Chat now with support
Chat with Support

Identity Manager 8.0 - Administration Guide for Connecting to the Universal Cloud Interface

Managing Universal Cloud Interface Environments Setting up Synchronization with a Cloud Application in the Universal Cloud Interface Base Data for Managing Universal Cloud Interface Cloud Target Systems Container Structures in a Cloud Target System Cloud User Accounts Cloud Groups Cloud Permissions Controls Provisioning Object Changes Reports about Objects in Cloud Target Systems Appendix: Configuration Parameters for Managing Cloud Target Systems Appendix: Default Project Template for Cloud Application in the Universal Cloud Interface

Updating Schemas

Updating Schemas

All the schema data (schema types and schema properties) of the target system schema and the One Identity Manager schema are available when you are editing a synchronization project. Only a part of this data is really needed for configuring synchronization. If a synchronization project is finished, the schema is compressed to remove unnecessary data from the synchronization project. This can speed up loading the synchronization project. Deleted schema data can be added to the synchronization configuration again at a later point.

If the target system schema or the One Identity Manager schema has changed, these changes must also be added to the synchronization configuration. Then the changes can be added to the schema property mapping.

To include schema data that have been deleted through compressing and schema modifications in the synchronization project, update each schema in the synchronization project. This may be necessary if:

  • A schema was changed by:
    • Changes to a target system schema
    • Customizations to the One Identity Manager schema
    • A One Identity Manager update migration
  • A schema in the synchronization project was shrunk by:
    • Activating the synchronization project
    • Synchronization projectClosed initial save
    • Compressing a schema

To update a system connection schema

  1. Open the synchronization project in the Synchronization EditorClosed.

  2. Select the category Configuration | Target system.

    - OR -

    Select the category

    Configuration | One Identity Manager connection.

  3. Select the view General and click Update schema.
  4. Confirm the security prompt with Yes.

    This reloads the schema data.

To edit a mapping

  1. Open the synchronization project in the SynchronizationClosed Editor.

  2. Select the category Mappings.
  3. Select a mapping in the navigation view.

    Opens the MappingClosed Editor. For more detailed information about editing mappings, see One Identity Manager Target SystemClosed Synchronization Reference Guide.

NOTE: The synchronization is deactivated if the schema of an activated synchronization project is updated. Reactivate the synchronization project to synchronize.

Speeding Up Synchronization with Revision Filtering

Speeding Up Synchronization with Revision Filtering

When you start synchronization, all synchronization objects are loaded. Some of these objects have not be modified since the last synchronization and, therefore, must not be processed. SynchronizationClosed is accelerated by only loading those object pairs that have changed since the last synchronization. One Identity Manager uses revision filtering to accelerate synchronization.

One Identity Manager supports revision filtering. The date of the last target system object change (column XDateUpdated) is used as revision counter. Each synchronization save its last execution date as revision in the the One Identity Manager database (table DPRRevisionStore, column Value). This value is used as a comparison for revision filtering when the same workflow is synchronized the next time. When this workflow is synchronized the next time, the target system objects' change date is compared with the revision saved in the One Identity Manager database. Only those objects that have been changed since this date are loaded from the target system.

The revision is found at start of synchronization. Objects changed after this point are included with the next synchronization.

RevisionClosed filtering can be applied to workflows and start up configuration.

To permit revision filtering on a workflow

  • Open the synchronization project in the Synchronization EditorClosed.

  • Edit the workflow properties. Select the entry Use revision filter from Revision filtering.

To permit revision filtering for a start up configuration

  • Open the synchronization project in the Synchronization Editor.

  • Edit the start up configuration properties. Select the entry Use revision filter from Revision filtering.

For more detailed information about revision filtering, see the One Identity Manager Target SystemClosed Synchronization Reference Guide.

Post-Processing Outstanding Objects

Post-Processing Outstanding Objects

Objects, which do not exist in the target system, can be marked as outstanding in One Identity Manager by synchronizing. This prevents objects being deleted because of an incorrect data situation or an incorrect synchronization configuration.

Objects marked as outstanding:

  • Cannot be edited in One Identity Manager.
  • Are ignored by subsequent synchronization.
  • Must be post-processed separately in One Identity Manager.

Start target system synchronization to do this.

To post-process outstanding objects

  1. Select the category Cloud target systems | Target system configuration: Universal Cloud Interface.

    All tables assigned to the target system type Universal Cloud Interface as synchronization tables are displayed in the navigation view.

  1. Select the table whose outstanding objects you want to edit in the navigation view.

    This opens the target system synchronization form. All objects are shown here that are marked as outstanding.

    TIP:

    To display object properties of an outstanding object

    1. Select the object on the target system synchronization form.
    2. Open the context menu and click Show object.
  1. Select the objects you want to rework. Multi-select is possible.
  2. Click one of the following icons in the form toolbar to execute the respective method.
    Table 12: Methods for handling outstanding objects

    Icon

    Method

    Description

    Delete

    The object is immediately deleted in the One Identity Manager. Deferred deletion is not taken into account. The "outstanding" label is removed from the object.

    Indirect memberships cannot be deleted.

    Publish

    The object is added in the target system. The "outstanding" label is removed from the object.

    The method triggers the event "HandleOutstanding". This runs a target system specific process that triggers the provisioning process for the object.

    Prerequisites:

    • The table containing the object can be published.
    • The target system connector has write access to the target system.

    Reset

    The "outstanding" label is removed from the object.

  3. Confirm the security prompt with Yes.

NOTE: By default, the selected objects are processed in parallel, which speeds up execution of the selected method. If an error occurs during processing, the action is stopped and all changes are discarded.

Bulk processing of objects must be disabled if errors are to be localized, which means the objects are processed sequentially. Failed objects are named in the error message. All changes that were made up until the error occurred are saved.

To disable bulk processing

  • Deactivate in the form toolbar.

NOTE: The target system connector must have write access to the target system in order to publish outstanding objects that are being post-processed. That means, the option Connection is read only must no be set for the target system connection.

The target system type determines, which tables are going to be synchronized. You cannot synchronize custom table in the Cloud Systems Management Module. This means you cannot configure target system configuration for custom tables.

To display the target system synchronization configuration

  1. Select the category Cloud Target Systems | Basic configuration data | Target system types.
  2. Select the target system type Universal Cloud Interface in the result list.
  3. Select Assign synchronization tables in the task view.

    All the tables that could be synchronized are enabled.

  4. Select Configure tables for publishing.

    The option Can be published is set for all table with outstanding objects in the target system.

Help for Analyzing Synchronization Issues

Help for Analyzing Synchronization Issues

You can generate a report for analyzing problems which occur during synchronization, for example, insufficient performance. The report contains information such as:

  • Consistency check results
  • Revision filterClosed settings
  • ScopeClosed applied
  • Analysis of the synchronization buffer
  • Object access times in the One Identity Manager database and in the target system

To generate a synchronization analysis report

  1. Open the synchronization project in the Synchronization EditorClosed.

  2. Select the menu Help | Generate synchronization analysis report and answer the security prompt with Yes.

    The report may take a few minutes to generate. It is displayed in a separate window.

  3. Print the report or save it in one of the available output formats.
Related Documents