There is a wizard to assist you with setting up a synchronization project. This wizard takes you through all the steps you need to set up initial synchronization with a target system. Click Next once you have entered all the data for a step.
NOTE: The following sequence describes how to configure a synchronization project if the Synchronization Editor is both:
If you run the project wizard in expert mode or directly from the Synchronization Editor, additional configuration settings can be made. Follow the project wizard instructions through these steps.
To set up a synchronization project
-
Start the Launchpad and log in on the One Identity Manager database.
NOTE: If synchronization is run by an application server, connect the database through the application server.
- Select the One Identity Manager connector entry. Click Run.
This starts the Synchronization Editor's project wizard.
-
On the System access page, specify how One Identity Manager can access the target system.
-
If access is possible from the workstation on which you started the Synchronization Editor, do not change any settings.
-
If access is not possible from the workstation on which you started the Synchronization Editor, you can set up a remote connection.
Enable the Connect using remote connection server option and select the server to be used for the connection under Job server.
- Click Next to start the system connection wizard to create a connection to a One Identity Manager database.
- On the start page of the system connection wizard, click Next.
- On the Select database system page, select the database system to which you want to connect.
- On the Connection parameters page, enter the database connection data.
-
Server: Database server.
-
(Optional) Windows Authentication: Specifies whether the integrated Windows authentication is used. This type of authentication is not recommended. If you decide to use it anyway, ensure that your environment supports Windows authentication.
-
User: SQL Server Login name of the installation user.
-
Password: Password for the installation user.
-
Database: Select the database.
- To enter additional information about the database connection, click Advanced options.
- On the Encryption page, enter the private key for encrypting the database.
- You can save the connection data on the last page of the system connection wizard.
- Set the Save connection locally option to save the connection data. This can be reused when you set up other synchronization projects.
- Click Finish, to end the system connection wizard and return to the project wizard.
-
On the One Identity Manager Connection tab, test the data for connecting to the One Identity Manager database. The data is loaded from the connected database. Reenter the password.
NOTE:
-
If you use an unencrypted One Identity Manager database and have not yet saved any synchronization projects to the database, you need to enter all connection data again.
-
This page is not shown if a synchronization project already exists.
-
The wizard loads the target system schema. This may take a few minutes depending on the type of target system access and the size of the target system.
- On the Select project template page, select a project template to use for setting up the synchronization configuration.
NOTE: The One Identity Manager connector does not provide a default project template for setting up synchronization. If you have created your own project template, you can select it to configure the synchronization project. Otherwise, select Create blank project.
-
Enter the general setting for the synchronization project under General.
Table 7: General properties of the synchronization project
|
Display name |
Display name for the synchronization project. |
|
Description |
Text field for additional explanation. |
- To close the project wizard, click Finish.
- Save the synchronization project in the database.
All the schema data (schema types and schema properties) of the target system schema and the One Identity Manager schema are available when you are editing a synchronization project. Only a part of this data is really needed for configuring synchronization. If a synchronization project is finished, the schema is compressed to remove unnecessary data from the synchronization project. This can speed up the loading of the synchronization project. Deleted schema data can be added to the synchronization configuration again at a later point.
If the target system schema or the One Identity Manager schema has changed, these changes must also be added to the synchronization configuration. Then the changes can be added to the schema property mapping.
To include schema data that have been deleted through compression and schema modifications in the synchronization project, update each schema in the synchronization project. This may be necessary if:
To update a system connection schema
-
In the Synchronization Editor, open the synchronization project.
-
Select the Configuration > Target system category.
- OR -
Select the Configuration > One Identity Manager connection category.
-
Select the General view and click Update schema.
- Confirm the security prompt with Yes.
This reloads the schema data.
To edit a mapping
-
In the Synchronization Editor, open the synchronization project.
-
Select the Mappings category.
-
Select a mapping in the navigation view.
Opens the Mapping Editor. For more information about mappings, see the One Identity Manager Target System Synchronization Reference Guide.
NOTE: The synchronization is deactivated if the schema of an activated synchronization project is updated. Reactivate the synchronization project to synchronize.
Memberships, such as user accounts in groups, are saved in assignment tables in the One Identity Manager database. During provisioning of modified memberships, changes made in the target system may be overwritten. This behavior can occur under the following conditions:
-
Memberships are saved as an object property in list form in the target system.
-
Memberships can be modified in either of the connected systems.
-
A provisioning workflow and provisioning processes are set up.
If one membership in One Identity Manager changes, by default, the complete list of members is transferred to the target system. Therefore, memberships that were previously added to the target system are removed in the process and previously deleted memberships are added again.
To prevent this, provisioning can be configured such that only the modified membership is provisioned in the target system. The corresponding behavior is configured separately for each assignment table.
To allow separate provisioning of memberships
-
In the Manager, select the Data Synchronization > Basic configuration data > Target system types category.
-
In the result list, select the target system type.
-
Select the Configure tables for publishing task.
-
Select the assignment tables that you want to set up for single provisioning. Multi-select is possible.
-
Click Merge mode.
NOTE:
-
This option can only be enabled for assignment tables that have a base table with a XDateSubItem column.
-
Assignment tables that are grouped together in a virtual schema property in the mapping must be marked identically.
- Save the changes.
For each assignment table labeled like this, the changes made in One Identity Manager are saved in a separate table. During modification provisioning, the members list in the target system is compared to the entries in this table. This means that only modified memberships are provisioned and not the entire members list.
NOTE: The complete members list is updated by synchronization. During this process, objects with changes but incomplete provisioning are not handled. These objects are logged in the synchronization log.
You can restrict single provisioning of memberships with a condition. Once merge mode has been disabled for a table, the condition is deleted. Tables that have had the condition deleted or edited are marked with the following icon: 
. You can restore the original condition at any time.
To restore the original condition
-
Select the auxiliary table for which you want to restore the condition.
-
Right-click on the selected row and select the Restore original values context menu item.
- Save the changes.
For more information about provisioning memberships, see the .One Identity Manager Target System Synchronization Reference Guide
Changes made to individual objects in the target system can be immediately applied in the One Identity Manager database without having to start a full synchronization of the target system environment. Individual objects can only be synchronized if the object is already present in the One Identity Manager database. The changes are applied to the mapped object properties. If the object is no longer present in the target system, then it is deleted from the One Identity Manager database.
Prerequisites
-
A synchronization step exists that can import the changes to the changed object into One Identity Manager.
-
The path to the base object of the synchronization is defined for the table that contains the changed object.
To define the path to the base object for synchronization for a table
-
In the Manager, select the Data Synchronization > Basic configuration data > Target system types category.
-
In the result list, select the target system type.
-
Select the Assign synchronization tables task.
-
In the Add assignments pane, assign the table for which you want to use single object synchronization.
- Save the changes.
-
Select the Configure tables for publishing task.
-
Select the table and enter the Root object path.
-
If a concrete base object is defined for the target system, enter the path to the base object in the ObjectWalker notation of the VI.DB.
Example: FK(UID_GAPCustomer).XObjectKey
-
If no concrete base object is defined for the target system, enter the XObjectKey of the base table.
Example: <Key><T>DialogTable</T><P>RMB-T-Org</P></Key>
- Save the changes.
