Supporting Analysis of Synchronization Issues

Help for Analyzing Synchronization Issues

You can generate a report for analyzing problems which occur during synchronization, for example, insufficient performance. The report contains information such as:

• Consistency check results
• Revision filterFilters all system objects not changed since the last synchronization. The deciding factor being the revision property modification. SynchronizationThe process of comparing data between One Identity Manager and a target system. Objects and their properties are compared by fixed rules. Synchronization results in the identical data situation in the target system and One Identity Manager database. can be speeded up with revision filtering. settings
• ScopeSection of a connected system which should be synchronized. The scope is defined with a filter. applied
• Analysis of the synchronization buffer
• Object access times in the One Identity Manager database and in the target system

To generate a synchronization analysis report

1. Open the synchronization project in the Synchronization EditorOne Identity Manager tool for configuring target system synchronization..

2. Select the menu Help | Generate synchronization analysis report and answer the security prompt with Yes.

   The report may take a few minutes to generate. It is displayed in a separate window.

3. Print the report or save it in one of the available output formats.

Deactivating Synchronization

Deactivating Synchronization

Regular synchronization cannot be started until the synchronization project and the schedule are active.

To prevent regular synchronization

• Select the start up configuration and deactivate the configured schedule.

  Now you can only start synchronization manually.

An activated synchronization project can only be edited to a limited extend. The schema in the synchronization project must be updated if schema modifications are required. The synchronization project is deactivated in this case and can be edited again.

Furthermore, the synchronization project must be deactivated if synchronization should not be started by any means (not even manually).

To deactivate the loaded synchronization project

1. Select General on the start page.
2. Click Deactivate project.

Detailed information about this topic

• Creating a Synchronization Project for initial Synchronization of an LDAP Domain

Basic Configuration Data

To manage an LDAP environment in One Identity Manager, the following data is relevant.

• Configuration parameter

  Use configuration parameters to configure the behavior of the system's basic settings. One Identity Manager provides default settings for different configuration parameters. Check the configuration parameters and modify them as necessary to suit your requirements.

  Configuration parameters are defined in the One Identity Manager modules. Each One Identity Manager module can also install configuration parameters. You can find an overview of all configuration parameters in the category Base data | General | Configuration parameters in the Designer.

  For more information, see Appendix: Configuration Parameters for Managing LDAP.

• Account definitions

  One Identity Manager has account definitions for automatically allocating user accounts to employees during working hours. You can create account definitions for every target system. If an employee does not have a user account in the target system, a new user account is created. This is done by assigning account definitions to an employee using the integrated inheritance mechanism followed by process handling.

  For more information, see Setting Up Account Definitions.

• Password policies

  One Identity Manager provides you with support for creating complex password policies, for example, for system user passwords, the employees' central password as well as passwords for individual target systems. Password polices apply not only when the user enters a password but also when random passwords are generated.

  Predefined password policies are supplied with the default installation that you can user or customize if required. You can also define your own password policies.

  For more information, see Password Policies.

• Initial Password for New User Accounts

  You have the different options for issuing an initial password for user accounts. The central password of the assigned employee can be aligned with the user account password, a predefined, fixed password can be used or a randomly generated initial password can be issued.

  For more information, see Initial Password for New LDAP User Accounts.

• Email notifications about login data

  When a new user account is created, the login data are send to a specified recipient. In this case, two messages are sent with the user name and the initial password. Mail templates are used to generate the messages.

  For more information, see Email Notifications about Login Data.

• Target SystemAn instance of a target system in which the employees managed by One Identity Manager have access to network resources. Example: An Active Directory domain X for target system type "Active Directory", a directory Y for target system type "LDAP", a client Z for target system type "SAP R/3". Types

  Target system types are required for configuring target system comparisons. Tables containing outstanding objects are maintained on target system types.

  For more information, see Post-Processing Outstanding Objects.

• Target system managers

  A default application role exists for the target system manager in the One Identity Manager. Assign this application to employees who are authorized to edit the domains in One Identity Manager.

  Define other application roles, if you want to limit target system managers' access permissions to individual domains. The application roles must be added under the default application role.

  For more information, see Target System Managers.

Setting Up Account Definitions

One Identity Manager has account definitions for automatically allocating user accounts to employees during working hours. You can create account definitions for every target system. If an employee does not have a user account in the target system, a new user account is created. This is done by assigning account definitions to an employee using the integrated inheritance mechanism followed by process handling.

The data for the user accounts in the respective target system comes from the basic employee data. The assignment of the IT operating data to the employee’s user account is controlled through the primary assignment of the employee to a location, a department, a cost center, or a business role (template processing). Processing is done through templates. There are predefined templates for determining the data required for user accounts included in the default installation. You can customize templates as required.

For more details about the basics, see the One Identity Manager Target SystemAn instance of a target system in which the employees managed by One Identity Manager have access to network resources. Example: An Active Directory domain X for target system type "Active Directory", a directory Y for target system type "LDAP", a client Z for target system type "SAP R/3". Base Module Administration Guide.

The following steps are necessary to implement an account definition:

• Creating an Account Definition
• Setting Up Manage Levels
• Creating a Formatting Rule for IT Operating Data
• Determining IT Operating Data
• Assigning Account Definitions to Employees
• Assigning Account Definitions to a Target System