You can make various additional changes to the target system connection settings, for example, defining the number of retries or timeouts. When you set up synchronization for the first time, these system connection properties are set to default values. You can modify the default values to help analysis of synchronization problems, for example.
There are two ways to change the default values.
-
Specify a specialized variable set and change the values of the affected variables.
The default values remain untouched in the default variable set. The variables can be reset to the default values at any time. - Recommended action
For more information, see Editing connection parameters in the variable set.
-
Edit the target system connection with the system connection wizard and change the effected values.
The system connection wizard supplies additional explanations of the settings. The default values can only be restored under particular conditions.
For more information, see Editing target system connection properties.
NOTE: If the project wizard is started directly from the Synchronization Editor when you set up initial synchronization, you can edit the advanced settings when you set up the synchronization project. In this case, the default values are immediately overwritten by your settings.
Table 9: Target system connection advanced settings
|
Read-only API access |
Specifies if the API scopes were only entered for read-only access in the G Suite Admin Console Enable this option if no write access to the target system may be assigned. The connector only has read access to the target system.
-
The service account's client ID must be authorized for various API scopes in the Google Admin console: A list of API scopes is available on the One Identity Manager installation medium. You can use this list as a copy template.
Directory: Modules\GAP\dvd\AddOn\ApiAccess
File: GSuiteRequiredAPIAccessReadOnly.txt
If this option is disabled, read-write access is possible. Other API scopes must be authorized for this. |
|
Use the local cache |
Specifies whether the G Suite connector's local cache is used.
Local cache is used to prevent the API contingent from being exceeded through synchronization. Accesses to G Suite are minimized during full synchronization. The option is ignored during provisioning.
This option is set by default and can be disabled for troubleshooting.
For detailed information, see One Identity Manager Target System Synchronization Reference Guide. |
|
Polling count |
Specifies how many attempts are made to load a new value into the target system during provisioning or synchronization before an error occurs.
The result of saving certain user account properties (such as phone numbers or Instant Messenger settings) appears after a delay in G Suite and cannot be used for other operations straightaway. |
|
Batch retry count |
Specifies the number of retries allowed for failed batch operations in the target system, for example, when synchronizing group memberships. |
|
Batch timeout |
Timeout between retries of failed batch operations. |
|
Transfer user data before delete |
Specifies whether user data is transferred to a different user account before user accounts are deleted.
User data such as Google Drive data, Google+ pages, and Google calendar, can be transferred to a different user account before final deletion.
Variable: CP_TransferUserDataBeforeDelete |
|
Default email address for data transfer |
Default email address of the destination user account for the transfer of user data when a user account is deleted. The email address of the destination user account belongs to the primary domain of the customer to which the deleted user account belongs.
This email address is used if no email address can be determined by the manager of the deleted user account.
Variable: CP_DefaultDataTransferTargetEmail |
|
Products and SKUs XML |
Product IDs and Stock keeping unit IDs as XML file.
The list of available products and SKUs is defined by Google and therefore fixed in the G Suite connector. If Google changes this list, you can enter an XML file here, which overwrites the list in the G Suite connector.
Example:
<products>
<product name="G Suite" id="Google-Apps">
<sku id="Google-Apps-Unlimited" name="G Suite Business"/>
<sku id="Google-Apps-For-Business" name="G Suite Basic" />
<sku id="Google-Apps-Lite" name="G Suite Lite"/>
<sku id="Google-Apps-For-Postini" name="Google Apps Message Security"/>
</product>
<product name="Google Drive storage" id="Google-Drive-storage">
<sku id="Google-Drive-storage-20GB" name="Google Drive storage 20 GB"/>
<sku id="Google-Drive-storage-50GB" name="Google Drive storage 50 GB"/>
<...>
<sku id="Google-Drive-storage-16TB" name="Google Drive storage 16 TB"/>
</product>
</products> |
Related topics
The connection parameters for advanced settings were saved as variables when synchronization was set up. You can change the values in these variables to suit you requirements and assign the variable set to a start up configuration and a base object. This means that you always have the option to user default values from the default variable set.
NOTE: To guarantee data consistency in the connected target system, ensure that the start-up configuration for synchronization and the base object for provisioning use the same variable set. This especially applies if a synchronization project for synchronization use different customers.
To modify advanced settings in a specialized variable set
-
Open the synchronization project in the Synchronization Editor.
-
Select the Configuration | Target system category.
-
Open the Connection parameters view.
Some connection parameters can be converted to variables here. For other parameters, variables are already created.
-
Select one of the following parameters and click Convert.
-
Polling count
-
Batch retry count
-
Batch timeout
-
Use the local cache
-
Read-only API access
For more information, see Advanced settings for system connection to G Suite.
-
Select the Configuration | Variables category.
All specialized variable sets are shown in the lower part of the document view.
-
Select a specialized variable set or click on 
in the variable set view's toolbar.
-
Select the previously added variable and enter a new value.
-
Select the Configuration | Start up configurations category.
-
Select a start up configuration and click Edit....
-
Select the General tab.
-
Select the specialized variable set in the Variable set menu.
-
Select the Configuration | Base objects category.
-
Select the base object and click 
.
- OR -
Click to add a new base object.
-
Select the specialized variable set in the Variable set menu.
- Save the changes.
For detailed information about using variables and variable sets, or restoring default values and adding base objects, see the One Identity Manager Target System Synchronization Reference Guide.
The extended settings of the target system connection can also be changed using the system connection wizard. If variables are defined for the settings, the changes are transferred to the active variable set.
NOTE: In the following circumstances, the default values cannot be restored:
In both these cases, the system connection wizard overwrites the default values. They cannot be restored at a later time.
To edit advanced settings with the system connection wizard
-
Open the synchronization project in the Synchronization Editor.
-
In the toolbar, select the active variable set to be used for the connection to the target system.
NOTE: If the default variable set is selected, the default values are overwritten and cannot be restored at a later time.
-
Select the Configuration | Target system category.
-
Click Edit connection.
This starts the system connection wizard.
-
On the system connection wizard's start page, enable Show advanced options.
-
On the G Suite administrators page, you can also enable the Read-only API access option.
When you test the connection, a check is carried out to verify if the appropriate API scopes are authorized.
For more information, see Advanced settings for system connection to G Suite.
-
On the Local cache page, you can set the Use the local cache option.
For more information, see Advanced settings for system connection to G Suite.
-
Customize the properties as required on the Advanced settings page.
For more information, see Advanced settings for system connection to G Suite.
- Save the changes.
Memberships, such as user accounts in groups, are saved in assignment tables in the One Identity Manager database. During provisioning of modified memberships, changes made in the target system may be overwritten. This behavior can occur under the following conditions:
-
Memberships are saved in the target system as an object property in list form (Example: List of user accounts in the Members property of a group).
-
Memberships can be modified in either of the connected systems.
-
A provisioning workflow and provisioning processes are set up.
If one membership in One Identity Manager changes, by default, the complete list of members is transferred to the target system. Therefore, memberships that were previously added to the target system are removed in the process and previously deleted memberships are added again.
To prevent this, provisioning can be configured such that only the modified membership is provisioned in the target system. The corresponding behavior is configured separately for each assignment table.
To allow separate provisioning of memberships
-
In the Manager, select the G Suite | Basic configuration data | Target system types category.
-
In the result list, select the G Suite target system type.
-
Select the Configure tables for publishing task.
-
Select the assignment tables that you want to set up for single provisioning. Multi-select is possible.
-
This option can only be enabled for assignment tables that have a base table with an XDateSubItem column.
-
Assignment tables that are grouped together in a virtual schema property in the mapping must be marked identically.
-
Click Merge mode.
- Save the changes.
For each assignment table labeled like this, the changes made in One Identity Manager are saved in a separate table. During modification provisioning, the members list in the target system is compared to the entries in this table. This means that only modified memberships are provisioned and not the entire members list.
NOTE: The complete members list is updated by synchronization. During this process, objects with changes but incomplete provisioning are not handled. These objects are logged in the synchronization log.
You can restrict single provisioning of memberships with a condition. Once merge mode has been disabled for a table, the condition is deleted. Tables that have had the condition deleted or edited are marked with the following icon: 
. You can restore the original condition at any time.
To restore the default condition
-
Select the auxiliary table for which you want to restore the condition.
- Right-click on the selected row and select the Restore original values context menu item.
- Save the changes.
For more detailed information about provisioning memberships, see the One Identity Manager Target System Synchronization Reference Guide.
. Enter a name for the variable set.