サポートと今すぐチャット
サポートとのチャット

Active Roles 8.1.3 - Synchronization Service Administration Guide

Synchronization Service overview Deploying Synchronization Service Deploying Synchronization Service for use with AWS Managed Microsoft AD Getting started Connections to external data systems
External data systems supported with built-in connectors
Working with Active Directory Working with an AD LDS (ADAM) instance Working with Skype for Business Server Working with Oracle Database Working with Oracle Database user accounts Working with Exchange Server Working with Active Roles Working with One Identity Manager Working with a delimited text file Working with Microsoft SQL Server Working with Micro Focus NetIQ Directory Working with Salesforce Working with ServiceNow Working with Oracle Unified Directory Working with an LDAP directory service Working with an OpenLDAP directory service Working with IBM DB2 Working with IBM AS/400 Working with IBM RACF Working with MySQL database Working with an OLE DB-compliant relational database Working with SharePoint Working with Microsoft 365 Working with Microsoft Azure Active Directory Configuring data synchronization with the SCIM Connector Configuring data synchronization with the Generic SCIM Connector
Using connectors installed remotely Creating a connection Renaming a connection Deleting a connection Modifying synchronization scope for a connection Using connection handlers Specifying password synchronization settings for a connection
Synchronizing identity data Mapping objects Automated password synchronization Synchronization history Scenarios of use Developing PowerShell scripts for attribute synchronization rules Using PowerShell script to transform passwords

Configuring advanced settings for an Oracle Database or Oracle Database user account connection

The Advanced setting provides the following options that allow you to specify custom SQL queries which will automatically run each time Synchronization Service has created, updated, or deleted a user account in Oracle Database:

  • SQL queries to run after user provisioned: Specifies the SQL queries to run each time Synchronization Service creates a user account in the Oracle Database.

  • SQL queries to run after user updated: Specifies the SQL queries to run each time Synchronization Service updates a user account in the Oracle Database.

  • SQL queries to run after user deprovisioned: Specifies the SQL queries to run each time Synchronization Service deletes a user account in the Oracle Database.

Below each of these options, you can use the following buttons:

  • Add: Adds a new SQL query to the list.

  • Edit: Allows you to edit the SQL query selected in the list.

  • Delete: Deletes the SQL query selected in the list.

SQL queries run in the order they are listed. If necessary, you can rearrange the SQL queries in the lists: select an SQL query in the appropriate list, then click the up or down arrow button to move the query as necessary.

Specifying attributes to identify objects for Oracle Database

The Specify attributes to identify objects option provides the following options, allowing you to specify the attributes for uniquely identifying each object in the connected data system:

  • Available attributes: Lists the attributes that are available in the external data system. Use this list to select the attributes whose values you want to use to generate a unique identifier for each object in the external data system. You can filter attributes by typing in the text box at the top of this list. To select multiple attributes, hold down CTRL and click to select attributes in the list.

  • UniqueID attributes: Lists the attributes whose values are currently used to generate a unique identifier for each object in the external data system.

  • Add->: Moves the selected attributes from the Available attributes list to the UniqueID attributes list.

  • <-Remove: Moves the selected attributes from the UniqueID attributes list to the Available attributes list.

  • Constructed UniqueID: Displays a combination of the attributes whose values will make up a unique identifier for each object in the external data system.

Sample SQL queries for working with an Oracle Database

The sample queries provided below are only applicable if Synchronization Service is connected to the target Oracle Database through the Oracle Database Connector.

Example: Adding a new entry

This SQL query illustrates how to add a new entry to the table named SQLConnTest1 in Oracle Database to which you want to provision data from another connected system.

Table 12: Adding a new entry to the SQLConnTest1 table
Database table structure Sample query
CREATE TABLE "SQLConnTest1"("Id" number,"attr1" nchar(64), "attr2" nchar(64)) Insert into SQLConnTest1(attr1) values(:attr1) returning Id into :Id

In this sample query, Id stands for the attribute that uniquely identifies each object in the Oracle Database.

Example: Creating a new user

This SQL query illustrates how to create a new user in the Oracle Database:

call dbms_utility.exec_ddl_statement('CREATE USER ' || :USERNAME || ' IDENTIFIED BY ' || :newPassword)

In this sample query:

  • USERNAME refers to the name of the attribute that uniquely identifies the user in the Oracle Database.

  • newPassword refers to the name of the attribute that will store the initial password you want to set for the new Oracle Database user.

Working with Oracle Database user accounts

This section describes how to create or modify a connection to Oracle Database user accounts with the Active Roles Synchronization Service. It also lists the type of data you can read and/or write in Oracle Database user accounts with the Synchronization Service.

To create a connection to Oracle Database user accounts and work with the user accounts in that data system, use the Oracle Database User Account Connector of the Synchronization Service.

The Oracle Database User Account Connector supports the following features:

Table 13: Oracle Database User Account Connector – Supported features

Feature

Supported

Bidirectional synchronization

Specifies whether you can both read and write data in the connected data system.

Yes

Delta processing mode

Specifies whether the connection can process only the data that has changed in the connected data system since the last synchronization operation. This reduces the overall synchronization duration.

No

Password synchronization

Specifies whether you can synchronize user passwords from an Active Directory (AD) domain to the connected data system.

Yes

NOTE: Password synchronization is only supported for user accounts that are authenticated entirely by Oracle Database. The Oracle Database User Accounts Connector does not support password synchronization for Oracle Database user accounts that use external or global authentication from the side of the connected Oracle system.

関連ドキュメント

The document was helpful.

評価を選択

I easily found the information I needed.

評価を選択