To configure synchronization with a target system, One Identity Manager must load the data from the target system. One Identity Manager communicates directly with target system to do this. because of the firewall configuration, for example, you can set up a remote connection. Prerequisite for this is that the RemoteConnectPlugin is installed on the Job server.
The plugin requires the following parameters:
||ADSGroup||Method with which incoming queries can be authenticated.
Permitted values: ADGroup
|Permitted AD group
||Distinguished name or object SID of the Active Directory group whose members are permitted to use a remote connection. This parameter is only required for the authentication methods "ADGroup".|
||2880||Port for reaching the server.|
|NOTE: Authentication of a remote connection can only be done through an Active Directory group.|
In this module, you provide the data for files with a private key. Use this parameter if you work with several private keys, for example, if One Identity Manager Service data must be exchanged between two encrypted One Identity Manager databases. If no key is entered, the private key file from the JobServiceDestination parameter "File with private key (PrivateKey)" is used.
To enter a file with a private key
One Identity Manager uses so called 'processes' for mapping business processes. A process consists of process steps, which represent processing tasks and are joined by predecessor/successor relations. This functionality allows flexibility when linking up actions and sequences on object events.
So-called process tasks are used to perform single elementary tasks at system level, for example, adding a directory. A process component consists of one or more process tasks and its parameters. Process components are defined in the tables Jobcomponent, Jobtask and Jobparameter along with their process tasks and parameters. Predefined configurations are maintained by the schema installation and cannot be edited apart from a few properties.
Processes are modeled using process templates. A process generator (Jobgenerator) is responsible for converting script templates in processes and process steps into a concrete process in the ’Job queue’.
One Identity Manager Service, a service running on the target system, collects the process steps from the Job queue. The process steps are executed by process components in the target system. The One Identity Manager Service also creates an instance of the required process component and passes the parameters to the process step. Decision logic monitors the execution of the process steps and determines how processing should continue depending on the results of the executed process components. The One Identity Manager Service enables parallel processing of process steps because it can create several instances of process components. The One Identity Manager Service is the only One Identity Manager component authorized to make changes in the target system.
The following illustration shows a chain of process steps with which you can add an employee, set up an Active Directory user account for him or her and finally add a mailbox.
You can reproduce this sequence in a process. However, you can also define entry points for other processes. The result of entering at point "process 1" is the addition of an employee with an Active Directory account with a mailbox. Joining at entry point "process 2" only results in the addition of an Active Directory user account with a mailbox.
Figure 45: Creating a Single Process by Linking Process Steps
The Process Editor is the program that you use to define and edit processes. The editor is started from the program "Designer" and opens in the document view. Only additional Process Editor functions are described in the following.