Chat now with support

Get Live Help
Complete Registration

Sign In

Request Pricing

Contact Sales

Identity Manager 9.3 - Administration Guide for Connecting to Custom Target Systems

Table of Contents

Managing custom target systems

One Identity Manager users for managing custom target systems Configuration parameters for managing custom target systems

Synchronizing custom target systems

Mapping custom target systems in the One Identity Manager schema Scripted data provisioning in custom target systems

Deploying scripts for provisioning data in custom target systems Job server for provisioning data in custom target systems

General main data of Job servers Specifying server functions

Post-processing outstanding objects

Adding custom tables to the target system synchronization Post-processing outstanding objects

Managing user accounts and identities

Account definitions for user accounts

Creating account definitions Editing account definitions Main data for account definitions Editing manage levels Creating manage levels Assigning manage levels to account definitions Main data for manage levels Creating mapping rules for IT operating data Entering IT operating data Assigning account definitions to identities

Assigning account definitions to departments, cost centers, and locations Assigning account definitions to business roles Assigning account definitions to all identities Assigning account definitions directly to identities Assigning account definitions to system roles Adding account definitions in the IT Shop

Assigning account definitions to custom target systems Deleting account definitions

Assigning identities automatically to user accounts

Editing search criteria for automatic identity assignment Finding identities and directly assigning them to user accounts Changing manage levels for user accounts Assigning account definitions to linked user accounts

Supported user account types

Default user accounts Administrative user accounts

Providing administrative user accounts for one identity Providing administrative user accounts for several people

Privileged user accounts

Setting deferred deletion for custom target system user accounts

Managing assignments of groups and system entitlements

Specifying types of system entitlements in use Assigning groups and system entitlements to user accounts in One Identity Manager

Prerequisites for indirect assignments of groups and system entitlements to user accounts Assigning groups to departments, cost centers, and locations Assigning system entitlements to departments, cost centers, and locations Assigning groups to business roles Assigning system entitlements to business roles Adding groups to system roles Adding system entitlements to system roles Adding groups to the IT Shop Adding system entitlements to the IT Shop Assigning user accounts directly to a group Assigning user accounts directly to a system entitlement Assigning groups directly to user accounts Assigning system entitlements directly to a user account

Effectiveness of memberships in groups and system entitlements Inheriting groups and system entitlements based on categories Overview of all assignments

Login credentials for user accounts

Password policies for user accounts

Predefined password policies Using password policies Editing password policies Creating password policies General main data of password policies Policy settings Character classes for passwords Custom scripts for password requirements

Checking passwords with a script Generating passwords with a script

Editing the password excluded list Verifying passwords Testing password generation

Initial password for new user accounts Email notifications about login data

Mapping custom target system objects in One Identity Manager

Custom target system identifiers

General main data for custom target systems Customizing data synchronization for custom target systems Defining categories for inheriting groups and system entitlements Specifying alternative names

Container structures in custom target systems

Main data for containers Assigning extended properties to containers

User accounts in custom target systems

Creating and editing user accounts User account main data Assigning extended properties to user accounts Assigning permissions controls to user accounts Disabling user accounts Deleting and restoring user accounts Displaying the user account overview

Groups in custom target systems

Main data for groups Assigning groups to groups Assigning extended properties to groups Assigning permissions controls to groups Displaying the group overview

System entitlements in custom target systems

System entitlement main data Assigning system entitlements to system entitlements Assigning extended properties to system entitlements Displaying system entitlement overviews

Permissions controls in custom target systems

Main data for permissions controls Assigning user accounts to permissions controls Assigning groups to permissions controls Displaying the permissions control overview

Reports about custom target systems

Treatment of custom target system objects in the Web Portal Basic configuration data for custom target systems

Target system managers for custom target systems Target system types for custom target systems Configuring display of custom schema extensions for custom target systems

Configuration parameters for managing custom target systems

Mapping custom target systems in the One Identity Manager schema

The custom target system objects are mapped in the following tables of the One Identity Manager schema.

Table 2: Tables in the One Identity Manager schema for mapping custom target systems
Table	Description
UNSAccountB	User account mapping.
UNSAccountBHasUNSGroupB	Group assignments to user accounts.
UNSAccountBHasUNSGroupB1, UNSAccountBHasUNSGroupB2, UNSAccountBHasUNSGroupB3	Assignments of system entitlements to user accounts.
UNSAccountBHasUNSItemB	Permissions control assignments to user accounts.
UNSAccountBInUNSGroupB	Assignments of user accounts to groups.
UNSAccountBInUNSGroupB1, UNSAccountBInUNSGroupB2, UNSAccountBInUNSGroupB3	Assignments of user accounts to system entitlements.
UNSContainerB	Container structure mapping.
UNSGroupB	Group mapping.
UNSGroupB1, UNSGroupB2, UNSGroupB3	Mapping of other system entitlements.
UNSGroupBHasUnsItemB	Permissions control assignments to groups.
UNSGroupBInUNSGroupB	Assignments of groups to groups (group hierarchy).
UNSGroupB1InUNSGroupB1, UNSGroupB1InUNSGroupB2, UNSGroupB1InUNSGroupB3	Assignments of system entitlements to system entitlements (system entitlement hierarchy).
UNSItemB	Mapping of additional permissions controls.
UNSRootB	Basis for mapping custom target systems.

Related topics

Mapping custom target system objects in One Identity Manager

Scripted data provisioning in custom target systems

One Identity Manager provides predefined processes for provisioning data in a custom target system. The processes use scripts for provisioning the data. Provisioning data from One Identity Manager into the custom target system must be customized because each custom target system maps the data differently.

To use scripted provisioning procedures, the following steps are required:

Create the provisioning script

Scripts are used to provision data from the One Identity Manager in a custom target system. These must be created for each target system.
Provide a server for provisioning

On the server, the One Identity Manager Service must be installed, configured, and started. The server must be declared in One Identity Manager and entered as the synchronization server in the target system.
Set up custom target systems in the One Identity Manager database and customize synchronization methods in the One Identity Manager database.

Select the Synchronization by script synchronization method.

Related topics

Deploying scripts for provisioning data in custom target systems

In One Identity Manager, default installation processes for the default events are made available for tables, which are used for mapping custom target systems. The processes use scripts for data provisioning. The scripts must be modified to fit the custom target system because each custom target system maps the data differently.

Create custom scripts for your target system. You can use the TSB_Uns_Generic_Templates script as a template for creating custom scripts.

The processes expect scripts that comply with the following naming convention:

<customer prefix>_<table>_<Ident_UNSRoot>_<event>

Example: Provisioning scripts

CCC_UNSAccountB_<Ident_UNSRoot>_Insert

CCC_UNSAccountB_<Ident_UNSRoot>_Update

CCC_UNSAccountB_<Ident_UNSRoot>_Delete

CCC_UNSAccountBHasUNSGroupB1_<Ident_UNSRoot>_Add

CCC_UNSAccountBHasUNSGroupB1_<Ident_UNSRoot>_Del

IMPORTANT: If your target system contains a hyphen (-) in its name, you must remove it from the <Ident_UNSRoot> part. Otherwise, errors may occur during script processing.

Related topics

Mapping custom target systems in the One Identity Manager schema

Job server for provisioning data in custom target systems

You can define a server for each custom target system, which runs all the One Identity Manager Service actions required for provisioning target system objects. For more information about installing and configuring the One Identity Manager Service, see the One Identity Manager Installation Guide.

To set up a server

Provide a server installed with the One Identity Manager Service.
In the Manager, create an entry for the Job server.
1. Select the Custom Target Systems > Basic configuration data > Servers category.
2. Click in the result list.
3. Edit the Job server's main data.
4. Save the changes.
Enter the server as the synchronization server in the custom target system.

Detailed information about this topic

Related Documents

The document was helpful.

Select Rating

I easily found the information I needed.

Select Rating

© 2025 One Identity LLC. ALL RIGHTS RESERVED. Terms of Use Privacy Cookie Preference Center