Chat now with support
Chat with Support

Active Roles 7.6 - Synchronization Service Administration Guide

Synchronization Service Overview Deploying Synchronization Service Getting started Connections to external data systems
External data systems supported with built-in connectors
Working with Active Directory Working with an AD LDS (ADAM) instance Working with Skype for Business Server Working with Oracle Working with Exchange Server Working with Active Roles Working with One Identity Manager Working with a delimited text file Working with Microsoft SQL Server Working with Micro Focus NetIQ Directory Working with Salesforce Working with ServiceNow Working with Oracle Unified Directory Working with an LDAP directory service Working with IBM DB2 Working with IBM AS/400 Working with an OpenLDAP directory service Working with IBM RACF connector Working with MySQL database Working with an OLE DB-compliant relational database Working with SharePoint Working with Microsoft Office 365 Working with Microsoft Azure Active Directory Configuring data synchronization with the SCIM Connector Configuring data synchronization with the Generic SCIM Connector
Using connectors installed remotely Creating a connection Renaming a connection Deleting a connection Modifying synchronization scope for a connection Using connection handlers Specifying password synchronization settings for a connection
Synchronizing identity data Mapping objects Automated password synchronization Synchronization history Scenarios of use
About scenarios Scenario 1: Create users from a .csv file to an Active Directory domain Scenario 2: Use a .csv file to update user accounts in an Active Directory domain Scenario 3: Synchronizing data between One Identity Manager Custom Target Systems and an Active Directory domain Scenario 4: Deprovisioning between One Identity Manager Custom Target Systems and an Active Directory domain Scenario 5: Provisioning of Groups between One Identity Manager Custom Target Systems and an Active Directory domain Scenario 6: Enabling Delta Sync mode between One Identity Manager Custom Target Systems and an Active Directory domain Example of using the Generic SCIM Connector for data synchronization
Appendix A: Developing PowerShell scripts for attribute synchronization rules Appendix B: Using a PowerShell script to transform passwords

Sample SQL query 1

This SQL query illustrates how to add a new entry to the table named SQLConnTest1 in Oracle Database to which you want to provision data from another connected system.

Table 25: Add a new entry to the SQLConnTest1 table
Database table structure Sample query
CREATE TABLE "SQLConnTest1"("Id" number,"attr1" nchar(64), "attr2" nchar(64)) Insert into SQLConnTest1(attr1) values(:attr1) returning Id into :Id

In this sample query, Id stands for the attribute that uniquely identifies each object in Oracle Database.

Sample SQLl query 2

This SQL query illustrates how to create a new user in Oracle Database:

call dbms_utility.exec_ddl_statement('CREATE USER ' || :USERNAME || ' IDENTIFIED BY ' || :newPassword)

In this sample query:

  • USERNAME refers to the name of the attribute that uniquely identifies a user in Oracle Database.

  • newPassword refers to the name of the attribute that will store the initial password you want to set for the Oracle Database user being created.

Working with Oracle Database user accounts

This section describes how to create or modify a connection to Oracle Database user accounts so that Synchronization Service could work with Oracle Database user accounts data in that data system. This section also describes what data you can read and/or write in Oracle Database user accounts by using Synchronization Service.

To create a connection to Oracle Database user accounts and work with the user accounts in that data system, you need to use Synchronization Service in conjunction with a special connector called Oracle Database User Account Connector. This connector is included in the Synchronization Service.

The Oracle Database User Accounts Connector supports the following features:

 

Table 26:  Supported features

Feature

Supported

Bidirectional synchronization

Allows you to read and write data in the connected data system.

Yes

Delta processing mode

Allows you to more quickly synchronize identity data by processing only the data that has changed in the source and target systems since their last synchronization.

No

Password synchronization

Allows you to synchronize user passwords from an Active Directory domain to the connected data system.

Yes

Password synchronization is only supported for user accounts that are authenticated entirely by Oracle Database. The Oracle Database User Accounts Connector does not support password synchronization for Oracle Database user accounts that use external or global authentication in Oracle terms.

In this section:

Creating an Oracle Database user accounts connection

To create a new connection

  1. In the Synchronization Service Administration Console, open the Connections tab.

  2. Click Add connection, and then use the following options:

    • Connection name. Type a descriptive name for the connection.

    • Use the specified connector. Select Oracle Database User Accounts Connector.

  3. Click Next.
  4. On the Specify connection settings page, use the following options:

    • Oracle service name. Specify the name of the Oracle service you want to use to access Oracle Database. You can click Refresh to get a list of available Oracle services.

    • Access Oracle service with. Type the user name and password of the account with which you want to access the Oracle service.

    • Test Connection. Click this button to verify the specified connection settings.

  5. Click Next.
  6. On the Specify how to select and modify data page, use the following options:

    • Use data from this table. Allows you to select a database table that includes the data you want to participate in the synchronization operations. You can click Preview to preview the database table you have selected.

    • Use an SQL query to specify data. Allows you to compose an SQL query that provides a more flexible way for specifying the data for synchronization. For example, you can use this option to specify multiple database tables.

  7. Click Next.
  8. On the Specify attributes to identify objects page, use the following options:

    • Oracle service name. Specify the name of the Oracle service you want to use to access Oracle Database. You can click Refresh to get a list of available Oracle services.

    • Access Oracle service with. Type the user name and password of the account with which you want to access the Oracle service.

    • Test Connection. Click this button to verify the specified connection settings.

  9. Click Finish to create a connection to Oracle Database.

After connecting Synchronization Service to Oracle Database with the Oracle Database User Accounts Connector, you can specify custom SQL queries you want to automatically run each time after Synchronization Service has created, updated, or deleted a user account in Oracle Database User Accounts. For more information, see Modifying an existing Oracle Database user account connection.

Related Documents

The document was helpful.

Select Rating

I easily found the information I needed.

Select Rating