Creating a synchronization project
A synchronization project collects all the information required for synchronizing the One Identity Manager database with a target system. Connection data for target systems, schema types and properties, mapping, and synchronization workflows all belong to this.
Have the following information available for setting up a synchronization project.
Table 5: Information required for setting up a synchronization project
Definition file |
You provide the required PowerShell cmdlets, schema types, schema properties and connection parameters in an XML file. |
Synchronization server |
All One Identity Manager Service actions are run against the target system environment on the synchronization server. Data entries required for synchronization and administration with the One Identity Manager database are processed by the synchronization server.
Installed components:
- One Identity Manager Service (started)
The synchronization server must be declared as a Job server in One Identity Manager. The Job server name is required.
For more information, see Setting up the synchronization server. |
Remote connection server |
To configure synchronization with a target system, One Identity Manager must load the data from the target system. One Identity Manager communicates directly with the target system to do this. Sometimes direct access from the workstation, on which the Synchronization Editor is installed, is not possible. For example, because of the firewall configuration or the workstation does not fulfill the necessary hardware and software requirements.
Remote connection server configuration:
The remote connection server must be declared as a Job server in One Identity Manager. The Job server name is required.
For more detailed information about setting up a remote connection, see the One Identity Manager Target System Synchronization Reference Guide. |
Synchronization workflow |
Set the option Data import in the synchronization step if synchronization data is imported from a secondary system. You cannot select the processing method "MarkAsOutstanding" for these synchronization steps.
For more detailed information about synchronizing user data with different systems, see the One Identity Manager Target System Synchronization Reference Guide. |
Base object |
If no base object can be specified, you can assign a base table and the synchronization server.
-
Select the table from the Base table menu in which to import the objects. The base table can be used to defined downstream processes for synchronization. For more information about downstream processes, see the One Identity Manager Target System Synchronization Reference Guide.
-
The Synchronization server menu displays all Job servers for which the PowerShell Connector server function is enabled. |
Variable set |
If you implement specialized variable sets, ensure that the start up configuration and the base object use the same variable set. |
To configure synchronization with the PowerShell connector
-
Create a definition file, which described the structure of the target system and the PowerShell cmdlets to use.
-
Create a new synchronization project.
-
Add mappings. Define property mapping rules and object matching rules.
-
Create synchronization workflows.
-
Create a start up configuration.
-
Define the synchronization scope.
-
Specify the base object of the synchronization.
-
Specify the extent of the synchronization log.
-
Run a consistency check.
-
Activate the synchronization project.
-
Save the new synchronization project in the database.
For more detailed information about creating the various components of the synchronization configuration (for example, mappings, workflows, or start-up configuration), see the One Identity Manager Target System Synchronization Reference Guide.
Detailed information about this topic
Creating definition files
When you set up synchronization, you enter the required PowerShell cmdlets, schema types, schema properties and the information required for logging in to the target system in XML notation. Create one XML file for this, which contains the entire definition. The definition file is loaded when you configure synchronization in the project wizard. You can create Synchronization Editor maps and synchronization workflows based on this definition.
You can find an example of a definition file on the One Identity Manager installation medium in ..\Modules\TSB\dvd\AddOn\SDK\ADSample.xml.
Creating a synchronization project
There is a wizard to assist you with setting up a synchronization project. This wizard takes you through all the steps you need to set up initial synchronization with a target system. Click Next once you have entered all the data for a step.
NOTE: The following sequence describes how to configure a synchronization project if the Synchronization Editor is both:
If you run the project wizard in expert mode or directly from the Synchronization Editor, additional configuration settings can be made. Follow the project wizard instructions through these steps.
To set up a synchronization project
-
Start the Launchpad and log in on the One Identity Manager database.
NOTE: If synchronization is run by an application server, connect the database through the application server.
-
Select the PowerShell Connector. Click Run.
This starts the Synchronization Editor's project wizard.
-
On the wizard's start page, click Next.
-
On the System access page, specify how One Identity Manager can access the target system.
-
If access is possible from the workstation on which you started the Synchronization Editor, do not change any settings.
-
If access is not possible from the workstation on which you started the Synchronization Editor, you can set up a remote connection.
Select the Connect using remote connection server and enter the remote connection properties.
-
Access parameters
-
Server: Full server name or IP address of the server.
To select an existing Job server as the remote connection server, click and select the server from the menu. This displays all the Job servers that have the One Identity Manager Service installed server function selected.
-
Port: Port that is configured for the RemoteConnectPlugin.
-
Authentication
If SecretAuthentication is configured for the RemoteConnectPlugin:
If ADGroupAuthentication is configured for the RemoteConnectPlugin, no data is required.
-
Options
-
Request timeout: Maximum time allowed for a server query in seconds. If the time is exceeded, the request is canceled.
-
Accept self-signed certificates: Specifies whether self-signed certificates can be accepted.
-
On the start page of the system connection wizard, click Next.
-
On the Connector Definition page, you enter the required PowerShell cmdlets, schema types, schema properties, and the information required for logging in to the target system in XML notation.
Table 6: Connector definition
System ID/Name |
Unique identifier of the system connection. |
Concurrent connections |
Maximum number of concurrent connections to the target system. |
System category |
Category for differentiating system types further. A maximum of 16 characters, consisting of numbers and letters, are permitted for the identifier.
Connections with the PowerShell connector are normally saved with the Posh system type. The system category allows one more classification into subtypes. This differentiates between different connections to the same system but using different functions (APIs).
Example:
Connection 1: type =Posh, system category=Active Directory
Connection 2: type =Posh, system category=Exchange |
Definition |
Definition that converts the target system schema into Cmdlet calls. Enter the definition in XML notation.
- To load the definition from a definition file, click .
- To check the consistency of the definition, click .
|
-
On the Connection data page, enter the data for the required connection parameter. All the parameters from the ConnectionParameters element of the XML definition are queried.
-
On the last page of the system connection wizard, you can save the connection data.
-
Set the Save connection locally option to save the connection data. This can be reused when you set up other synchronization projects.
-
Click Finish, to end the system connection wizard and return to the project wizard.
-
On the One Identity Manager Connection tab, test the data for connecting to the One Identity Manager database. The data is loaded from the connected database. Reenter the password.
NOTE:
-
If you use an unencrypted One Identity Manager database and have not yet saved any synchronization projects to the database, you need to enter all connection data again.
-
This page is not shown if a synchronization project already exists.
-
The wizard loads the target system schema. This may take a few minutes depending on the type of target system access and the size of the target system.
-
On the Select project template page, select a project template to use for setting up the synchronization configuration.
NOTE: The PowerShell connector does not provide a default project template for setting up synchronization. If you have created your own project template, you can select it to configure the synchronization project. Otherwise, select Create blank project.
-
Enter the general setting for the synchronization project under General.
Table 7: General properties of the synchronization project
Display name |
Display name for the synchronization project. |
Description |
Text field for additional explanation. |
-
To close the project wizard, click Finish.
-
Save the synchronization project in the database.
Updating schemas
All the schema data (schema types and schema properties) of the target system schema and the One Identity Manager schema are available when you are editing a synchronization project. Only a part of this data is really needed for configuring synchronization. If a synchronization project is finished, the schema is compressed to remove unnecessary data from the synchronization project. This can speed up the loading of the synchronization project. Deleted schema data can be added to the synchronization configuration again at a later point.
If the target system schema or the One Identity Manager schema has changed, these changes must also be added to the synchronization configuration. Then the changes can be added to the schema property mapping.
To include schema data that have been deleted through compression and schema modifications in the synchronization project, update each schema in the synchronization project. This may be necessary if:
To update a system connection schema
-
In the Synchronization Editor, open the synchronization project.
-
Select the Configuration > Target system category.
- OR -
Select the Configuration > One Identity Manager connection category.
-
Select the General view and click Update schema.
- Confirm the security prompt with Yes.
This reloads the schema data.
To edit a mapping
-
In the Synchronization Editor, open the synchronization project.
-
Select the Mappings category.
-
Select a mapping in the navigation view.
Opens the Mapping Editor. For more information about mappings, see the One Identity Manager Target System Synchronization Reference Guide.
NOTE: The synchronization is deactivated if the schema of an activated synchronization project is updated. Reactivate the synchronization project to synchronize.