Target System Types
Target system types
Several target systems can be grouped together in a target system type. You can assign user accounts to groups belonging to different target systems within a target system type. In addition, tables containing outstanding objects are maintained on target system types. For more information, see Post-Processing Outstanding Objects.
To assign user accounts to system entitlements with a target system type
- Define a target system type.
- Assign target systems to the target system type.
To edit target system types
- Select the category Custom target systems | Basic configuration data | Target system types.
- Select the target system type in the result list.
- OR -
Click
in the result list toolbar.
- Edit the target system type master data.
Table 17: Master Data for a Target System Type Property
Description
Target system type
Target system type description.
Description
Spare text box for additional explanation.
Display Name
Name of the target system type as displayed in One Identity Manager tools.
Cross boundary inheritance
Specifies whether user accounts can be assigned to groups if they belong to different custom target systems.
NOTE: If this option is not set, the target system type is used to group the target systems. Show in compliance rule wizard
Specifies whether the target system type for compliance rule wizard can be selected when rule conditions are being set up.
Text snippet
Text snippets used for linking text in the compliance rule wizard.
- Save the changes.
To assign a custom target system to a target system type
- Select the category Custom target systems | Basic configuration data | Target systems.
- Select a target system in the result list.
- Select Change master data in the task view.
- Select Target system type from the target system type to which you want to assign the target system.
- Save the changes.
Displaying Customized Schema Extension for Custom Target Systems
You can display custom columns in tables UNSAccountB, UNSContainerB, UNSGroupB, UNSItemB and UNSRootB in the Manager. To do this, modify the custom column's column definition.
See the One Identity Manager Configuration Guide for detailed information about extending tables with custom columns using the program "Schema Extension" and about customizing column definitions with the program "Designer".
To display custom columns for the tables UNSAccountB, UNSContainerB, UNSGroupB, UNSItemB and UNSRootB on forms in the Manager
-
Specify the order for displaying input fields in the Designer in the property Sort order (DialogColumn.SortOrder). Columns with a sort order of less that one are not displayed.
-
Modify the property Group (DialogColumn.ColumnGroup) in the Designer in the custom column's column definition. The group determines, which tab the column will appear on.
-
If you do not specify a group, the column will be displayed on a tab with the name "Custom" for all target system types.
-
If you enter a group in the column configuration, the column will be displayed on a tab with the group's name for all target system types. The group's name must not match the name of a target system type.
-
If you want to display a column for a particular target system type, only enter the specific target system type (DPRNamespace.Ident_DPRNamespace) as group. The column is displayed on a tab with the target system type's name. The column is not displayed for any other target system types.
-
To display more than one target system type, enter the target system types as groups by delimiting them with a comma. The column will be displayed on a tab with the target system type's name for each of the target system types entered. The column is not displayed for any other target system types.
-
To display the column for one or more target system types, but only on one tab with another name, enter the target system types delimited by commas (,) and the tab name as the group. This group will be used as tab name for all the target system types entered. The column is not displayed for any other target system types.
-
Example
The table UNSAccountB is extended by 5 columns. The columns should be displayed as follows for target system type A, target system type B and target system type C.
-
Column 1 on the "Custom" tab for all target system types.
-
Column 2 on the tab "Group A" for all target system types.
-
Column 3 on the tab "Target system type B" for the target system type B. Columns are not displayed for target system type A and target system type C.
-
Column 4 on the tab "Target system type B" for target system type B and on the tab "Target system type C" for target system type C. The column is not displayed for target system type A.
-
Column 5 on the tab "Group A" for target system type B and target system type C. The column is not displayed for target system type A.
|
Column |
Group |
|---|---|
|
Column 1 |
|
|
Column 2 |
Group A |
|
Column 3 |
Target system type B |
|
Column 4 |
Target system type B, target system type C |
|
Column 5 |
Target system type B, target system type C, group A |
Setting up a Custom Target System
Setting up a Custom Target System
| Configuration parameter | Meaning |
|---|---|
| TargetSystem\UNS\CreateNewRoot |
The configuration parameter specifies whether new target systems can be added. If this parameter is set, custom target systems can be added. |
To differentiate between objects from different custom target systems in the One Identity Manager database, specify an ID for each target system. Each object can be assigned to exactly one target system through this ID. You can add more properties to each ID to describe the target system in more detail.
To set up custom target systems
- Select the configuration parameter "TargetSystem\UNS\CreateNewRoot" in the Designer.
To edit target system identifiers
- Select the category Custom target systems | Basic configuration data | Target systems.
- Select a target system in the result list. Select Change master data in the task view.
- OR -
Click
- Edit the target system type master data.
- Save the changes.
|
|
Tip: You can also edit target system properties in the category Custom target systems | <target system>. |
Detailed information about this topic
- General Master Data for a Custom Target System
- Customizing Data Synchronization for a Custom Target System
- Specifying Categories for Inheriting Groups
- Alternative Column Names
General Master Data for a Custom Target System
General Master Data for a Custom Target System
Enter the following data for a custom target system.
|
Property |
Description | |||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
Target System |
Name of the target system. | |||||||||||
|
Target system type |
Type of the target system. Several target systems can be grouped together in a target system type. You can assign user accounts to groups belonging to different target systems within a target system type. | |||||||||||
|
Canonical name |
Name of the target system conforming with DNS syntax. target system name.parent target system name.master system name Example DHW2k01.Testlab.com | |||||||||||
|
Distinguished name |
Target system's distinguished name. This distinguished name is used to form distinguished names for child objects. If the target system does not supply any distinguished names, you can enter the target system identifier here, for example. Syntax example: DC = <target system> | |||||||||||
|
Display name |
Name that is displayed in the One Identity Manager tools for the target system. | |||||||||||
|
Account definition (initial) |
Initial account definition for creating user accounts. These account definitions are used if automatic assignment of employees to user account is used for this domain resulting in administered user accounts (state "Linked configured"). The account definition's default manage level is applied. User accounts are only linked to the employee (state "Linked") if no account definition is given. This is the case on initial synchronization, for example. | |||||||||||
|
Target system managers |
Application role in which target system managers are specified. The target system managers only modify the target system objects assigned to them. Therefore, each target system can have a different target system manager assigned to it. Select the One Identity Manager application role whose members are responsible for administration of this target system. Use the | |||||||||||
|
Synchronized by |
Type of synchronization through which the data is synchronized between the target system and One Identity Manager.
If you select "Synchronize by script" you can define custom processes to exchange data between One Identity Manager and the target system. You can configure data imports with the program "Data Import" or set up synchronization with the CSV connector in the Synchronization Editor. | |||||||||||
|
Description |
Spare text box for additional explanation. | |||||||||||
|
Group memberships as MVP |
Specifies whether group memberships can be grouped together as a list on an multi-valued property column of this target system's user accounts (relevant for data import). |