Target system |
Name of the target system. |
Target system type |
Type of the target system. Several target systems can be grouped together in a target system type. You can assign user accounts to groups belonging to different target systems within a target system type. |
Canonical name |
Name of the target system conforming with DNS syntax.
target system name.parent target system name.primary system name |
Distinguished name |
Target system's distinguished name. This distinguished name is used to form distinguished names for child objects. If the target system does not supply any distinguished names, you can enter the target system identifier here, for example.
Syntax example: DC = <target system> |
Display name |
Name that is displayed in the One Identity Manager tools for the target system. |
Account definition (initial) |
Initial account definition for creating user accounts. This account definition is used if automatic assignment of employees to user accounts is used for this target system and if user accounts are to be created that are already managed (Linked configured). The account definition's default manage level is applied.
User accounts are only linked to the employee (Linked) if no account definition is given. This is the case on initial synchronization, for example. |
Deferred deletion [days] |
Number of days to defer deletion operations for this target system. For more information, see Setting deferred deletion for custom target system user accounts. |
Target system managers |
Application role in which target system managers are specified. The target system managers only modify the target system objects assigned to them. Therefore, each target system can have a different target system manager assigned to it.
Select the One Identity Manager application role whose members are responsible for administration of this target system. Use the button to add a new application role. |
Synchronized by |
Type of synchronization through which the data is synchronized between the target system and One Identity Manager. You can no longer change the synchronization type once objects for this target system are present in One Identity Manager.
Table 23: Permitted values
Synchronization by script |
none |
One Identity Manager script components |
No synchronization |
none |
none |
If you select Scripted synchronization, you can define custom processes to exchange data between One Identity Manager and the target system. You can configure data imports with the program Data Import or set up synchronization with the CSV connector in the Synchronization Editor. |
Types of system entitlements used |
Types of system entitlements to which user accounts can be assigned in this target system. |
User account contains memberships |
Specifies for which types of system entitlements, memberships are maintained in the user accounts.
Enable the system entitlements with maintained user account memberships. The memberships are stored in the UNSAccountBHasUNSGroupB, UNSAccountBHasUNSGroupB1, UNSAccountBHasUNSGroupB2, UNSAccountBHasUNSGroupB3 tables.
Disable the system entitlements with maintained system entitlements memberships. The memberships are stored in the UNSAccountBInUNSGroupB, UNSAccountBInUNSGroupB1, UNSAccountBInUNSGroupB2, UNSAccountBInUNSGroupB3 tables.
Example:
In the System entitlement types used menu, the values Group and System entitlement 1 are selected. In the User account contains memberships menu, only the value System entitlement 1 is selected.
The memberships in the system entitlements are stored in the UNSAccountBHasUNSGroupB1 (System entitlement 1: Assignments to user accounts) and UNSAccountBInUNSGroupB (User accounts: Assignments to groups) tables. |
Description |
Text field for additional explanation. |
Group memberships as MVP |
Specifies whether group memberships can be grouped together as a list on an multi-value property column of this target system's user accounts (relevant for data import). |
Container structure |
Specifies whether the target system has a contain structure. |