You can generate a report for analyzing problems which occur during synchronization, for example, insufficient performance. The report contains information such as:
To generate a synchronization analysis report
Open the synchronization project in the Synchronization EditorOne Identity Manager tool for configuring target system synchronization..
The report may take a few minutes to generate. It is displayed in a separate window.
Regular synchronization cannot be started until the synchronization project and the schedule are active.
To prevent regular synchronization
Now you can only start synchronization manually.
An activated synchronization project can only be edited to a limited extend. The schema in the synchronization project must be updated if schema modifications are required. The synchronization project is deactivated in this case and can be edited again.
Furthermore, the synchronization project must be deactivated if synchronization should not be started by any means (not even manually).
To deactivate the loaded synchronization project
To manage an LDAP environment in One Identity Manager, the following data is relevant.
Use configuration parameters to configure the behavior of the system's basic settings. One Identity Manager provides default settings for different configuration parameters. Check the configuration parameters and modify them as necessary to suit your requirements.
Configuration parameters are defined in the One Identity Manager modules. Each One Identity Manager module can also install configuration parameters. You can find an overview of all configuration parameters in the category Base data | General | Configuration parameters in the Designer.
For more information, see Appendix: Configuration Parameters for Managing LDAP.
One Identity Manager has account definitions for automatically allocating user accounts to employees during working hours. You can create account definitions for every target system. If an employee does not have a user account in the target system, a new user account is created. This is done by assigning account definitions to an employee using the integrated inheritance mechanism followed by process handling.
provides you with support for creating complex password policies, for example, for system user passwords, the employees' central password as well as passwords for individual target systems. Password polices apply not only when the user enters a password but also when random passwords are generated.
Predefined password policies are supplied with the default installation that you can user or customize if required. You can also define your own password policies.
You have the different options for issuing an initial password for user accounts. The central password of the assigned employee can be aligned with the user account password, a predefined, fixed password can be used or a randomly generated initial password can be issued.
For more information, see Initial Password for New LDAP User Accounts.
When a new user account is created, the login data are send to a specified recipient. In this case, two messages are sent with the user name and the initial password. Mail templates are used to generate the messages.
For more information, see Email Notifications about Login Data.
Target system types are required for configuring target system comparisons. Tables containing outstanding objects are maintained on target system types.
For more information, see Post-Processing Outstanding Objects.
A default application role exists for the target system manager in the One Identity Manager. Assign this application to employees who are authorized to edit the
Define other application roles, if you want to limit target system managers' access permissions to individual
One Identity Manager has account definitions for automatically allocating user accounts to employees during working hours. You can create account definitions for every target system. If an employee does not have a user account in the target system, a new user account is created. This is done by assigning account definitions to an employee using the integrated inheritance mechanism followed by process handling.
The data for the user accounts in the respective target system comes from the basic employee data. The assignment of the IT operating data to the employee’s user account is controlled through the primary assignment of the employee to a location, a department, a cost center, or a business role (template processing). Processing is done through templates. There are predefined templates for determining the data required for user accounts included in the default installation. You can customize templates as required.
For more details about the basics, see the One Identity Manager Target SystemAn instance of a target system in which the employees managed by One Identity Manager have access to network resources. Example: An Active Directory domain X for target system type "Active Directory", a directory Y for target system type "LDAP", a client Z for target system type "SAP R/3". Base Module Administration Guide.
The following steps are necessary to implement an account definition:
© 2023 One Identity LLC. ALL RIGHTS RESERVED. Feedback Terms of Use Privacy