Chat now with support
Chat with Support

Identity Manager 9.1 - One Identity Manager Connector User Guide

Setting up the synchronization server

A server with the following software must be available for setting up synchronization:

  • One Identity Manager Service

    • Install One Identity Manager components with the installation wizard.

      1. Select Select installation modules with existing database.

      2. Select the Server | Job Server machine role.

    For more information about system requirements for installing the One Identity Manager Service, see the One Identity Manager Installation Guide.

The synchronization server must be declared as a Job server in One Identity Manager.

Use the One Identity Manager Service to install the Server Installer. The program runs the following steps:

  • Sets up a Job server.

  • Specifies machine roles and server function for the Job server.

  • Remotely installs One Identity Manager Service components corresponding to the machine roles.

  • Configures the One Identity Manager Service.

  • Starts the One Identity Manager Service.

NOTE: The program performs a remote installation of the One Identity Manager Service. Local installation of the service is not possible with this program.

To remotely install the One Identity Manager Service, you must have an administrative workstation on which the One Identity Manager components are installed.

NOTE: To generate processes for the Job server, you need the provider, connection parameters, and the authentication data. By default, this information is determined from the database connection data. If the Job server runs through an application server, you must configure extra connection data in the Designer. For more information about setting up Job servers, see the One Identity Manager Configuration Guide.

To remotely install and configure One Identity Manager Service on a server

  1. Start the Server Installer program on your administrative workstation.

  1. On the Database connection page, enter the valid connection credentials for the One Identity Manager database.

  2. On the Server properties page, specify the server on which you want to install the One Identity Manager Service.

    1. Select a Job server from the Server menu.

      - OR -

      To create a new Job server, click Add.

    2. Enter the following data for the Job server.

      • Server: Name of the Job server.

      • Queue: Name of the queue to handle the process steps. Each Job server within the network must have a unique queue identifier. The process steps are requested by the Job queue using this exact queue name. The queue identifier is entered in the One Identity Manager Service configuration file.

      • Full server name: Full server name in accordance with DNS syntax.

        Syntax:

        <Name of servers>.<Fully qualified domain name>

      NOTE: You can use the Extended option to make changes to other properties for the Job server. You can also edit the properties later with the Designer.

  1. (For system synchronization) On the Server functions page, select One Identity Manager synchronization.

    (For custom synchronization) On the Server functions page, select One Identity Manager connector.

  2. On the Service Settings page, enter the connection data and check the One Identity Manager Service configuration.

    NOTE: The initial service configuration is predefined. If further changes need to be made to the configuration, you can do this later with the Designer. For more information about configuring the service, see the One Identity Manager Configuration Guide.

    • For a direct connection to the database:

      1. Select Process collection > sqlprovider.

      2. Click the Connection parameter entry, then click the Edit button.

      3. Enter the connection data for the One Identity Manager database.

    • For a connection to the application server:

      1. Select Process collection, click the Insert button and select AppServerJobProvider.

      2. Click the Connection parameter entry, then click the Edit button.

      3. Enter the connection data for the application server.

      4. Click the Authentication data entry and click the Edit button.

      5. Select the authentication module. Depending on the authentication module, other data may be required, such as user and password. For more information about One Identity Manager authentication modules, see the One Identity Manager Authorization and Authentication Guide.

  3. To configure remote installations, click Next.

  1. On the Select installation source page, select the directory with the install files. Change the directory if necessary.

  2. On the Service access page, enter the service's installation data.

    • Computer: Enter the name or IP address of the server that the service is installed and started on.

    • Service account: Enter the details of the user account that the One Identity Manager Service is running under. Enter the user account, the user account's password and password confirmation.

    The service is installed using the user account with which you are logged in to the administrative workstation. If you want to use another user account for installing the service, you can enter it in the advanced options. You can also change the One Identity Manager Service details, such as the installation directory, name, display name, and the One Identity Manager Service description, using the advanced options.

  3. Click Next to start installing the service.

    Installation of the service occurs automatically and may take some time.

  4. Click Finish on the last page of the Server Installer.

    NOTE: In a default installation, the service is entered in the server’s service management with the name One Identity Manager Service.

Setting up system synchronization

System synchronization allows you to map selected application data from one One Identity Manager database into a second One Identity Manager database. The synchronization configuration is generated completely automatically based on selected criteria.

To generate a synchronization project

  1. Provide One Identity Manager users with the necessary permissions to set up synchronization.

    NOTE:

    • You can only use non role-based credentials to log in to the Designer.

    • Role-based login is only possible for the Launchpad and the Synchronization Editor.

  2. Install and configure a synchronization server and declare the server as a Job server in One Identity Manager.
  3. To be able to successfully run system synchronization, you need to set some properties on the work database.

  4. In the Designer, mark the tables and columns whose contents you want synchronized.

  5. Generate a synchronization project with the Synchronization Editor.

Only the connection credentials for the connected systems may be changed manually in a generated synchronization project.

Detailed information about this topic
Related topics

Users and permissions for system synchronization

For non role-based login to the One Identity Manager tools you need:

  • To select tables and columns to synchronize: An administrative system user working with the Designer

  • To set up synchronization: A system user with DPR_EditRights_Methods and QBM_LaunchPad permissions groups.

For the role-based login you need:

  • To select tables and columns to synchronize: An administrative system user working with the Designer

    You can only use non role-based credentials to log in to the Designer.

  • To set up synchronization: a custom application role

    The application role gets its permissions through a custom permissions group and the vi_4_SYNCPROJECT_ADMIN permissions group.

For more information about system users and permissions groups, see the One Identity Manager Authorization and Authentication Guide.

Detailed information about this topic

Setting up custom application roles for system synchronization

To grant One Identity Manager users the necessary permissions to set up synchronization when using role-based login, create a custom application role. This application role obtains the required permissions by using a custom permissions group.

To set up an application role for synchronization

  1. In the Designer, create a new permissions group .

    • Set the Only use for role based authentication option.

  2. Make the new permissions group dependent on the vi_4_SYNCPROJECT_ADMIN permissions group.

    • Select the Inherit permissions from context menu item and select the vi_4_SYNCPROJECT_ADMIN permissions group.

  3. Save the changes.
  4. In the Manager, create a new application role.

    1. Assign the Custom | Managers application role as the parent application role.

    2. Assign the newly created permissions group.

  5. Assign employees to this application role.

  6. Save the changes.

For more information about setting up application roles and permissions groups, see the One Identity Manager Authorization and Authentication Guide.

Related topics
Related Documents

The document was helpful.

Select Rating

I easily found the information I needed.

Select Rating