Objects, which do not exist in the target system, can be marked as outstanding in One Identity Manager by synchronizing. This prevents objects being deleted because of an incorrect data situation or an incorrect synchronization configuration.
Objects marked as outstanding:
Start target system synchronization to do this.
To post-process outstanding objects
All tables assigned to the target system type Microsoft Exchange as synchronization tables are displayed in the navigation view.
This opens the target system synchronization form. All objects are shown here that are marked as outstanding.
|
TIP: To display object properties of an outstanding object
|
Icon |
Method |
Description |
---|---|---|
|
Delete |
The object is immediately deleted in the One Identity Manager. Deferred deletion is not taken into account. The "outstanding" label is removed from the object. Indirect memberships cannot be deleted. |
|
Publish |
The object is added in the target system. The "outstanding" label is removed from the object. The method triggers the event "HandleOutstanding". This runs a target system specific process that triggers the provisioning process for the object. Prerequisites:
|
|
Reset |
The "outstanding" label is removed from the object. |
|
NOTE: By default, the selected objects are processed in parallel, which speeds up execution of the selected method. If an error occurs during processing, the action is stopped and all changes are discarded. Bulk processing of objects must be disabled if errors are to be localized, which means the objects are processed sequentially. Failed objects are named in the error message. All changes that were made up until the error occurred are saved. To disable bulk processing
|
You must customize synchronization to synchronize custom tables.
To add
|
NOTE: The target system connector must have write access to the target system in order to publish outstanding objects that are being post-processed. That means, the option Connection is read only must no be set for the target system connection. |
Memberships, for example, user accounts in
If a membership in One Identity Manager changes, the complete list of members is transferred to the target system by default. Memberships, previously added to the target system are removed by this; previously deleted memberships are added again.
To prevent this, provisioning can be configured such that only the modified membership is provisioned in the target system. The corresponding behavior is configured separately for each assignment table.
To allow separate provisioning of memberships
For each assignment table labeled like this, the changes made in the One Identity Manager are saved in a separate table. During modification provisioning, the members list in the target system is compared to the entries in this table. This means that only modified memberships are provisioned and the members list does not get entirely overwritten.
|
NOTE: The complete members list is updated by synchronization. During this process, objects with changes but incomplete provisioning are not handled. These objects are logged in the synchronization log. |
For more detailed information about provisioning memberships, see the One Identity Manager Target SystemAn instance of a target system in which the employees managed by One Identity Manager have access to network resources. Example: An Active Directory domain X for target system type "Active Directory", a directory Y for target system type "LDAP", a client Z for target system type "SAP R/3". Synchronization
The process of comparing data between One Identity Manager and a target system. Objects and their properties are compared by fixed rules. Synchronization results in the identical data situation in the target system and One Identity Manager database. Reference Guide.
You can generate a report for analyzing problems which occur during synchronization, for example, insufficient performance. The report contains information such as:
To generate a synchronization analysis report
Open the synchronization project in the Synchronization EditorOne Identity Manager tool for configuring target system synchronization..
The report may take a few minutes to generate. It is displayed in a separate window.
Regular synchronization cannot be started until the synchronization project and the schedule are active.
To prevent regular synchronization
Now you can only start synchronization manually.
An activated synchronization project can only be edited to a limited extend. The schema in the synchronization project must be updated if schema modifications are required. The synchronization project is deactivated in this case and can be edited again.
Furthermore, the synchronization project must be deactivated if synchronization should not be started by any means (not even manually).
To deactivate the loaded synchronization project
© 2021 One Identity LLC. ALL RIGHTS RESERVED. Feedback Terms of Use Privacy