지금 지원 담당자와 채팅
지원 담당자와 채팅

Identity Manager 9.3 - Target System Synchronization Reference Guide

Target system synchronization with the Synchronization Editor Working with the Synchronization Editor Basics of target system synchronization Setting up synchronization
Starting the Synchronization Editor Creating a synchronization project Configuring synchronization
Setting up mappings Setting up synchronization workflows Connecting systems Configuring the synchronization log Editing the scope Using variables and variable sets Setting up start up configurations Setting up base objects
Overview of schema classes Customizing the synchronization configuration Checking the consistency of the synchronization configuration Activating the synchronization project Defining start up sequences Copying synchronization projects
Running synchronization Synchronization analysis Setting up synchronization with default connectors Updating existing synchronization projects Script library for synchronization projects Additional information for experts Troubleshooting errors when connecting target systems Configuration parameters for target system synchronization Configuration file examples

Defining downstream processes

Certain actions must be run in the One IdentityClosed Manager database after synchronizationClosed has finished. For this, you can define additional processes in the tables, which return base objects. These additional processes are run through the "PostSync" event, which is triggered in the process DPR_DPRProjectionStartInfo_Run_Synchronization.

To create a downstream process for synchronization

  1. In the DesignerClosed, select the Process Orchestration category.

  2. Start Process Editor using the Create a new process task.

    This makes a new element for the process and opens it in the Process Editor.

  1. Edit at least the following process properties.
    Table: Table that returns the base object for the synchronization, for example ADSDomain.
    Event: PostSync
  2. Create the required process stepsClosed.

    For more information, see the One Identity Manager Configuration Guide.

  3. Save the changes.
Examples
  • To automatically assign identities to Active Directory user accounts, the table ADSDomain contains the process ADS_ADSDomain_SearchAndCreate_FullSync. The process is triggered by the event "PostSync".
  • If group memberships cannot be resolved when an Active Directory domain is synchronized, the One Identity Manager finds the Active Directory SIDs of the user accounts. For this, there is the process ADS_ADSDomain_PostSync set on the table ADSDomain. The process is triggered by the event "PostSync".

Processing synchronization steps

When a synchronization stepClosed is processed in an implementation plan, synchronizationClosed objects are determined and processed as follows:

  1. Load slim list of objects to be synchronized

    Objects to be synchronized are loaded according to the object matching rules from the target system and the One IdentityClosed Manager database. Only key properties, the revision propertyClosed (if exists) and individually specified schema properties in the system connector are loaded in this case.

    TIP: For systems whose schema type only have a few schema properties, this list can already be loaded with all schema properties. This can speed up synchronization.

    You can configure the appropriate behavior in the start up configuration when in expert mode. Modify the reload threshold to do this For more information, see Extended properties for start up configuration.

  2. Use revision filter

    Modified object pairs are filtered, if revision filtering is permitted and the target system supports revision filtering The revision filter is applied to the slim list, which means objects that are already loaded. Therefore, objects that only exist in one of the connected systemsClosed are also processed.

  3. Load lists of object pairs with all schema properties

    One Identity Manager loads list of object and object pairs to be synchronized with all mapped schema properties. The lists are loaded in partitions with a fixed size. Once a partition (for example 1000 object pairs) has been loaded, they are processed asynchronously and at the same time the next partition is being loaded. Therefore, a maximum of two partitions are located in main memory at any time.

    TIP: In expert mode, you can define the partition size in the start configuration. For more information, see Extended properties for start up configuration.
  4. Use mapping

    The moment a partition (for example, 1000 list pairs) have been loaded, the mapping is used for all objects and object pairs. Processing methods are subsequently run according to the given condition.

    If a quotaClosed is defined for a processing method, all objects to be processed from all partitions are loaded first to check whether the quota is exceeded. If there is a large amount of data, this can affect synchronization performance. If the quota is not reached, the processing method will be run afterward. If the quota is exceeded, the synchronization step is not run and subsequently, synchronization is halted. A message is written to the synchronization log.

Detailed information about this topic

Exporting a synchronization configuration

Synchronization projectsClosed created for a test database, for example, can be transported to a production database. You use the Database TransporterClosed to do this. To use the synchronization project in the target database, check the connection credentials and change the synchronization configuration to match the target database’s requirements.

Prerequisite

  • The schema of both One Identity Manager databases are identical. Customized schema extensions used in the mapping exist in both databases.

To transport a synchronization project to another One Identity Manager database

  1. Create a transport package for the synchronization project using the Database Transporter.
    1. Set the Transport synchronization projects option.
    2. To select the synchronization project, click Select.

      • Enable the synchronization project in the tree view and click OK. Multi-select is possible.

    3. Click Next.

      This exports the data.

    NOTE: The transport package does not contain a root object, scheduledClosed process plansClosed, or assignments of schedules to start up configurations.

  2. Import the transport package into the target database with the Database Transporter.

    On the Import configuration page, configure the import.

    1. If there is a synchronization project in the target database already, configure here, which changes are imported into the target database.

      • Do not change the start up configuration settings: Specifies whether start up configurations, variables, and variable sets are imported.

        Set this option so that changes to these objects are not overwritten in the target database. If this option is not set, changes made to these objects in the target database are overwritten by the transport package.

      • Details: Shows an overview of all the objects with their change status. Click Details to show the overview.

        To show details of the modification, expand the respective node in the Objects column. To exclude certain object changes from the import package, disable the object.

    2. Click Next.

    Then the transport package data is imported.

    After importing is complete, the database is compiled.

  3. Modify the synchronization project in the target database.
    1. Modify the One Identity Manager database connection data and update the schema.

    2. Check the target system connection data and the variable set.

    3. Configure the base object.

    4. Assign a schedule to the start up configuration.

    5. Configure the synchronization log.

    6. Make any other necessary changes to the settings.

    7. Run a consistency check.

    8. Activate the synchronization project.

For more information about creating and importing transport packages, see the One Identity Manager Operational Guide.

Detailed information about this topic

Operations for provisioning and single object synchronization

In order to provision object modifications and perform single object synchronizationClosed, you must specify which synchronization workflowClosed should be used for this task. When setting up the synchronization using the default project templatesClosed, the required single object operations will be created. If you create your own provisioning processes or would like to include customClosed tables in the provisioning or single object synchronization, then you need to define your own single object operations.

To define single object operations

  1. Select the Process Orchestration > ProvisioningClosed process operations category in the DesignerClosed.

  2. Select the menu item Object > New.

  3. Edit the operation properties.

  4. Save the changes.
  5. Use this operation in the pre-script to generate the provisioning process or process for single object synchronization as a parameter for script DPR_GetAdHocData.

Table 81: Single object operations
Property Description
Name Name of the operation.
Synchronization workflow WorkflowClosed that is to be used for provisioning or single object synchronization.
System connection Target systemClosed connection of the target system to be used.
Table Table for which the operation has been defined. Provisioning or single object synchronization can only be run for the objects in this table.
Display name Operation display name in the One Identity Manager tools' user interface.
Description Text field for additional explanation.
Processing status Only used internally by One Identity Manager.
관련 문서

The document was helpful.

평가 결과 선택

I easily found the information I needed.

평가 결과 선택