

I easily found the information I needed.

Seleziona valutazione