지금 지원 담당자와 채팅
지원 담당자와 채팅

Identity Manager 8.2 - One Identity Manager Connector User Guide

Selecting tables and columns for system synchronization

Before you create a synchronization project for system synchronization, flag all the table and column content to synchronize.

To select a table for system synchronization

  1. In the Designer, select the One Identity Manager schema category.

  2. Select the table and start the Schema Editor with the Show table definition task.

  3. In the Table properties view, select the System synchronization tab.

  4. Edit the following table properties:

    • Synchronization mode: Permitted synchronization directions and processing methods for this table. Set all the bit positions that apply to this table.

      Set:

      • The direction of synchronization

      • Whether to provision changes to the central database,

      • Which processing methods to use for application data

      • Whether to update system data

      • Which schedule to use for synchronizing this table (start frequency)

        If neither the Start synchronization frequently or the Start synchronization very frequently bit positions is set, synchronization is started once a day (default).

    • Columns for alternative rules: Comma delimited list of columns to be used for creating alternative object matching rules.

      If the One Identity Manager connector cannot identify a system object through the primary object matching rule, it applies the alternative rules to determine a matching system object. Enter the technical names of all the columns for which you want to generate alternative rules.

    • Columns for alternative rules: .NET class used to consider special cases when generating a synchronization project between two One Identity Manager databases.

  5. Set the permitted mapping direction for all columns to be mapped.

    1. Select the column in the Schema Editor and edit the column properties.

    2. On the More tab, in the Mapping direction menu, select all permitted mapping directions.

  6. Perform steps 2 to 5 for all the tables that are going to be synchronized.

  7. Select the Database > Save to database and click Save.

IMPORTANT: If an assignment table is selected for synchronization and the Provisioning the central database synchronization mode is selected, the table's Assign by event property must be enabled for this table to generate the provisioning processes.

If this table property is enabled after a synchronization project has been generated, then the synchronization project must be regenerated.

To set the mapping direction for a column

  1. In the Designer, select the One Identity Manager schema category.

  2. Select the table and start the Schema Editor with the Show table definition task.

  3. Select the column in the Schema Editor and edit the column properties.

  4. On the More tab, in the Mapping direction menu, select all permitted mapping directions.

  5. Select the Database > Save to database and click Save.

If you change the tables or columns to be synchronized after the synchronization project has been generated, the synchronization project will be updated automatically.

Related topics

Information required for creating a synchronization project for system synchronization

To set up a synchronization project for system synchronization, have the following information ready.

Table 1: Information required to set up a synchronization project
Data Explanation

Connection credentials for the central database

For connecting directly to the database:

  • Database server

  • Database name

  • SQL Server login and password

  • Specifies whether integrated Windows authentication is used

    Use of the integrated Windows authentication is not recommended. If you decide to use it anyway, ensure that your environment supports Windows authentication.

For connecting over an application server:

  • Application server URL

  • Synchronization user's password

Connection credentials for the work database

  • Database server

  • Database name

  • SQL Server login and password

  • Specifies whether integrated Windows authentication is used

    Use of the integrated Windows authentication is not recommended. If you decide to use it anyway, ensure that your environment supports Windows authentication.

Synchronization server

All One Identity Manager Service actions are run against the target system environment on the synchronization server. Data entries required for synchronization and administration with the One Identity Manager database are processed by the synchronization server.

Installed components:

  • One Identity Manager Service (started)

The synchronization server must be declared as a Job server in One Identity Manager. The Job server name is required.

For more information, see Setting up the synchronization server.

Remote connection server

To configure synchronization with a target system, One Identity Manager must load the data from the target system. One Identity Manager communicates directly with the target system to do this. Sometimes direct access from the workstation, on which the Synchronization Editor is installed, is not possible. For example, because of the firewall configuration or the workstation does not fulfill the necessary hardware and software requirements. If direct access is not possible from the workstation, you can set up a remote connection.

The remote connection server and the workstation must be in the same Active Directory domain.

Remote connection server configuration:

  • One Identity Manager Service is started

  • RemoteConnectPlugin is installed

The remote connection server must be declared as a Job server in One Identity Manager. The Job server name is required.

TIP: The remote connection server requires the same configuration as the synchronization server (with regard to the installed software and entitlements). Use the synchronization as remote connection server at the same time, by simply installing the RemoteConnectPlugin as well.

For more detailed information about setting up a remote connection, see the One Identity Manager Target System Synchronization Reference Guide.

Detailed information about this topic

Creating a synchronization project for the system synchronization

NOTE: Exactly one synchronization project for system synchronization can be created for a work database.

There is a wizard to assist you with setting up a synchronization project. This wizard takes you through all the steps you need to set up initial synchronization with a target system. Click Next once you have entered all the data for a step.

NOTE: The following sequence describes how to configure a synchronization project if the Synchronization Editor is both:

  • Run in default mode

  • Started from the Launchpad

If you run the project wizard in expert mode or directly from the Synchronization Editor, additional configuration settings can be made. Follow the project wizard instructions through these steps.

To set up a synchronization project

  1. Start the Launchpad and log in on the One Identity Manager database.

    NOTE: If synchronization is run by an application server, connect the database through the application server.

  1. On the System access page, specify how One Identity Manager can access the target system.

    • If access is possible from the workstation on which you started the Synchronization Editor, do not change any settings.

    • If access is not possible from the workstation on which you started the Synchronization Editor, you can set up a remote connection.

      Enable the Connect using remote connection server option and select the server to be used for the connection under Job server.

  • Click Next to start the system connection wizard to create a connection to a One Identity Manager database.

  1. Select the database system to which you want to connect on the Select database system page.

    • Direct database connection: Specifies whether to connect directly to the central database.

    • Application server: Specifies whether the central database should be connected through an application server.

      Set this option if modules other than in the work database are installed in the central database, or if the central database is running with an older version of One Identity Manager.

    • Use application server REST API: Specifies whether to use the application server's REST API for communicating with the central database.

      IMPORTANT: Enable this option if the central database is operated with an older version of One Identity Manager.

  2. On the Connection parameters page, enter the database credentials for the central database.

    • Enter the following data connecting directly to the database:

      • Server: Database server.

      • (Optional) Windows Authentication: Specifies whether the integrated Windows authentication is used. This type of authentication is not recommended. If you decide to use it anyway, ensure that your environment supports Windows authentication.

      • User: SQL Server Login name of the installation user.

      • Password: Password for the installation user.

      • Database: Select the database.

    • To connect through an application server, enter the URL and Synchronization user password.

    • To enter additional information about the database connection, click Advanced options.

    • Click Test.

  3. Enter the private key for encrypting the database on the Encryption page.

  4. On the Additional settings page, you define additional settings to customize the behavior of the connector.

    • Try to ignore data errors: Specifies whether objects with erroneous data should be synchronized with the central database.

      By default, objects with incorrect data are not synchronized. These objects can be synchronized once the data has been corrected. In certain situations, however, it might be necessary to synchronize objects like these and ignore the data properties that have errors.

      IMPORTANT: If data errors are ignored, performance will be affected. Synchronization can also lead to data loss. Only set this option in the exceptional circumstance of not being able to correct the data before synchronization.

      NOTE:

      • The option cannot be enabled if the REST API of the application server is used.

      • Default columns, such as primary keys, UID columns, or mandatory input columns cannot be ignored.

  5. On the last page of the system connection wizard, you can save the connection data.

    • Set the Save connection locally option to save the connection data. This can be reused when you set up other synchronization projects.
    • Click Finish, to end the system connection wizard and return to the project wizard.

  1. On the One Identity Manager Connection tab, test the data for connecting to the One Identity Manager database. The data is loaded from the connected database. Reenter the password.

    NOTE:

    • If you use an unencrypted One Identity Manager database and have not yet saved any synchronization projects to the database, you need to enter all connection data again.

    • This page is not shown if a synchronization project already exists.

  2. The wizard loads the target system schema. This may take a few minutes depending on the type of target system access and the size of the target system.

  1. On the Select project template page, select a project template to use for setting up the synchronization configuration.

    • Select AutomaticOne Identity Manager synchronization.

  1. To close the project wizard, click Finish.
  2. Save the synchronization project in the database.

Only the connection credentials for the connected systems may be changed manually in a generated synchronization project.

Related topics

Starting system synchronization

Three schedules are generated for starting system synchronization. By default, synchronization is started once a day. If you want synchronization to start more frequently for certain tables, adjust the synchronization mode for these tables.

To change how frequently a table is synchronized

  1. In Designer, edit the table properties of the table you want to synchronize.

  2. On the System synchronization tab, select the Synchronization mode menu.

  3. Select the synchronization frequency.

    • If you want to start synchronization several times a day, activate Start synchronization frequently.

    • If you want to start synchronization several times per hour, activate Start synchronization very frequently.

    If none of these options is enabled, this table will synchronized once a day.

  4. Save the changes.

NOTE: Synchronization can only be started if the synchronization project is activated.

Related topics
관련 문서

The document was helpful.

평가 결과 선택

I easily found the information I needed.

평가 결과 선택