Converse agora com nosso suporte
Chat com o suporte

Active Roles 7.6.3 - Synchronization Service Administration Guide

Synchronization Service Overview Deploying Synchronization Service Getting started Connections to external data systems
External data systems supported with built-in connectors
Working with Active Directory Working with an AD LDS (ADAM) instance Working with Skype for Business Server Working with Oracle Working with Exchange Server Working with Active Roles Working with One Identity Manager Working with a delimited text file Working with Microsoft SQL Server Working with Micro Focus NetIQ Directory Working with Salesforce Working with ServiceNow Working with Oracle Unified Directory Working with an LDAP directory service Working with IBM DB2 Working with IBM AS/400 Working with an OpenLDAP directory service Working with IBM RACF connector Working with MySQL database Working with an OLE DB-compliant relational database Working with SharePoint Working with Microsoft 365 Working with Microsoft Azure Active Directory Configuring data synchronization with the SCIM Connector Configuring data synchronization with the Generic SCIM Connector
Using connectors installed remotely Creating a connection Renaming a connection Deleting a connection Modifying synchronization scope for a connection Using connection handlers Specifying password synchronization settings for a connection
Synchronizing identity data Mapping objects Automated password synchronization Synchronization history Scenarios of use
About scenarios Scenario 1: Create users from a .csv file to an Active Directory domain Scenario 2: Use a .csv file to update user accounts in an Active Directory domain Scenario 3: Synchronizing data between One Identity Manager Custom Target Systems and an Active Directory domain Scenario 4: Deprovisioning between One Identity Manager Custom Target Systems and an Active Directory domain Scenario 5: Provisioning of Groups between One Identity Manager Custom Target Systems and an Active Directory domain Scenario 6: Enabling Delta Sync mode between One Identity Manager Custom Target Systems and an Active Directory domain Example of using the Generic SCIM Connector for data synchronization
Appendix A: Developing PowerShell scripts for attribute synchronization rules Appendix B: Using a PowerShell script to transform passwords

Rule-based generation of distinguished names

Synchronization Service lets you create flexible rules for generating the distinguished names (DNs) of objects being created. These rules allow you to ensure that created objects are named in full compliance with the naming conventions existing in your organization.

Scheduling capabilities

You can schedule the execution of data synchronization operations and automatically perform them on a regular basis to satisfy your company’s policy and save time and effort.

Extensibility

To access external data systems Synchronization Service employs special connectors. A connector enables Synchronization Service to read and synchronize the identity data contained in a particular data system. Out of the box, Synchronization Service includes connectors that allow you to connect to the following data systems:

  • Microsoft Active Directory Domain Services
  • Microsoft Active Directory Lightweight Directory Services
  • Microsoft Exchange Server
  • Microsoft Skype for Business Server
  • Microsoft Azure Active Directory
  • Microsoft Office 365
  • Microsoft SQL Server
  • Microsoft SharePoint
  • Active Roles version 7.4.x, 7.3, 7.2, 7.1, 7.0, or 6.9
  • One Identity Manager version 8.1, 8.0, or 7.0
  • Data sources accessible through an OLE DB provider
  • Delimited text files
  • Generic LDAP Directory service
  • MYSQL Database

  • OpenLDAP Directory service

  • Salesforce

  • ServiceNow

  • IBM DB2 Database

  • IBM RACF Connector
  • IBM AS/400 Connector
  • Oracle Database connector
  • Oracle Database User Accounts connector
  • Micro Focus NetIQ Directory connector
  • Oracle Unified Directory connector

Azure Backsync Configuration

In any hybrid environment, on-premises Active Directory objects are synchronized to Azure AD using some means such as Azure AD Connect. When Active Roles is deployed in such a hybrid environment, the existing users and groups' information, such as Azure objectID, must be synchronized back from Azure AD to on-premises AD to continue using the functionality. To synchronize existing AD users and groups from Azure AD to Active Roles we must use the back-synchronization operation.

Back Synchronization is performed by leveraging the existing functionality of Active Roles Synchronization Service. Synchronization workflows are configured to identify the Azure AD unique users or groups and map them to the on-premises AD users or groups. After the back-synchronization operation is completed, Active Roles displays the configured Azure attributes for the synchronized objects.

The Azure Backsync Configuration feature allows you to configure the backsync operation in Azure with on-premises Active Directory objects through the Synchronization Service Web interface. The required connections, mappings, and sync workflow steps are created automatically.

When you configure the back-synchronization, the Azure App registration is done  automatically with the default app  ActiveRoles_AutocreatedAzureBackSyncApp_V2.

NOTE:

  • In case of an application not found error, please try the configure back- synchronization operation again after some time, since the Azure App synchron- ization may take some time.
  • If you use the existing back-synchronization configuration settings, then the  existing  default app ActiveRoles_AutocreatedAzureBackSyncApp is used  to run the back-synchronization workflow. However, it is recommended to use  the default app  ActiveRoles_AutocreatedAzureBackSyncApp_V2 since it  requires reduced administrator privileges. To use the latest Azure App,  configure the back-synchronization again. For information to configure the  back-synchronization, see  Step 3: Configuring Azure BackSync.

  • For the back-synchronization to work as expected, the user in ARS must have write permissions for edsvaAzureOffice365Enabled, edsaAzureContactObjectId, edsvaAzureObjectID, and edsvaAzureAssociatedTenantId. The user must also have a local administrator privileges where the ARS synchronization service is running.

Documentos relacionados

The document was helpful.

Selecione a classificação

I easily found the information I needed.

Selecione a classificação