Individual objects can only be synchronized if the object is already present in the One Identity Manager database. The changes are applied to the mapped object properties. If a membership list belongs to one of these properties, the entries in the assignment table will also be updated.
NOTE: If the object is no longer present in the target system, then it is deleted from the One Identity Manager database.
To synchronize a single object
-
In the Manager, select the SharePoint category.
-
Select the object type in the navigation view.
-
In the result list, select the object that you want to synchronize.
-
Select the Synchronize this object task.
A process for reading this object is entered in the job queue.
Features of synchronizing memberships
If you synchronize changes in an object's member list, run single object synchronization on the assignment's root object, The base table of an assignment contains an XDateSubItem column containing information about the last change to the memberships.
Example:
Base object for assigning SharePoint user accounts to SharePoint groups is the group.
In the target system, a user account was assigned to a group. To synchronize this assignment, in the Manager, select the group that the user account was assigned to and run single object synchronization. In the process, all of the group's memberships are synchronized.
The user account must already exist as an object in the One Identity Manager database for the assignment to be made.
Detailed information about this topic
By default, objects with incorrect data are not synchronized. These objects can be synchronized once the data has been corrected. In certain situations, however, it might be necessary to synchronize objects like these and ignore the data properties that have errors. This synchronization behavior can be configured in One Identity Manager.
To ignoring data errors during synchronization in One Identity Manager
-
In the Synchronization Editor, open the synchronization project.
-
Select the Configuration > One Identity Manager connection category.
-
In the General view, click Edit connection.
This starts the system connection wizard.
-
On the Additional options page, enable Try to ignore data errors.
This option is only effective if Continue on error is set in the synchronization workflow.
Default columns, such as primary keys, UID columns, or mandatory input columns cannot be ignored.
- Save the changes.
IMPORTANT: If this option is set, One Identity Manager tries to ignore commit errors that could be related to data errors in a single column. This causes the data changed in the affected column to be discarded and the object is subsequently saved again. This effects performance and leads to loss of data.
Only set this option in the exceptional circumstance of not being able to correct the data before synchronization.
The following data is relevant for managing SharePoint in One Identity Manager.
- Configuration parameter
Use configuration parameters to configure the behavior of the system's basic settings. One Identity Manager provides default settings for different configuration parameters. Check the configuration parameters and modify them as necessary to suit your requirements.
Configuration parameters are defined in the One Identity Manager modules. Each One Identity Manager module can also install configuration parameters. In the Designer, you can find an overview of all configuration parameters in the Base data > General > Configuration parameters category.
For more information, see Configuration parameters for managing a SharePoint environment.
- Account definitions
One Identity Manager has account definitions for automatically allocating user accounts to employees. You can create account definitions for every target system. If an employee does not yet have a user account in a target system, a new user account is created. This is done by assigning account definitions to an employee.
For more information, see Setting up account definitions.
- Authentication Modes
One Identity Manager supports claims-based authentication as well as classical Windows authentication for logging in to the SharePoint server. The authentication mode to use is defined for the web application and for the user accounts. Usable authentication modes are maintained in the One Identity Manager database.
For more information, see Authentication modes.
- Prefixes
Prefixes are URLs relative to a web application that can be stored under a site collection.
For more information, see Prefixes.
- Zones and alternative URLs
All the zones that you can configure for a web application are stored in the One Identity Manager database.
For more information, see Zones and alternative URLs.
- Site templates
Use site templates to add sites.
For more information, see SharePoint site templates.
- Permissions
User permissions for a SharePoint site or a web application are authorized by SharePoint permissions. Permissions are grouped into permission levels and permission policies.
For more information, see SharePoint permissions.
- Target system types
Target system types are required for configuring target system comparisons. Tables with outstanding objects are maintained with the target system types and settings are configured for provisioning memberships and single objects synchronization. Target system types also map objects in the Unified Namespace.
For more information, see Post-processing outstanding objects.
- Servers
In order to handle target system specific processes in One Identity Manager, the synchronization server and its server functionality must be declared.
For more information, see Editing a server.
- Target system managers
A default application role exists for the target system manager in One Identity Manager. Assign the employees who have permission to edit all SharePoint farms in One Identity Manager to this application role.
Define additional application roles if you want to limit the permissions for target system managers to individual SharePoint farms. The application roles must be added under the default application role.
For more information, see Target system managers.
One Identity Manager supports claims-based authentication as well as classical Windows authentication for logging in to the SharePoint server. The authentication mode to use is defined for the web application and for the user accounts. Usable authentication modes are maintained in the One Identity Manager database. One Identity Manager supplies the default authentication systems "Windows (Claims)" (=claims-based Windows authentication) and "Windows Classic Mode" (=classic Window authentication). If you use other authentication systems in your SharePoint environment, add them separately in the One Identity Manager. This makes it possible to assign user accounts to authentication modes. Enter the user and group prefix data. This is required to add new SharePoint user accounts in One Identity Manager.
To add an authentication mode
- Select the SharePoint > Basic configuration data > Authentication modes category.
- Click
in the result list.
- Enter the required data on the main data form.
- Save the changes.
Enter the required data for your own authentication mode:
Table 7: properties
| System ID |
A identifier for the authentication mode. |
| User prefix |
Prefix for formatting a login name for new user accounts. The associated authentication object is not a group. This means, the user account option Group is not set. |
| Group prefix |
Prefix for formatting a login name for new user accounts. The associated authentication object is a group. This means, the user account option Group is set. |
| Column for login name |
Column in the table Person used to format the login name for new user accounts. This information is required if employees are linked to user accounts though automatic employee assignment. |
To assign your own authentication modes automatically to user accounts
