Chat now with support
Chat with Support

Identity Manager 9.0 LTS - Administration Guide for Connecting to a Universal Cloud Interface

Managing Universal Cloud Interface environments Synchronizing a cloud application in the Universal Cloud Interface
Setting up initial synchronization with a cloud application in the Universal Cloud Interface Customizing the synchronization configuration Running synchronization Tasks following synchronization Troubleshooting Ignoring data error in synchronization Pausing handling of target system specific processes (Offline mode)
Provisioning object changes Managing cloud user accounts and employees Managing assignments of cloud groups and system entitlements Login information for cloud user accounts Mapping cloud objects in One Identity Manager
Cloud target systems Container structures Cloud user accounts Cloud groups Cloud system entitlements Cloud permissions controls Reports about objects in cloud target systems
Handling cloud objects in the Web Portal Basic data for managing a Universal Cloud Interface environment Configuration parameters for managing cloud target systems Default project template for cloud applications in the Universal Cloud Interface

Setting up initial synchronization with a cloud application in the Universal Cloud Interface

The Synchronization Editor provides a project template that can be used to set up the synchronization of user accounts and permissions. Use this project template to set up the initial synchronization project. In addition, the required processes are created that are used for the provisioning of changes to target system objects in the target system.

To transfer objects from a cloud application into the Cloud Systems Management Module for the first time

  1. Provide One Identity Manager users with the required permissions for setting up synchronization and post-processing of synchronization objects.

  2. The One Identity Manager components for managing cloud target systems are available if the TargetSystem | CSM configuration parameter is set.

    • In the Designer, check if the configuration parameter is set. Otherwise, set the configuration parameter and compile the database.

      NOTE: If you disable the configuration parameter at a later date, model components and scripts that are not longer required, are disabled. SQL procedures and triggers are still carried out. For more information about the behavior of preprocessor relevant configuration parameters and conditional compiling, see the One Identity Manager Configuration Guide.

    • Other configuration parameters are installed when the module is installed. Check the configuration parameters and modify them as necessary to suit your requirements.

  3. Install and configure a synchronization server and declare the server as Job server in One Identity Manager.

  4. Create a synchronization project with the Synchronization Editor.

    NOTE: The cloud application must already be available in the Universal Cloud Interface Module before the synchronization project can be created. For more information about setting up initial synchronization with a cloud application, see the One Identity Manager Administration Guide for Connecting to Cloud Applications.

Detailed information about this topic

Users and permissions for synchronizing with a cloud application

The following users are involved in synchronizing One Identity Manager with a cloud application in the Universal Cloud Interface.

Table 3: Users for synchronization
User Permissions

Users for accessing the Cloud Application in the Universal Cloud Interface

 

To log on to the database containing the Universal Cloud Interface, use:

  • Role-based login: a user with the application role Universal Cloud Interface | Administrators

    - OR -

  • Non role-based login: a system user with the DPR_EditRights_Methods permissions group.

One Identity Manager Service user account

The user account for the One Identity Manager Service requires user permissions to carry out operations at file level (adding and editing directories and files).

The user account must belong to the Domain users group.

The user account must have the Login as a service extended user permissions.

The user account requires permissions for the internal web service.

NOTE: If the One Identity Manager Service runs under the network service (NT Authority\NetworkService), you can grant permissions for the internal web service with the following command line call:

netsh http add urlacl url=http://<IP address>:<port number>/ user="NT AUTHORITY\NETWORKSERVICE"

The user account needs full access to the One Identity Manager Service installation directory in order to automatically update One Identity Manager.

In the default installation, One Identity Manager is installed under:

  • %ProgramFiles(x86)%\One Identity (on 32-bit operating systems)

  • %ProgramFiles%\One Identity (on 64-bit operating systems)

User for accessing the One Identity Manager database

The Synchronization default system user is provided to run synchronization using an application server.

Setting up the synchronization server

All One Identity Manager Service actions are run against the target system environment on the synchronization server. Data entries required for synchronization and administration with the One Identity Manager database are processed by the synchronization server.

The One Identity Manager Service with the Universal Cloud Interface connector must be installed on the synchronization server.

Detailed information about this topic

System requirements for the synchronization server

A server with the following software must be available for setting up synchronization:

  • Windows operating system

    The following versions are supported:

    • Windows Server 2022

    • Windows Server 2019

    • Windows Server 2016

    • Windows Server 2012 R2

    • Windows Server 2012

  • Microsoft .NET Framework version 4.8 or later

    NOTE: Take the target system manufacturer's recommendations into account.
Related Documents

The document was helpful.

Select Rating

I easily found the information I needed.

Select Rating