Data Governance Edition components
Before you can gather information on the data in your enterprise, you must set up and configure the Data Governance Edition components. Open the Manager application to configure the following Data Governance Edition components:
-
Service accounts
Add and assign the credentials (service account) to ensure that you can access resources on the computers within the domain. For more information, see Authentication using service accounts and managed domains.
-
Managed domains
Assign a service account to the domains that contain the computers hosting the data you want to manage. This link between a service account and an Active Directory domain makes it a "managed domain." For more information, see Readying a service account and domains for deployment.
-
Managed hosts
Add managed hosts which are network objects that can host resources and can be assigned an agent to monitor security and collect resource activity. For more information, see Working with managed hosts and agents.
One Identity Manager service (job server) - Data Governance connector flag
In order to process some of the Data Governance Edition report requests and to process self-service requests for governed data from the web portal, a One Identity manager service must be running as an account that is able to access the Data Governance service (that is, either a Data Governance service account or an account mapped to an employee with the appropriate One Identity Manager application roles). The job servers that host these One Identity Manager services must be marked in the database with the "Data Governance connector" flag using the job server editor in the Designer application.
To set the connector flag in the database
- Open the Designer.
- In the lower pane of the navigation view, select Base Data.
- In the Base Data navigation view, select Installation | Job server.
- At the bottom of the right pane, select the Server functions tab.
- Double-click Data Governance connector. The icon to the left of the name will change to a check mark.
- Click the
Commit to database toolbar button.
- Select the Database | Compile database menu command to display the Database Compilation wizard.
One Identity Manager - Synchronization projects
To get a complete view of your environment, you must first run the One Identity Manager Synchronization Editor to configure the synchronize between the One Identity Manager database and your target environments (Active Directory and if applicable, SharePoint, UNIX, Azure Active Directory, and SharePoint Online).
-
Run the One Identity Manager Synchronization Editor to set up a synchronization project to load Active Directory objects into the One Identity Manager database.
For more information, see Setting up synchronization with an Active Directory environment in the One Identity Manager Administration Guide for Connecting to Active Directory.
-
If applicable, once your Active Directory synchronization projects have completed, set up a synchronization project to load SharePoint objects into the One Identity Manager database.
Important: Active Directory synchronization MUST be complete before beginning the SharePoint synchronization project.
For more information, see Setting up synchronization with a SharePoint environment in the One Identity Manager Administration Guide for Connecting to SharePoint.
- If you are planning on using NFS managed hosts, set up a synchronization project to load UNIX objects into the One Identity Manager database.
- If you are planning on scanning folders hosted on cloud providers, set up the following synchronization projects:
-
Azure Active Directory to configure the synchronization between the One Identity Manager database and Azure Active Directory.
NOTE: To have One Identity Manager automatically create employees for Azure Active Directory users at synchronization time, ensure that the TargetSystem | AzureAD | PersonAutoFullSync configuration setting is set to SEARCH AND CREATE.
If this configuration setting is set to NO, use the Designer to change it BEFORE you run the Azure Active Directory synchronization project.
For more information on setting up a synchronization project for an Azure Active Directory tenant, see the One Identity Manager Administration Guide for Azure Active Directory.
-
SharePoint Online to configure the synchronization of data between the SharePoint Online database and the One Identity Manager Service.
NOTE: Azure Active Directory synchronization MUST be complete before beginning the SharePoint Online synchronization project.
For more information, see the One Identity Manager Administration Guide for Connecting to SharePoint Online.
-
Assign employee to UNIX account
In order to assign ownership to an NFS Export resource, ensure that an Active Directory employee is assigned to the UNIX account.
To assign a One Identity Manager Employee to a UNIX account
- In the Manager, select Employees | Employees.
- Locate and select the employee, right-click and select Tasks | Assign Unix user accounts.
- In the lower pane, locate and double-click the account to be assigned to the selected employee.