Errors in the synchronizationThe processSequence of process steps for mappingList of object matching rules and property mapping rules which map the schema properties of two connected systems to one another. an operational workflow. The process steps are connected to one another by predecessor/successor relationships. This functionality allows flexibility when linking up actions and sequences on object events. of comparing data between One Identity Manager and a target system. Objects and their properties are compared by fixed rules. Synchronization results in the identical data situation in the target system and One Identity Manager database. configuration can cause system objects to be processed incorrectly. Errors in the data through incorrect configuration can be reduced. Often, it is known how many system objects are generally modified, added, or deleted in a connected systemSystem the objects and their properties are transferred to during synchronization. The connected system is defined by the synchronization direction. Example of synchronization direction "Target system" (One Identity Manager -> Active Directory): Here Active Directory is the connected system and One Identity Manager is the primary system of synchronization.. If this number is exceeded when a processing method is run, a warning appears and synchronization is stopped. The synchronization stepSpecific rule for processing exactly two schema classes. and mapping configurations can be checked and corrected before repeating synchronization.

To specify the maximum set of system objects that can be processed in a synchronization step, define quotasA maximum set of system objects that can be processed in a synchronization step with a particular processing method. If the quota is exceeded during synchronization, none of the object of this schema class with this processing method are handled and synchronization is stopped. for each processing method. A quota provides the maximum number of objects to process relative to the total number of all objects in the schema class to be synchronized. When a synchronization step is run, One Identity Manager calculates the number of objects to process for each processing method with a quota. If this number exceeds the quota, processing of objects in this schema class stops. Synchronization stops and writes an error message in the synchronization log.

You can define different quotas for synchronizing with the target system and synchronizing with One Identity Manager.

Table 54: Quotas for a synchronization step

Property	Meaning
No quota	Specifies whether quotas are taken into account by synchronization. If this is set, quotas are not included.
Use these settings	Specifies which quotas the connected system and the processing method take into account. Select the connected system that you want to synchronize. Select the processing method and enter the quota in percent. When you configure a new synchronization step for objects in One Identity Manager for the Delete processing taskTask to be run by a process., a quota of 10% is automatically set. Adjust the quota as required. One Identity Manager specifies quotas for synchronization in the target system in workflows created with the workflow wizard, by default. Adjust the quota as required. Update processing method: 75% Delete processing method: 10% for single objects, 20% for many-to-many schema types.

Advice

• Quotas can only be defined for processing methods which modify data (for example, Insert, Update, Delete).

• When the number of object to process is being calculated, One Identity Manager takes the amount of objects loaded in the slim list. Conditions defined for processing methods are not taken into account!

  Enter an higher quota for processing methods use a condition to limit the number of objects to synchronize.

• To check whether the quota will be exceeded, all the objects to be processed are loaded first. Only then will the processing method be run. If there is a large amount of data, this can affect synchronization performance.

• If the quota is exceeded by a single object, that object will still be processed.

  For example, if a quota of 10% is defined for a schema class with only 8 objects and exactly one object has been changed, then this object will be processed even though the quota has already been exceeded.

  In provisioning workflowsSpecifies the order in which the synchronization steps are provisioned., quotas are ineffective because only single objects are ever processed.

• Quotas affect membership synchronization only when M:N schema types are processed in a separate synchronization step. (Example: Synchronization of assignments of SAP rolessee: hierarchical role to SAP user accounts. The quota refers to the set of UserInRole objects).

  If memberships are stored as a base object propertyValue of a schema property for a specific object. (member list), the quota only affects the base object and not the individual members. (Example: Synchronization of Active Directory groups. The quota refers only to the number of groups and not to the number of members).

Related topics

• Processing synchronization steps