Chat now with support
Chat with Support

Active Roles 7.2 - Synchronization Service Administrator Guide

Synchronization Service Overview Deploying Synchronization Service Getting started Connections to external data systems
External data systems supported out of the box
Working with Active Directory Working with an AD LDS (ADAM) instance Working with Skype for Business Server Working with Exchange Server Working with Active Roles Working with Quest One Identity Manager Working with One Identity Manager Working with a delimited text file Working with Microsoft SQL Server Sample queries to modify SQL Server data Working with an OLE DB-compliant relational database Working with SharePoint Working with Microsoft Office 365 Working with Microsoft Azure Active Directory
Using connectors installed remotely Creating a connection Renaming a connection Deleting a connection Modifying synchronization scope for a connection Using connection handlers Specifying password synchronization settings for a connection
Synchronizing identity data Mapping objects Automated password synchronization Synchronization history Scenarios of use Appendix A: Developing PowerShell scripts for attribute synchronization rules Appendix B: Using a PowerShell script to transform passwords

Step 1: Provide access to Quest One Identity Manager DLLs

Make sure that Synchronization Service can access the required Quest One Identity Manager DLLs. Depending on the Quest One Identity Manager version to which you want to connect, perform the corresponding steps in the next table.

 

Table 52: Providing access to Identity Manager DLLs

Identity Manager 6.0

Identity Manager 6.1

Install Synchronization Service on the Identity Manager 6.0 computer.

If Identity Manager is installed to a non-default installation folder, complete the additional steps below this table.

Do one of the following:

  • Install the Quest One Identity Manager API on one of the following:
    - Synchronization Service computer
    - Synchronization Service computer on which Synchronization Service is running in the remote mode if you want to use the Quest One Identity Manager Connector remotely. For more information on using remote connectors, see Using connectors installed remotely.

    Quest One Identity Manager API is published as Knowledgebase Solution SOL100525 at https://support.oneidentity.com/identity-manager/kb/100525.

  • On the Quest One Identity Manager 6.1 computer, install Synchronization Service
    If Quest One Identity Manager is installed to a non-default installation folder, complete the additional steps below this table.

If Identity Manager is installed to a non-default installation folder, complete the following additional steps:

  1. Use a text editor (such as Notepad) to open the OIMConnector_ConnectorConfig.xml file located in the Synchronization Service installation folder. This file is created when you add a connection to Quest One Identity Manager.

    This is the file where Quest One Identity Manager connector saves its configuration settings. For more information on these settings, see Quest One Identity Manager Connector configuration file.

  1. Create a new <PathToOneIdentityManagerDlls> XML element in the file and then type the path to the Identity Manager installation folder in that element.

    Example:

    <PathToOneIdentityManagerDlls>C:\IdentityManagerInstallationFolder</PathToOneIdentityManagerDlls>

  1. Save the changes, and then close the .xml file.
  2. If you installed Synchronization Service on the Identity Manager computer, restart the Synchronization Service on that computer.

Step 2: Configure a connection to Quest One Identity Manager

  1. In the Synchronization Service Administration Console, open the Connections tab.
  2. Click Add connection, and then use the following options:
    • Connection name. Type a descriptive name for the connection.
    • Use the specified connector. Select Quest One Identity Manager(Q1IM) Connector.
  3. Click Next.
  4. On the Specify connection settings page, use the following options:
    • Database type. Use this list to select the type of the database in which Quest One Identity Manager stores its data. You can select one of the following database types:
      • Oracle. Select this item if Quest One Identity Manager stores its data in a database hosted on Oracle Database.
      • SQL Server. Select this item if Quest One Identity Manager stores its data in a database hosted on Microsoft SQL Server.
    • Server. If you have selected SQL Server in the Database type list, type the SQL Server instance that hosts the database where Quest One Identity Manager stores its data. Use the following format: <ComputerName>/<SQLServerInstanceName>
    • If you have selected Oracle in the Database type list, type the DNS name or IP address of the Oracle Database computer that hosts the database where Quest One Identity Manager stores its data.
    • Port. Type the number of port on which you want to connect to the Oracle Database computer that hosts the database where Quest One Identity Manager stores its data.
    • Database name. Type the name of the database where Quest One Identity Manager stores its data.
    • Connect using. Use this area to specify the account with which you want to connect to the computer that hosts the Quest One Identity Manager database.
    • If you have selected SQL Server in the Database type list, select one of the following authentication methods to access the SQL Server computer that hosts the Quest One Identity Manager database:
      • Use Synchronization Service account. Allows you to access the SQL Server within the security context of the account under which the Synchronization Service is running.
      • Use SQL Server authentication. Allows you to specify the user name and password of an account registered on the SQL Server.
    • If you have selected Oracle in the Database type list, type the login and password of the account under which you want to access the Oracle Database computer that hosts the Quest One Identity Manager database.
    • Test Connection. Allows you to verify the specified connection settings.
  5. Click Finish to create a connection to Quest One Identity Manager.

Modifying a Quest One Identity Manager connection

To modify connection settings

  1. In the Synchronization Service Administration Console, open the Connections tab.
  2. Click Connection settings below the existing Quest One Identity Manager connection you want to modify.
  3. Expand Specify connection settings and use the following options to modify the settings as necessary:
    • Database type. Use this list to select the type of the database in which Quest One Identity Manager stores its data. You can select one of the following database types:
      • Oracle. Select this item if Quest One Identity Manager stores its data in a database hosted on Oracle Database.
      • SQL Server. Select this item if Quest One Identity Manager stores its data in a database hosted on Microsoft SQL Server.
    • Server. If you have selected SQL Server in the Database type list, type the SQL Server instance that hosts the database where Quest One Identity Manager stores its data. Use the following format: <ComputerName>/<SQLServerInstanceName>

      If you have selected Oracle in the Database type list, type the DNS name or IP address of the Oracle Database computer that hosts the database where Quest One Identity Manager stores its data.

    • Port. Type the number of port on which you want to connect to the Oracle Database computer that hosts the database where Quest One Identity Manager stores its data.
    • Database name. Type the name of the database where Quest One Identity Manager stores its data.
    • Connect using. Use this area to specify the account with which you want to connect to the computer that hosts the Quest One Identity Manager database.
    • If you have selected SQL Server in the Database type list, select one of the following authentication methods to access the SQL Server computer that hosts the Quest One Identity Manager database:
      • Use the Synchronization Service account. Allows you to access the SQL Server within the security context of the account under which the Synchronization Service is running.
      • Use SQL Server authentication. Allows you to specify the user name and password of an account registered on the SQL Server.

      If you have selected Oracle in the Database type list, type the login and password of the account under which you want to access the Oracle Database computer that hosts the Quest One Identity Manager database.

    • Test Connection. Allows you to verify the specified connection settings.
  4. Click Save.

Quest One Identity Manager Connector configuration file

Quest One Identity Manager connector saves its configuration settings in the file OIMConnector_ConnectorConfig.xml located in the Synchronization Service installation folder. This file is created when you add a connection to Quest One Identity Manager. You can edit the XML elements in the file to configure the various parameters of the Quest One Identity Manager Connector. The table below describes the XML elements you can edit.

 

Table 53: XML elements

XML element

Description

<PathToOneIdentityManagerDlls>

Specifies the path to the One Identity Manager.dll files required for Synchronization Service to connect to the Quest One Identity Manager.

Example:

<PathToOneIdentityManagerDlls>
C:\IdentityManagerDLLs
</PathToOneIdentityManagerDlls>

<ExcludeDeletedObjects>

Specifies how Synchronization Service will treat objects marked as deleted in Identity Manager. This element can take one of the following values:

  • TRUE. Specifies to ignore deleted objects during data synchronization operations.
  • FALSE. Specifies to process deleted objects during data synchronization operations.

Example:

<ExcludeDeletedObjects>
TRUE
</ExcludeDeletedObjects>

<PasswordAttributes>

Specifies the default Identity Manager attribute to be used for storing passwords for objects of a particular type. Specifying an attribute for storing passwords in the Synchronization Service GUI overrides the value set in this XML element.

Example:

<PasswordAttributes>
   <PasswordAttributeDefinitions>
      <PasswordAttributeDefinition objectType="Person"       attribute="CentralPassword" />
   </PasswordAttributeDefinitions>
</PasswordAttributes>

<ReadFullSync>

Specifies a value of the FullSync variable for Read operations performed in Identity Manager.

<CreateFullSync>

Specifies a value of the FullSync variable for Create operations performed in Identity Manager.

<ModifyFullSync>

Specifies a value of the FullSync variable for Modify operations performed in Identity Manager.

<DeleteFullSync>

Specifies a value of the FullSync variable for Delete operations performed in Identity Manager.

<ObjRefFullSync>

Specifies a value of the FullSync variable for Modify Object Reference operations performed in Identity Manager.

<SyncStatusFullSync>

Specifies a value of the FullSync variable for Sync Status operations performed in Identity Manager.

For more information about the FullSync variable and the values it can take, see the Quest One Identity Manager documentation.

Related Documents