Creating a synchronization project
A synchronization project collects all the information required for synchronizing the One Identity Manager database with a target system. Connection data for target systems, schema types and properties, mapping, and synchronization workflows all belong to this.
Make the following information available for setting up a synchronization project for synchronizing with the One Identity Manager connector.
Table 5: Information required for setting up a synchronization project
|
Synchronization server |
All One Identity Manager Service actions are executed against the target system environment on the synchronization server. Data entries required for synchronization and administration with the One Identity Manager database are processed by the synchronization server.
Installed components:
The synchronization server must be declared as a Job server in One Identity Manager. The Job server name is required.
For more information, see Setting up the synchronization server. |
|
Remote connection server |
To configure synchronization with a target system, One Identity Manager must load the data from the target system. One Identity Manager communicates directly with the target system to do this. Sometimes direct access from the workstation, on which the Synchronization Editor is installed, is not possible. For example, because of the firewall configuration or the workstation does not fulfill the necessary hardware and software requirements. If direct access is not possible from the workstation, you can set up a remote connection.
The remote connection server and the workstation must be in the same Active Directory domain.
Remote connection server configuration:
The remote connection server must be declared as a Job server in One Identity Manager. The Job server name is required.
TIP: The remote connection server requires the same configuration as the synchronization server (with regard to the installed software and entitlements). Use the synchronization as remote connection server at the same time, by simply installing the RemoteConnectPlugin as well.
For more detailed information about setting up a remote connection, see the One Identity Manager Target System Synchronization Reference Guide. |
|
Synchronization workflow |
Set the Data import option in the synchronization step if synchronization data is imported from a secondary system. You cannot select the MarkAsOutstanding processing method for these synchronization steps. This option takes effect in both directions, meaning also for synchronization to the target system.
For more detailed information about synchronizing user data with different systems, see the One Identity Manager Target System Synchronization Reference Guide. |
|
Base object |
You cannot normally specify a base object for synchronizing with database connectors. In this case, assignment of one base table and the synchronization server is sufficient.
-
Select the table from the Base table menu in which to load the objects. The base table can be used to defined downstream processes for synchronization. For more information about downstream processes, see the One Identity Manager Target System Synchronization Reference Guide.
-
The Synchronization servers menu displays all Job servers for which the server function One Identity Manager connector is enabled. |
|
Variable set |
If you implement specialized variable sets, ensure that the start up configuration and the base object use the same variable set. |
To configure synchronization with the One Identity Manager connector
-
Create a new synchronization project.
-
Add mappings. Define property mapping rules and object matching rules.
-
Create synchronization workflows.
-
Create a start up configuration.
-
Define the synchronization scope.
-
Specify the base object of the synchronization.
-
Specify the extent of the synchronization log.
-
Run a consistency check.
-
Activate the synchronization project.
-
Save the new synchronization project in the database.
Detailed information about this topic
How to set up a synchronization project
There is a wizard to assist you with setting up a synchronization project. This wizard takes you through all the steps you need to set up initial synchronization with a target system. Click Next once you have entered all the data for a step.
NOTE: The following sequence describes how to configure a synchronization project if the
Synchronization Editor is both:
If you execute the project wizard in expert mode or directly from the Synchronization Editor, additional configuration settings can be made. Follow the project wizard instructions through these steps.
To set up a synchronization project
-
Start the Launchpad and log in to the One Identity Manager database.
NOTE: If synchronization is executed by an application server, connect the database through the application server.
- Select the One Identity Manager connector entry. Click Run.
This starts the Synchronization Editor's project wizard.
-
On the System access page, specify how One Identity Manager can access the target system.
-
If access is possible from the workstation on which you started the Synchronization Editor, do not change any settings.
-
If access is not possible from the workstation on which you started the Synchronization Editor, you can set up a remote connection.
Enable the Connect using remote connection server option and select the server to be used for the connection under Job server.
- Click Next to start the system connection wizard to create a connection to a One Identity Manager database.
- On the start page of the system connection wizard, click Next.
- On the Select database system page, select the database system to which you want to connect.
- On the Connection parameters page, enter the database connection data.
Table 6: SQL Server database connection data
|
Server |
Database server. |
|
Windows authentication |
Specifies whether integrated Windows authentication is used. This type of authentication is not recommended. If you decide to use it anyway, ensure that your environment supports Windows authentication. |
|
User |
SQL Server login name. |
|
Password |
SQL Server login password. |
|
Database |
Database. |
- To enter additional information about the database connection, click Advanced options.
- On the Encryption page, enter the private key for encrypting the database.
- You can save the connection data on the last page of the system connection wizard.
- Set the Save connection locally option to save the connection data. This can be reused when you set up other synchronization projects.
- Click Finish, to end the system connection wizard and return to the project wizard.
-
On the One Identity Manager Connection tab, test the data for connecting to the One Identity Manager database. The data is loaded from the connected database. Reenter the password.
NOTE: If you use an unencrypted One Identity Manager database and have not yet saved any synchronization projects to the database, you need to enter all connection data again. This page is not shown if a synchronization project already exists.
-
The wizard loads the target system schema. This may take a few minutes depending on the type of target system access and the size of the target system.
- On the Select project template page, select a project template to use for setting up the synchronization configuration.
NOTE: The One Identity Manager connector does not provide a default project template for setting up synchronization. If you have created your own project template, you can select it to configure the synchronization project. Otherwise, select Create blank project.
-
Enter the general setting for the synchronization project under General.
Table 7: General properties of the synchronization project
|
Display name |
Display name for the synchronization project. |
|
Script language |
Language in which the scripts for this synchronization project are written.
Scripts are implemented at various points in the synchronization configuration. Specify the script language when you set up an empty project.
IMPORTANT: You cannot change the script language once the synchronization project has been saved.
If you use a project template, the template's script language is used. |
|
Description |
Text field for additional explanation. |
- To close the project wizard, click Finish.
- Save the synchronization project in the database.
Updating schemas
All the schema data (schema types and schema properties) of the target system schema and the One Identity Manager schema are available when you are editing a synchronization project. Only a part of this data is really needed for configuring synchronization. If a synchronization project is finished, the schema is compressed to remove unnecessary data from the synchronization project. This can speed up the loading of the synchronization project. Deleted schema data can be added to the synchronization configuration again at a later point.
If the target system schema or the One Identity Manager schema has changed, these changes must also be added to the synchronization configuration. Then the changes can be added to the schema property mapping.
To include schema data that have been deleted through compression and schema modifications in the synchronization project, update each schema in the synchronization project. This may be necessary if:
To update a system connection schema
-
Select the Configuration | Target system category.
- OR -
Select the Configuration | One Identity Manager connection category.
-
Select the General view and click Update schema.
- Confirm the security prompt with Yes.
This reloads the schema data.
To edit a mapping
-
Select the Mappings category.
-
Select a mapping in the navigation view.
Opens the Mapping Editor. For more detailed information about mappings, see the One Identity Manager Target System Synchronization Reference Guide.
NOTE: The synchronization is deactivated if the schema of an activated synchronization project is updated. Reactivate the synchronization project to synchronize.
Starting synchronization
Synchronization is started using scheduled process plans. A scheduled process plan is added once a start up configuration is assigned to a schedule. Use schedules to define executing times for synchronization.
NOTE: Synchronization can only be started if the synchronization project is enabled.
To execute synchronization regularly, configure, and activate the a schedule. You can also start synchronization manually if there is no active schedule.
IMPORTANT: As long as a synchronization process is running, you must not start another synchronization process for the same target system. This especially applies, if the same synchronization objects would be processed.
-
If another synchronization process is started with the same start up configuration, the process is stopped and is assigned Frozen status. An error message is written to the One Identity Manager Service log file.
-
Starting another synchronization process with different start up configuration that addresses same target system may lead to synchronization errors or loss of data. Specify One Identity Manager behavior in this case, in the start up configuration.
If you want to specify the order in which target systems are synchronized, use the start up sequence to run synchronization. In a start up sequence, you can combine start up configurations from different synchronization projects and specify the order of execution. For detailed information about start up configurations, see the One Identity Manager Target System Synchronization Reference Guide.
