Chat now with support
Chat with Support

Identity Manager 8.0 - Administration Guide for Connecting to G Suite

Managing G Suite Setting Up G Suite Synchronization Base Data for Managing G Suite Troubleshooting Appendix: Configuration Parameter for Managing G Suite Appendix: Default Project Templates for G Suite Appendix: Editing System Objects

Specifying Server Functions

Specifying Server Functions

NOTE: All editing options are available to you in the Designer, in the category Base Data | Installation | Job serverClosed.

The server function defines the functionality of a server in One Identity Manager. One Identity Manager processes are handled depending on the server function.

NOTE: More server functions may be available depending on which modules are installed.
Table 24: Permitted Server Functions

Server Function

Remark

Update Server

This server executes automatic software updating of all other servers. The server requires a direct connection to the database server that the One Identity Manager database is installed on. The server can execute SQL tasks.

The server with the installed One Identity Manager database, is labeled with this functionality during initial installation of the schema.

SQL processing server

This server can process SQL tasks. Several SQL processing servers can be set up to spread the load of SQL processes. The system distributes the generated SQL processes throughout all the Job servers with this server function.

One Identity Manager Service installed

Server on which a One Identity Manager Service is installed.

SMTP host

Server from which the One Identity Manager Service sends email notifications. Prerequisite for sending mails using the One Identity Manager Service is SMTP host configuration.

Default report server

Server on which reports are generated.

G Suite connector

Server on which the G Suite connector is installed. This server executes synchronization with the target system G Suite.

Related Topics

Target System Managers

Target System Managers

For more detailed information about implementing and editing application roles, see the One Identity Manager Application Roles Administration Guide.

Implementing Application Roles for Target System Managers
  1. The One Identity Manager administrator assigns employees to be target system managers.
  2. These target system managers add employees to the default application role for target system managers.

    The default application role target system managers are entitled to edit all customers in One Identity Manager.

  3. Target system managers can authorize more employees as target system managers, within their scope of responsibilities and create other child application roles and assign individual customers.
Table 25: Default Application Roles for Target System Managers
User Task

Target SystemClosed Managers

 

Target system managers must be assigned to the application role Target systems | G Suite or a sub application role.

Users with this application role:

  • Assume administrative tasks for the target system.
  • Create, change or delete target system objects, like user accounts or groups.
  • Edit password policies for the target system.
  • Prepare system entitlements for adding to the IT Shop.
  • Configure synchronization in the Synchronization EditorClosed and defines the mapping for comparing target systems and One Identity Manager.
  • Edit the synchronization's target system types and outstanding objects.
  • Authorize other employees within their area of responsibility as target system managers and create child application roles if required.

To initially specify employees to be target system administrators

  1. Log in to the Manager as One Identity Manager administrator (application role Base role | Administrators)
  2. Select the category One Identity Manager Administration | Target systems | Administrators.
  3. Select Assign employees in the task view.
  4. Assign the employee you want and save the changes.

To add the first employees to the default application as target system managers.

  1. Log yourself into the Manager as target system administrator (application role Target systems | Administrator).
  2. Select the category One Identity Manager Administration | Target systems | G Suite.
  3. Select Assign employees in the task view.
  4. Assign the employees you want and save the changes.

To authorize other employees as target system managers when you are a target system manager

  1. Login to the Manager as target system manager.
  2. Select the application role in the category G Suite | Basic configuration data | Target system managers.
  3. Select Assign employees in the task view.
  4. Assign the employees you want and save the changes.

To define target system managers for individual customers.

  1. Login to the Manager as target system manager.
  2. Select the category G Suite | Customers.
  3. Select the customer in the result list.
  4. Select Change master data in the task view.
  5. Select the application role on the General tab in the Target system manager menu.

    - OR -

    Click next to the Target system manager menu to create a new application role.

    • Enter the application role name and assign the parent application role Target system | G Suite.
    • Click OK to add the new application role.
  6. Save the changes.
  7. Assign the application role to employees, who are authorized to edit the customer in One Identity Manager.
Related Topics

Troubleshooting

Newly Added User Accounts are Marked as Outstanding

If G Suite is synchronized with the One Identity Manager database shortly after provisioning new user accounts, these user accounts might be marked as outstanding in the One Identity Manager (or deleted, depending on the configuration of the synchronization). This error only occurs if a scope has been defined in the synchronization project for the target system.

Probable reason

Adding new user account in G Suite takes about 24 hours. If synchronization with the One Identity Manager database is started within these 24 hours, the error described can occur.

Solution

To prevent this error

  • Avoid declaring a scope for this target system.

If a scope is required

  1. Configure the user account synchronization so that objects, which do not exist in One Identity Manager are marked as outstanding.

  2. If the error occurs, run a target system comparison.

    For more information, see Post-Processing Outstanding Objects.

    1. Select the object that have been wrongly marked as outstanding.
    2. Apply the method "Reset".

      This removes the "Outstanding" mark. the next time synchronization is run, the error should not occur.

For more detailed information about defining a scope and specifying handling methods for synchronization steps, see the One Identity Manager Target SystemClosed SynchronizationClosed Reference Guide.

Related Documents