Creating a Synchronization Project

Creating a Synchronization Project

A synchronization project collects all the information required for synchronizing the One Identity Manager database with a target system. Connection data for target systems, schema types and properties, mapping and synchronization workflows all belong to this.

Make the following information available for setting up a synchronization project for synchronizing with the native database connector.

Table 7: Information Required for Setting up a Synchronization Project

Data	Explanation
Synchronization serverJob serverServer with the One Identity Manager Service installed. installed with the target system connector. All One Identity Manager actions are executed against the target system environment on the synchronization server.	All One Identity Manager Service actions are executed against the target system environment on the synchronization server. Entries which are necessary for synchronization and administration with the One Identity Manager database are processed by the synchronization server. Installed components: One Identity Manager Service (started) The synchronization server must be declared as a Job server in One Identity Manager. The Job server name is required. For more information, see Setting Up the Synchronization Server.
Remote connection serverJob server installed with the RemoteConnectPlugin and the target system connector is installed. If direct access to the target system is not possible, a remote connection can be set up. Communication between the Synchronization EditorOne Identity Manager tool for configuring target system synchronization. and Target SystemAn instance of a target system in which the employees managed by One Identity Manager have access to network resources. Example: An Active Directory domain X for target system type "Active Directory", a directory Y for target system type "LDAP", a client Z for target system type "SAP R/3". is done through a remote connection server.	To configure synchronization with a target system, One Identity Manager must load the data from the target system. One Identity Manager communicates directly with target system to do this. If you do not have direct access on the workstation on which the SynchronizationThe process of comparing data between One Identity Manager and a target system. Objects and their properties are compared by fixed rules. Synchronization results in the identical data situation in the target system and One Identity Manager database. Editor is installed, because of the firewall configuration, for example, you can set up a remote connection. The remote connection server and the workstation must be in the same Active Directory domain. Remote connection server configuration: One Identity Manager Service is started RemoteConnectPlugin is installed The remote connection server must be declared as a Job server in One Identity Manager. The Job server name is required. TIP: The remote connection server requires the same configuration (with respect to the installed software) as the synchronization server. Use the synchronization as remote connection server at the same time, by simply installing the RemoteConnectPlugin as well. For more detailed information about setting up a remote connection, see the One Identity Manager Target System Synchronization Reference Guide.
Synchronization workflowsee WorkflowCollection of all the synchronization steps to be executed.	Set the option Data import in the synchronization step if synchronization data is imported from a secondary system. You cannot select the processing method "MarkAsOutstanding" for these synchronization steps. For more detailed information about synchronizing user data with different systems, see the One Identity Manager Target System Synchronization Reference Guide.
Base objectBase objects contain data about the target system to be synchronized, its system connection and the synchronization server.	You cannot normally specify a base object for synchronizing with database connectors. In this case, assignment of one base table and the synchronization server is sufficient. Select the Base table from the menu in which to load the objects. The base table can be used to defined downstream processes for synchronization. For more information about downstream processes, see the One Identity Manager Target System Synchronization Reference Guide. All Job servers, which have the server function "native connector" enabled are displayed in the Synchronization servers menu.
Variable setUsed to configure synchronization configuration for different systems. Each variable set contains at least the variables for the system connection parameter. The value of the variables are redefined for different uses.	If you implement specialized variable sets, ensure that the start up configuration and the base object use the same variable set.

To configure synchronization with the native database connector

1. Create a new synchronization project.

2. Add mappings. Define property mapping rules and object matching rules.
3. Create synchronization workflows.
4. Create a start up configuration.
5. Define the synchronization scope.
6. Specify the base object of the synchronization.
7. Specify the extent of the synchronization log.
8. Run a consistency check.
9. Activate the synchronization project.
10. Save the new synchronization project in the database.

Detailed information about this topic

• How to Set up a Synchronization Project

How to Set up a Synchronization Project

How to Set up a Synchronization Project

There is an wizard to assist you with setting up a synchronization project. This wizard takes you all the steps you need to set up initial synchronization with a target system. Click Next once you have entered all the data for a step.

NOTE: The following sequence describes how you configure a synchronization project if the Synchronization EditorOne Identity Manager tool for configuring target system synchronization. is both: In default mode Started from the launchpad Additional settings can be made if the project wizard is run in expert mode or is started directly from the SynchronizationThe process of comparing data between One Identity Manager and a target system. Objects and their properties are compared by fixed rules. Synchronization results in the identical data situation in the target system and One Identity Manager database. Editor. Follow the project wizard instructions through these steps.

To set up a synchronization project

1. Start the Launchpad and log on to the One Identity Manager database.

   NOTE: If synchronization is executed by an application server, connect the database through the application server.

2. Select Native Database Connector. Click Run.

   This starts the Synchronization Editor's project wizard.

3. Specify how the One Identity Manager can access the target system on the System access page.
   • If you have access from the workstation from which you started the Synchronization Editor, do not set anything.
   • If you do not have access from the workstation from which you started the Synchronization Editor, you can set up a remote connection.

     In this case, set the option Connect using remote connection server and select, under Job serverServer with the One Identity Manager Service installed., the server you want to use for the connection.

4. Click Next on the start page of system connection wizard.
5. Select the database system to which you want to connect on the Select database system page.
   • Select SQL Server.
6. Configure the system connection.

   For more information, see Connecting a System to an SQL Server Database.

7. You can save the current configuration as a template on the Save configuration page. When you reconnect to a database system of the same type, you can use this configuration as a template.
   • Click and enter the name and repository of the configuration file.
8. You can save the connection data on the last page of the system connection wizard.
   • Set the option Save connection locally to save the connection data. This can be reused when you set up other synchronization projects.
   • Click Finish, to end the system connection wizard and return to the project wizard.

9. Verify the One Identity Manager database connection data on the One Identity Manager connection page. The data is loaded from the connected database. Reenter the password.

   NOTE: Reenter all the connection data if you are not working with an encrypted One Identity Manager database and no synchronization project has been saved yet in the database. This page is not shown if a synchronization project already exists.

10. The wizard loads the target system schema. This may take a few minutes depending on the type of target system access and the size of the target system.

11. Select a project template on the Select project template page to use for setting up the synchronization configuration.

    NOTE: The native database connection does not provide a default project template for setting up synchronization. If you have created your own project template, you can select it to configure the synchronization project. Otherwise, select Create blank project.

12. Enter the general setting for the synchronization project on the General page.

    Table 8: General Synchronization Project Properties

    Property	Description
    Display name	Display name for the synchronization project.
    Script language	Language in which the scripts for this synchronization project are written. Scripts are implemented at various points in the synchronization configuration. Specify the script language when you set up an empty project. Important: The script language cannot be changed after the synchronization project has been saved. If you use a project template, the template's script language is used.
    Description	Spare text box for additional explanation.

13. Click Finish to complete the project wizard.
14. Save the synchronization project in the database.

Connecting a System to an SQL Server Database

Connecting a System to an SQL Server Database

To configure the connection to an SQL Server database

1. Enter the connection parameters on the Database connection page. Enter all the parameters required by the database connector to create a connection with the selected database system.
   • To enter additional system specific information about the system connection, click Advanced.

   The database system connection is tested the moment you click Next.

2. Enter a display name and a unique identifier for the database connection on the Describe the database page.

   Table 10: Naming the Database

   Property	Database display name
   Database display name	Database display name used in the One Identity Manager tools.
   System identifier	Unique identifier for the database. IMPORTANT: The system identifier must describe the database uniquely. These identifiers help to differentiate between the databases. To prevent incorrect behavior and loss of data ensure that the system identifiers are unique within the One Identity Manager environment. Identifiers may not be defined more than once. Identifiers may not be changed after the connection has been saved.

3. Select the time zone for the time zone data in the database on the page, Time zone selection. The time zone is required to convert the time saved in the database into the local time. The local time is displayed in the One Identity Manager tools.
4. You can enter a file on the Load configuration page from which the connection configuration can be loaded. This data is used in subsequent steps in the connection wizard and can be modified there.

5. On the page, Select partial schemas, you can reduce the database schema by selecting partial schemas. If the database contains several schema, specify here, which schemas are loaded into the synchronization project.
   • Enable all the schemas to process in the Partial schemas / owner list.

6. The database schema is loaded on the SchemaData model of a connected system. The schema describes all the master data from the connected system. see target system schema; see One Identity Manager schema; see connector schema; see extended schema detection page during which One Identity Manager tries to identify a known schema.

   If the schema is loaded successfully, the next step in the sequence can be carried out. A message informs you whether the schema was identified.

7. On the Extend key information page, specify columns for each table to be used as unique keys for identifying objects.

   NOTE: This page is only displayed if the schema of the external database there are tables with no identifiable unique keys. Tables without unique keys are not used in the synchronization configuration.

   Table 11: Defining Unique Keys

   Property	Description
   Hide unconfigured tables	Specifies whether table are hidden if no settings have been changed.
   Schema	Tables without a unique key.
   Column is key	Specifies whether the column contains a unique key.
   Column group	Button for editing column groups. Create a column group, if a unique key can only be made of a combination of more than one column. To create a column group, click Add... To edit or remove an existing column group, click Edit or remove...

   Table 12: Column Group Properties

   Property	Description
   Key name	Column group identifier. Permitted characters are letters and underscore. A virtual column is formed from the column group with the name "vrtColumnGroup<column group>".
   Columns	Columns included in the column group. Mark all the column, which together make up the unique key.

8. You can enter information about object relations in the Define data relations page.

   Table 13: Defining Column Relations

   Property	Description
   Hide unconfigured tables	Specifies whether table are hidden if no settings have been changed.
   Schema	Database schema tables.
   Target(s)	Columns pointed to by the reference. Enter table and column names in the following syntax: [<schema>].<table name>.<column name>. If a reference points to several column, enter the targets in a comma delimited list. The target columns must be labeled as key columns. TIP: You can enter the column name of a reference column with the context menu item Copy fully qualified column names and enter the target.
   Referential integrity enabled	Specifies whether referential integrity of the target table data is ensured.

9. You can enter additional schema information on the Complete schema page.

   Table 14: Additional Schema Information

   Property	Description
   Hide unconfigured tables	Specifies whether table are hidden if no settings have been changed.
   Schema	Tables and columns in the database.
   Display value	Columns used in the display pattern. To use a display pattern, click Add.
   Preferred key	Specifies whether the column is primarily used for object identification. A preferred key can defined, if a table has more than one unique key. Only columns with the data type "String" can be selected.
   Contains sensitive data	Specifies whether the column contains sensitive data.
   RevisionHighest value for change data for all system objects to be synchronized when synchronization is run. This value is saved in the table "DPRRevisionStore", column "value". counter	Specifies whether columns have a revision counter. The data in this column form the comparison value for revision filtering.
   Hierarchy sort criterion	Specifies whether the column maps the path in an object hierarchy. SynchronizationThe process of comparing data between One Identity Manager and a target system. Objects and their properties are compared by fixed rules. Synchronization results in the identical data situation in the target system and One Identity Manager database. objects are sorted by this order. This make it possible to resolve object dependencies. Only one column per table can be used as a sort criterion.
   ScopeSection of a connected system which should be synchronized. The scope is defined with a filter. reference	Specifies whether the column can be used for setting the reference scope.

   Table 15: Table Properties

   Property

   Description

   Display pattern

   Pattern for displaying objects in the Synchronization EditorOne Identity Manager tool for configuring target system synchronization.. The display pattern is, for example, used in error messages or test result from object matching rules. The display pattern is, for example, used in error messages or in the test results from object matching rules. Enter a display table for each display pattern. To use a column in a display pattern, select a column and click Add.

10. You can specify special operations for changing data in the external database on the Define data operations page. This is only required, if the default operations INSERT, UPDATE and DELETE cannot be used in the external database system.

    WARNING: Well-founded programming knowledge is required for setting up data operations. Errors at this stage can lead to loss of data.

    To define a data operation

    1. Select a table and mark the operation you want to define.
    2. Select a strategy.
    3. Enter the data operation you want to run in Settings.

    Table 16: Defining Data Operations

    Property	Description
    Hide unconfigured tables	Specifies whether table are hidden if no settings have been changed.
    Table/Operation	Tables for which data operation are being defined.
    Strategy	Strategy for creating the data operation and executing it. A simple procedure can be called for a data operation or a script can be executed. Select the strategy you want use to define the data operation. Table 17: Strategies for Executing Data Operations Strategy Description Pattern based Simple procedure call, which executes the operation. Script based Script, which executes a complex data operation. You can use custom code snippets in the script. The snippets must contain a keyword element with the keyword "DML". For more detailed information about support for writing scripts, see the One Identity Manager Target SystemAn instance of a target system in which the employees managed by One Identity Manager have access to network resources. Example: An Active Directory domain X for target system type "Active Directory", a directory Y for target system type "LDAP", a client Z for target system type "SAP R/3". Synchronization Reference Guide. To delete a data operation, click .
    Options	Define the data operation to be executed when objects are inserted, updated or deleted. Enter the procedure call or create a script depending on the selected strategy. Example of pattern based data: exec CreateUser('%Uid%','%FirstName%','%LastName%') It has an advanced edit mode which provides additional actions. For more detailed information about support for creating scripts, see the One Identity Manager Target System Synchronization Reference Guide.

Related Topics

• How to Set up a Synchronization Project

Updating Schemas

Updating Schemas

All the schema data (schema types and schema properties) of the target system schema and the One Identity Manager schema are available when you are editing a synchronization project. Only a part of this data is really needed for configuring synchronization. If a synchronization project is finished, the schema is compressed to remove unnecessary data from the synchronization project. This can speed up loading the synchronization project. Deleted schema data can be added to the synchronization configuration again at a later point.

If the target system schema or the One Identity Manager schema has changed, these changes must also be added to the synchronization configuration. Then the changes can be added to the schema property mapping.

To include schema data that have been deleted through compressing and schema modifications in the synchronization project, update each schema in the synchronization project. This may be necessary if:

• A schema was changed by:
  • Changes to a target system schema
  • Customizations to the One Identity Manager schema
  • A One Identity Manager update migration
• A schema in the synchronization project was shrunk by:
  • Activating the synchronization project
  • Synchronization projectA collection of all data required for synchronizing and provisioning a target system. Connection data, schema classes and properties, mappings, and synchronization workflows all belongs to this. initial save
  • Compressing a schema

To update a system connection schema

1. Select the category Configuration | Target system.

   - OR -

   Select the category

   Configuration | One Identity Manager connection.

2. Select the view General and click Update schema.
3. Confirm the security prompt with Yes.

   This reloads the schema data.

To edit a mapping

1. Select the category Mappings.
2. Select a mapping in the navigation view.

   Opens the MappingList of object matching rules and property mapping rules which map the schema properties of two connected systems to one another. Editor. For more detailed information about editing mappings, see One Identity Manager Target SystemAn instance of a target system in which the employees managed by One Identity Manager have access to network resources. Example: An Active Directory domain X for target system type "Active Directory", a directory Y for target system type "LDAP", a client Z for target system type "SAP R/3". SynchronizationThe process of comparing data between One Identity Manager and a target system. Objects and their properties are compared by fixed rules. Synchronization results in the identical data situation in the target system and One Identity Manager database. Reference Guide.