Ignoring data error in synchronization
By default, objects with incorrect data are not synchronized. These objects can be synchronized once the data has been corrected. In certain situations, however, it might be necessary to synchronize objects like these and ignore the data properties that have errors. This synchronization behavior can be configured in One Identity Manager.
To ignoring data errors during synchronization in One Identity Manager
-
In the Synchronization Editor, open the synchronization project.
-
Select the Configuration > One Identity Manager connection category.
-
In the General view, click Edit connection.
This starts the system connection wizard.
-
On the Additional options page, enable Try to ignore data errors.
This option is only effective if Continue on error is set in the synchronization workflow.
Default columns, such as primary keys, UID columns, or mandatory input columns cannot be ignored.
- Save the changes.
IMPORTANT: If this option is set, One Identity Manager tries to ignore commit errors that could be related to data errors in a single column. This causes the data changed in the affected column to be discarded and the object is subsequently saved again. This effects performance and leads to loss of data.
Only set this option in the exceptional circumstance of not being able to correct the data before synchronization.
Managing Google Workspace user accounts and employees
The main feature of One Identity Manager is to map employees together with the main data and permissions available to them in different target systems. To achieve this, information about user accounts and permissions can be read from the target system into the One Identity Manager database and linked to employees. This provides an overview of the permissions for each employee in all of the connected target systems. One Identity Manager offers the option of managing user accounts and their permissions. You can provision modifications in the target systems. Employees are supplied with the necessary permissions in the connected target systems according to their function in the company. Regular synchronization keeps data consistent between target systems and the One Identity Manager database.
Because requirements vary between companies, One Identity Manager offers different methods for supplying user accounts to employees. One Identity Manager supports the following methods for linking employees and their user accounts:
-
Employees can automatically obtain their account definitions using user account resources. If an employee does not yet have a user account in a customer, a new user account is created. This is done by assigning account definitions to an employee using the integrated inheritance mechanism and subsequent process handling.
When you manage account definitions through user accounts, you can specify the way user accounts behave when employees are enabled or deleted.
- When user accounts are inserted, they can be automatically assigned to an existing employee or a new employee can be created if necessary. In the process, the employee main data is created on the basis of existing user account main data. This mechanism can be implemented if a new user account is created manually or by synchronization. However, this is not the One Identity Manager default method. You must define criteria for finding employees for automatic employee assignment.
- Employees and user accounts can be entered manually and assigned to each other.
For more information about employee handling and administration, see the One Identity Manager Target System Base Module Administration Guide.
Related topics
Account definitions for Google Workspace user accounts
One Identity Manager has account definitions for automatically allocating user accounts to employees. You can create account definitions for every target system. If an employee does not yet have a user account in a target system, a new user account is created. This is done by assigning account definitions to an employee.
The data for the user accounts in the respective target system comes from the basic employee data. The employees must have a central user account. The assignment of the IT operating data to the employee’s user account is controlled through the primary assignment of the employee to a location, a department, a cost center, or a business role. Processing is done through templates. There are predefined templates for determining the data required for user accounts included in the default installation. You can customize templates as required.
Specify the manage level for an account definition for managing user accounts. The user account’s manage level specifies the extent of the employee’s properties that are inherited by the user account. This allows an employee to have several user accounts in one target system, for example:
For more detailed information about the principles of account definitions, manage levels, and determining the valid IT operating data, see the One Identity Manager Target System Base Module Administration Guide.
The following steps are required to implement an account definition:
-
Creating account definitions
-
Configuring manage levels
-
Creating the formatting rules for IT operating data
-
Collecting IT operating data
-
Assigning account definitions to employees and target systems
Detailed information about this topic
Creating account definitions
To create a new account definition
-
In the Manager, select the Google Workspace > Basic configuration data > Account definitions > Account definitions category.
-
Click in the result list.
-
On the main data form, enter the main data of the account definition.
-
Save the changes.
Related topics