You have two options for deleting objects in the One Identity Manager, which do not exist in the target system, by using synchronizationThe processSequence of process steps for mappingList of object matching rules and property mapping rules which map the schema properties of two connected systems to one another. an operational workflow. The process steps are connected to one another by predecessor/successor relationships. This functionality allows flexibility when linking up actions and sequences on object events. of comparing data between One Identity Manager and a target system. Objects and their properties are compared by fixed rules. Synchronization results in the identical data situation in the target system and One Identity Manager database..
- The objects are deleted immediately on synchronization.
You can view the synchronization log to see which objects have been deleted.
NOTE: Memberships that exist based on an inheritance cannot be deleted immediately. They are always marked as outstanding. - The objects are marked as outstanding by synchronization.
Outstanding objects must be post-processed separately in One Identity Manager. They can either be deleted or published in the target system in the process. This prevents objects being deleted because of an incorrect data situation or an incorrect synchronization configuration.
Outstanding objects:
-
Cannot be edited in One Identity Manager.
-
Are ignored by subsequent synchronizations.
-
Are ignored by inheritance calculations.
This means, all memberships and assignments remain intact until the outstanding objects have been processed.
-
To delete objects immediately in One Identity Manager
- Edit the synchronization stepSpecific rule for processing exactly two schema classes. properties.
For more information, see How to edit synchronization steps.
- Select the Processing tab.
- Specify the processing method. Select the following options as appropriate:
For synchronization from the target systems to One Identity Manager Processing methodMethod used to process objects within a synchronization step. Example: Add object (insert), update object (update), delete object (delete). Processing methods and their mandatory parameters are define with the schema type. (technical name) Objects that are only found in One Identity Manager: Delete
To mark object as outstanding in One Identity Manager
- Edit the synchronization step properties.
For more information, see How to edit synchronization steps.
- Select the Processing tab.
- Specify the processing method. Select the following options as appropriate:
For synchronization from the target systems to One Identity Manager Processing Method (technical name) Objects that are only found in One Identity Manager: MarkAsOutstanding
Outstanding objects cannot be editing in One Identity Manager until they have been verified. They are ignored by every other synchronization.
To delete outstanding objects in the One Identity Manager
- Start the Manager.
- Select the <target system type> > Target systemAn instance of a target system in which the employees managed by One Identity Manager have access to network resourcesEquipment that is necessary for an employee's work efficiency, for example, mobile phones, desks, company cars, or keys. Resources can be any equipment that is not system entitlements, devices, or software.. Example: An Active Directory domain X for target system type "Active Directory", a directory Y for target system type "LDAP", a client Z for target system type "SAP R/3". synchronization: <target system type> > <table> category.
- Select the objects you want to delete. Multi-select is possible.
- Click .
- Confirm the security prompt with Yes.
The selected objects are immediately deleted in the One Identity Manager database. Deferred deletion is not taken into account. The "outstanding" label is removed from the objects.