All the schema data (schema types and schema properties) of the target system schema and the One Identity Manager schema are available when you are editing a synchronization project. Only a part of this data is really needed for configuring synchronization. If a synchronization project is finished, the schema is compressed to remove unnecessary data from the synchronization project. This can speed up loading the synchronization project. Deleted schema data can be added to the synchronization configuration again at a later point.
If the target system schema or the One Identity Manager schema has changed, these changes must also be added to the synchronization configuration. Then the changes can be added to the schema property mapping.
To include schema data that have been deleted through compressing and schema modifications in the synchronization project, update each schema in the synchronization project. This may be necessary if:
To update a system connection schema
Open the synchronization project in the Synchronization EditorOne Identity Manager tool for configuring target system synchronization..
- OR -
Select the categoryConfiguration | One Identity Manager connection.
This reloads the schema data.
To edit a mapping
Open the synchronization project in the SynchronizationThe process of comparing data between One Identity Manager and a target system. Objects and their properties are compared by fixed rules. Synchronization results in the identical data situation in the target system and One Identity Manager database. Editor.
Opens the MappingList of object matching rules and property mapping rules which map the schema properties of two connected systems to one another. Editor. For more detailed information about editing mappings, see One Identity Manager Target System
An instance of a target system in which the employees managed by One Identity Manager have access to network resources. Example: An Active Directory domain X for target system type "Active Directory", a directory Y for target system type "LDAP", a client Z for target system type "SAP R/3". Synchronization Reference Guide.
|
NOTE: The synchronization is deactivated if the schema of an activated synchronization project is updated. Reactivate the synchronization project to synchronize. |
When you start synchronization, all synchronization objects are loaded. Some of these objects have not be modified since the last synchronization and, therefore, must not be processed. SynchronizationThe process of comparing data between One Identity Manager and a target system. Objects and their properties are compared by fixed rules. Synchronization results in the identical data situation in the target system and One Identity Manager database. is accelerated by only loading those object pairs that have changed since the last synchronization. One Identity Manager uses revision filtering to accelerate synchronization.
LDAP supports revision filtering. RevisionHighest value for change data for all system objects to be synchronized when synchronization is run. This value is saved in the table "DPRRevisionStore", column "value". attributes defined when the synchronization project was set up, are used for the revision count. In the default version, the creation date and the date that LDAP objects were last modified is used. Every synchronization saves the last execution date in the One Identity Manager database. (table DPRRevisionStore, column value). This value is used as a comparison for revision filtering when the same workflow is synchronized the next time. The next time synchronization is run, only those objects that have been changed since this date are loaded. This avoids unnecessary updating of objects that have not changed since the last synchronization.
Determining the revision is done when synchronization starts. Objects changed after this point are included with the next synchronization.
Revision filtering can be applied to workflows and start up configuration.
To permit revision filtering on a workflow
Open the synchronization project in the Synchronization EditorOne Identity Manager tool for configuring target system synchronization..
To permit revision filtering for a start up configuration
Open the synchronization project in the Synchronization Editor.
|
NOTE: Specify whether revision filtering will be applied when you first set up initial synchronization in the project wizard. |
For more detailed information about revision filtering, see the One Identity Manager Target SystemAn instance of a target system in which the employees managed by One Identity Manager have access to network resources. Example: An Active Directory domain X for target system type "Active Directory", a directory Y for target system type "LDAP", a client Z for target system type "SAP R/3". Synchronization Reference Guide.
Objects, which do not exist in the target system, can be marked as outstanding in One Identity Manager by synchronizing. This prevents objects being deleted because of an incorrect data situation or an incorrect synchronization configuration.
Objects marked as outstanding:
Start target system synchronization to do this.
To post-process outstanding objects
All tables assigned to the target system type LDAP as synchronization tables are displayed in the navigation view.
This opens the target system synchronization form. All objects are shown here that are marked as outstanding.
|
TIP: To display object properties of an outstanding object
|
Icon |
Method |
Description |
---|---|---|
|
Delete |
The object is immediately deleted in the One Identity Manager. Deferred deletion is not taken into account. The "outstanding" label is removed from the object. Indirect memberships cannot be deleted. |
|
Publish |
The object is added in the target system. The "outstanding" label is removed from the object. The method triggers the event "HandleOutstanding". This runs a target system specific process that triggers the provisioning process for the object. Prerequisites:
|
|
Reset |
The "outstanding" label is removed from the object. |
|
NOTE: By default, the selected objects are processed in parallel, which speeds up execution of the selected method. If an error occurs during processing, the action is stopped and all changes are discarded. Bulk processing of objects must be disabled if errors are to be localized, which means the objects are processed sequentially. Failed objects are named in the error message. All changes that were made up until the error occurred are saved. To disable bulk processing
|
You must customize synchronization to synchronize custom tables.
To add
|
NOTE: The target system connector must have write access to the target system in order to publish outstanding objects that are being post-processed. That means, the option Connection is read only must no be set for the target system connection. |
Memberships, for example, user accounts in
If a membership in One Identity Manager changes, the complete list of members is transferred to the target system by default. Memberships, previously added to the target system are removed by this; previously deleted memberships are added again.
To prevent this, provisioning can be configured such that only the modified membership is provisioned in the target system. The corresponding behavior is configured separately for each assignment table.
To allow separate provisioning of memberships
For each assignment table labeled like this, the changes made in the One Identity Manager are saved in a separate table. During modification provisioning, the members list in the target system is compared to the entries in this table. This means that only modified memberships are provisioned and the members list does not get entirely overwritten.
|
NOTE: The complete members list is updated by synchronization. During this process, objects with changes but incomplete provisioning are not handled. These objects are logged in the synchronization log. |
For more detailed information about provisioning memberships, see the One Identity Manager Target SystemAn instance of a target system in which the employees managed by One Identity Manager have access to network resources. Example: An Active Directory domain X for target system type "Active Directory", a directory Y for target system type "LDAP", a client Z for target system type "SAP R/3". Synchronization
The process of comparing data between One Identity Manager and a target system. Objects and their properties are compared by fixed rules. Synchronization results in the identical data situation in the target system and One Identity Manager database. Reference Guide.
© 2023 One Identity LLC. ALL RIGHTS RESERVED. Feedback Terms of Use Privacy