Chat now with support
Chat with Support

Identity Manager 8.1.5 - Administration Guide for Connecting to a Universal Cloud Interface

Managing Universal Cloud Interface environments Setting up synchronization with a cloud application in Universal Cloud Interface Basic data for managing a Universal Cloud Interface environment Cloud target systems Container structures in a cloud target system Cloud user accounts Cloud groups Cloud permissions controls Provisioning object changes Reports about objects in cloud target systems Configuration parameters for managing cloud target systems Default project template for cloud applications in the Universal Cloud Interface

General master data for a cloud target system

Enter the following master data for a cloud target system.

Table 22: Cloud target system master data

Property

Description

Cloud target system

Name of the target system.

Canonical name

Name of the target system conforming with DNS syntax.

target system name.parent target system name.master system name

Example: DHW2k01.Testlab.com

Distinguished name

Cloud target system's distinguished name. This distinguished name is used to form distinguished names for child objects. If the target system does not supply any distinguished names, you can enter the target system identifier here, for example.

Syntax example: DC = <target system>

Display name

Name that is displayed in the One Identity Manager tools for the target system.

Account definition (initial)

Initial account definition for creating user accounts. This account definition is used if automatic assignment of employees to user accounts is used for this cloud target system and user accounts should be created which are already managed (Linked configured state). The account definition's default manage level is applied.

User accounts are only linked to the employee (Linked state) if no account definition is given. This is the case on initial synchronization, for example.

Target system managers

Application role in which target system managers are specified. The target system managers only modify the cloud target system objects assigned to them. Therefore, each cloud target system can have a different target system manager assigned to it.

Select the One Identity Manager application role whose members are responsible for administration of this cloud target system. Use the button to add a new application role.

Synchronized by

Type of synchronization through which the data is synchronized between the target system and One Identity Manager. You can no longer change the synchronization type once objects for this target system are present in One Identity Manager.

If you create a cloud target system with the Synchronization Editor, One Identity Manager is used.

Table 23: Permitted values
Value Synchronization by Provisioned by
One Identity Manager Universal Cloud Interface connector Universal Cloud Interface connector
No synchronization none none
NOTE: If you select No synchronization, you can define custom processes to exchange data between One Identity Manager and the target system.

Description

Text field for additional explanation.

Manual provisioning

Specifies whether changes to cloud objects in the One Identity Manager database are automatically provisioned in the cloud application. If this option is not set, processes for automatic provisioning of object modifications are configured.

Set this option, if object modifications are not allowed to be published automatically in the cloud application. Use the Web Portal to transfer the changes to the cloud application. For more detailed information about provisioning object modifications, see the One Identity Manager Administration Guide for Connecting to Cloud Applications.

IMPORTANT: If you set this option, ensure that data, using regular and frequent synchronization,

  • between the Universal Cloud Interface Module and the cloud application and
  • between the modules Universal Cloud Interface and Cloud Systems Management

is kept consistent!

User account deletion not permitted Specifies whether user accounts in the cloud target system can be deleted. If this option is set, user account can only be disabled.
Related topics

Specifying categories for inheriting groups

In One Identity Manager, groups can be selectively inherited by user accounts. For this purpose, the groups and the user accounts are divided into categories. The categories can be freely selected and are specified using a mapping rule. Each category is given a specific position within the template. The template contains two tables; the user account table and the group table. Use the user account table to specify categories for target system dependent user accounts. In the group table enter your categories for the target system-dependent groups. Each table contains the Position 1 to Position 31 category positions.

To define a category

  1. In the Manager, select the target system in the Cloud target systems category.

  2. Select the Change master data task.
  3. Switch to the Mapping rule category tab.
  4. Extend the relevant roots of the user account table or group table.
  5. To enable the category, double-click .
  6. Enter a category name of your choice for user accounts and groups in the login language that you use.
  7. Save the changes.
Detailed information about this topic

Alternative column names

If you require different names for input fields to those on the master data form, you can specify a language-dependent alternative column name for each object type.

To specify alternative column names

  1. Select the Cloud Target Systems | Basic configuration data | Cloud target systems category.
  2. In the result list, select a target system. Select the Change master data task.
  3. Switch to the Alternative column names tab.
  4. Open the membership tree in the table whose column name you want to change.

    All the columns in this table are listed with their default column names.

  5. Enter any name in the login language in use.
  6. Save the changes.

How to edit a synchronization project

Synchronization projects in which a Cloud target system is already used as a base object can also be opened in the Manager. You can, for example, check the configuration or view the synchronization log in this mode. The Synchronization Editor is not started with its full functionality. You cannot run certain functions, such as, running synchronization or simulation, starting the target system browser and others.

NOTE: The Manager is locked for editing throughout. To edit objects in the Manager, close the Synchronization Editor.

To open an existing synchronization project in the Synchronization Editor:

  1. Select the Cloud Target Systems | Basic configuration data | Cloud target systems category.
  2. Select the target system in the result list. Select the Change master data task.
  3. Select the Edit synchronization project... task.
Related topics
Related Documents

The document was helpful.

Select Rating

I easily found the information I needed.

Select Rating