지금 지원 담당자와 채팅
지원 담당자와 채팅

Identity Manager Data Governance Edition 8.1.1 - Deployment Guide

Introduction Data Governance Edition system requirements Install One Identity Manager Data Governance Edition Deploy Data Governance Edition components Post installation configuration Authentication using service accounts and managed domains Working with managed hosts and agents Upgrade Data Governance Edition Remove Data Governance Edition Troubleshooting Appendix: NetApp managed host deployment Appendix: EMC managed host deployment Appendix: SharePoint managed host deployment

Data Governance Edition components

Before you can gather information on the data in your enterprise, you must set up and configure the Data Governance Edition components. Open the Manager application to configure the following Data Governance Edition components:

One Identity Manager service (job server) - Data Governance connector flag

In order to process some of the Data Governance Edition report requests and to process self-service requests for governed data from the web portal, a One Identity manager service must be running as an account that is able to access the Data Governance service (that is, either a Data Governance service account or an account mapped to an employee with the appropriate One Identity Manager application roles). The job servers that host these One Identity Manager services must be marked in the database with the "Data Governance connector" flag using the job server editor in the Designer application.

To set the connector flag in the database

  1. Open the Designer.
  2. In the lower pane of the navigation view, select Base Data.
  3. In the Base Data navigation view, select Installation | Job server.
  4. At the bottom of the right pane, select the Server functions tab.
  5. Double-click Data Governance connector. The icon to the left of the name will change to a check mark.
  6. Click the Commit to database toolbar button.
  7. Select the Database | Compile database menu command to display the Database Compilation wizard.

One Identity Manager - Synchronization projects

To get a complete view of your environment, you must first run the One Identity Manager Synchronization Editor to configure the synchronize between the One Identity Manager database and your target environments (Active Directory and if applicable, SharePoint, UNIX, Azure Active Directory, and SharePoint Online).

  1. Run the One Identity Manager Synchronization Editor to set up a synchronization project to load Active Directory objects into the One Identity Manager database.

    For more information, see Setting up synchronization with an Active Directory environment in the One Identity Manager Administration Guide for Connecting to Active Directory.

  2. If applicable, once your Active Directory synchronization projects have completed, set up a synchronization project to load SharePoint objects into the One Identity Manager database.

    Important: Active Directory synchronization MUST be complete before beginning the SharePoint synchronization project.

    For more information, see Setting up synchronization with a SharePoint environment in the One Identity Manager Administration Guide for Connecting to SharePoint.

  3. If you are planning on using NFS managed hosts, set up a synchronization project to load UNIX objects into the One Identity Manager database.
  4. If you are planning on scanning folders hosted on cloud providers, set up the following synchronization projects:
    1. Azure Active Directory to configure the synchronization between the One Identity Manager database and Azure Active Directory.

      NOTE: To have One Identity Manager automatically create employees for Azure Active Directory users at synchronization time, ensure that the TargetSystem | AzureAD | PersonAutoFullSync configuration setting is set to SEARCH AND CREATE.

      If this configuration setting is set to NO, use the Designer to change it BEFORE you run the Azure Active Directory synchronization project.

      For more information on setting up a synchronization project for an Azure Active Directory tenant, see the One Identity Manager Administration Guide for Azure Active Directory.

    2. SharePoint Online to configure the synchronization of data between the SharePoint Online database and the One Identity Manager Service.

      NOTE: Azure Active Directory synchronization MUST be complete before beginning the SharePoint Online synchronization project.

      For more information, see the One Identity Manager Administration Guide for Connecting to SharePoint Online.

Assign employee to UNIX account

In order to assign ownership to an NFS Export resource, ensure that an Active Directory employee is assigned to the UNIX account.

To assign a One Identity Manager Employee to a UNIX account

  1. In the Manager, select Employees | Employees.
  2. Locate and select the employee, right-click and select Tasks | Assign Unix user accounts.
  3. In the lower pane, locate and double-click the account to be assigned to the selected employee.
관련 문서