Once you have created mapping rules for a mapping pair, you need to run the map operation in order to apply these rules and map objects that belong to the mapping pair. There are two methods to run the map operation: you can manually run the map operation once or you can create a recurring schedule to automatically run the map operation on a regular basis.
The latter method is recommended when you want to use Synchronization Service to synchronize passwords from an Active Directory domain to other connected systems.
Running mapping rules on a recurring schedule allows you to properly map newly-created Active Directory user objects to their counterparts in the connected systems where you automatically synchronize passwords with the Active Directory domain. If you do not run mapping rules on a regular basis, some passwords may become out of sync because of the changes that inevitably occur to your environment.
For example, new user objects are created, some user objects are deleted, but Synchronization Service cannot detect these changes and synchronize passwords for the newly-created users before you apply the mapping rules. In this scenario, the best way to ensure Synchronization Service synchronizes all passwords is to apply your mapping rules on a regular basis. You can accomplish this task by creating a recurring schedule for applying your mapping rules.
To run the map operation once
Wait for the map operation to complete.
After the map operation completes, the Synchronization Service Administration Console displays a report that provides information about the objects that participated in the map operation. At this stage, the application does not map the objects. To map the objects, you need to commit the map operation result.
You can click the number that is provided next to an object category name in the report to view the details of objects that belong to that category.
To automatically run the map operation on a recurring schedule
It is recommended to schedule the map operation to run once in every 6 hours.
The results of a scheduled map operation always apply automatically, you do not need to commit the changes.
When performing a scheduled map operation, Synchronization Service always retrieves the required data from the connected data systems and never uses the data available in the local cache.
You can unmap the objects that were mapped earlier.
To unmap objects
After the unmap operation completes, the Synchronization Service Administration Console displays a report which provides information about the objects that participated in the unmap operation. At this stage, the application does not unmap the objects. To unmap them, you need to commit the result of the unmap operation.
You can click the number provided next to an object category name in the report to view the details of objects that belong to that category.
If your enterprise environment has multiple data management systems, each having its own password policy and dedicated user authentication mechanism, you may face one or more of the following issues:
With Synchronization Service, you can eliminate these issues and significantly simplify password management in an enterprise environment that includes multiple data management systems.
Synchronization Service provides a cost-effective and efficient way to synchronize user passwords from an Active Directory domain to other data systems used in your organization. As a result, users can access other data management systems using their Active Directory domain password. Whenever a user password is changed in the source Active Directory domain, this change is immediately and automatically propagated to other data systems, so each user password remains in sync in the data systems at all times.
You need to connect Synchronization Service to the data systems in which you want to synchronize passwords through special connectors supplied with Synchronization Service.
© 2021 One Identity LLC. ALL RIGHTS RESERVED. Feedback Terms of Use Privacy