Chat now with support
Chat with Support

Identity Manager 8.0 - Native Database Connector User Guide for the generic ADO.NET Provider

Creating a Synchronization Project

Creating a Synchronization Project

A synchronization project collects all the information required for synchronizing the One Identity Manager database with a target system. Connection data for target systems, schema types and properties, mapping and synchronization workflows all belong to this.

Make the following information available for setting up a synchronization project for synchronizing with the native database connector.

Table 7: Information Required for Setting up a Synchronization Project
Data Explanation

Synchronization serverClosed

All One Identity Manager Service actions are executed against the target system environment on the synchronization server. Entries which are necessary for synchronization and administration with the One Identity Manager database are processed by the synchronization server.

Installed components:

  • One Identity Manager Service (started)

The synchronization server must be declared as a Job server in One Identity Manager. The Job server name is required.

For more information, see Setting Up the Synchronization Server.

Remote connection serverClosed

To configure synchronization with a target system, One Identity Manager must load the data from the target system. One Identity Manager communicates directly with target system to do this. If you do not have direct access on the workstation on which the SynchronizationClosed Editor is installed, because of the firewall configuration, for example, you can set up a remote connection.

The remote connection server and the workstation must be in the same Active Directory domain.

Remote connection server configuration:

  • One Identity Manager Service is started
  • RemoteConnectPlugin is installed

The remote connection server must be declared as a Job server in One Identity Manager. The Job server name is required.

TIP: The remote connection server requires the same configuration (with respect to the installed software) as the synchronization server. Use the synchronization as remote connection server at the same time, by simply installing the RemoteConnectPlugin as well.

For more detailed information about setting up a remote connection, see the One Identity Manager Target System Synchronization Reference Guide.

Synchronization workflowClosed Set the option Data import in the synchronization step if synchronization data is imported from a secondary system. You cannot select the processing method "MarkAsOutstanding" for these synchronization steps.

For more detailed information about synchronizing user data with different systems, see the One Identity Manager Target System Synchronization Reference Guide.

Base objectClosed

You cannot normally specify a base object for synchronizing with database connectors. In this case, assignment of one base table and the synchronization server is sufficient.

  • Select the Base table from the menu in which to load the objects. The base table can be used to defined downstream processes for synchronization. For more information about downstream processes, see the One Identity Manager Target System Synchronization Reference Guide.
  • All Job servers, which have the server function "native connector" enabled are displayed in the Synchronization servers menu.
Variable setClosed If you implement specialized variable sets, ensure that the start up configuration and the base object use the same variable set.

To configure synchronization with the native database connector

  1. Create a new synchronization project.
  1. Add mappings. Define property mapping rules and object matching rules.
  2. Create synchronization workflows.
  3. Create a start up configuration.
  4. Define the synchronization scope.
  5. Specify the base object of the synchronization.
  6. Specify the extent of the synchronization log.
  7. Run a consistency check.
  8. Activate the synchronization project.
  9. Save the new synchronization project in the database.
Detailed information about this topic

How to Set up a Synchronization Project

How to Set up a Synchronization Project

There is an wizard to assist you with setting up a synchronization project. This wizard takes you all the steps you need to set up initial synchronization with a target system. Click Next once you have entered all the data for a step.

NOTE: The following sequence describes how you configure a synchronization project if the Synchronization EditorClosed is both:
  • In default mode
  • Started from the launchpad

Additional settings can be made if the project wizard is run in expert mode or is started directly from the SynchronizationClosed Editor. Follow the project wizard instructions through these steps.

To set up a synchronization project

  1. Start the Launchpad and log on to the One Identity Manager database.

    NOTE: If synchronization is executed by an application server, connect the database through the application server.
  1. Select Native Database Connector. Click Run.

    This starts the Synchronization Editor's project wizard.

  1. Specify how the One Identity Manager can access the target system on the System access page.
    • If you have access from the workstation from which you started the Synchronization Editor, do not set anything.
    • If you do not have access from the workstation from which you started the Synchronization Editor, you can set up a remote connection.

      In this case, set the option Connect using remote connection server and select, under Job serverClosed, the server you want to use for the connection.

  • Click Next to start the system connection wizard to create a connection to an external database.
  1. Click Next on the start page of system connection wizard.
  2. Select the database system to which you want to connect on the Select database system page.
    • Select ADO.NET generic.
  3. Configure the system connection.

    For more information, see Connecting a System using a Generic ADO.NET Provider.

  4. You can save the current configuration as a template on the Save configuration page. When you reconnect to a database system of the same type, you can use this configuration as a template.
    • Click and enter the name and repository of the configuration file.
  5. You can save the connection data on the last page of the system connection wizard.
    • Set the option Save connection locally to save the connection data. This can be reused when you set up other synchronization projects.
    • Click Finish, to end the system connection wizard and return to the project wizard.
  1. Verify the One Identity Manager database connection data on the One Identity Manager connection page. The data is loaded from the connected database. Reenter the password.

    NOTE: Reenter all the connection data if you are not working with an encrypted One Identity Manager database and no synchronization project has been saved yet in the database. This page is not shown if a synchronization project already exists.
  2. The wizard loads the target system schema. This may take a few minutes depending on the type of target system access and the size of the target system.
  1. Select a project template on the Select project template page to use for setting up the synchronization configuration.

    NOTE: The native database connection does not provide a default project template for setting up synchronization. If you have created your own project template, you can select it to configure the synchronization project. Otherwise, select Create blank project.
  1. Enter the general setting for the synchronization project on the General page.
    Table 8: General Synchronization Project Properties
    Property Description
    Display name Display name for the synchronization project.
    Script language Language in which the scripts for this synchronization project are written.

    Scripts are implemented at various points in the synchronization configuration. Specify the script language when you set up an empty project.

    Important: The script language cannot be changed after the synchronization project has been saved.

    If you use a project template, the template's script language is used.

    Description Spare text box for additional explanation.
  1. Click Finish to complete the project wizard.
  2. Save the synchronization project in the database.

Connecting a System using a Generic ADO.NET Provider

Connecting a System using a Generic ADO.NET Provider

Once One Identity Manager has connected to an external database using a generic ADO.NET provider, it adds a local SQLite database. One Identity Manager executes all the data operations against this database before finally writing the changes to the target database. The local database is deleted when it is no longer connected to the external database.

Table 9: Information Required for Connecting the System
Data Explanation
Provider and connection data Provider and connection parameters required for connecting to the database.

To configure the connection to an external database

  1. Enter the connection parameters on the Database connection page.
    Table 10: Connection Parameters to External Database
    Property Description
    Provider Provider for connecting to the external database.
    • Select an installed provider from the menu.

      - OR -

    • If the required provider is not shown, load another database provider. Click and select the required file.
    • To delete the selection, click .
    Connection data Connection data required for connecting to the database.
    • To enter the connection parameter, click [...].
    • To test the connection, click Test.
    • To mask the connection data, click .
  1. Enter a display name and a unique identifier for the database connection on the Describe the database page.
    Table 11: Naming the Database
    Property Database display name
    Database display name Database display name used in the One Identity Manager tools.
    System identifier Unique identifier for the database.

    IMPORTANT: The system identifier must describe the database uniquely. These identifiers help to differentiate between the databases. To prevent incorrect behavior and loss of data ensure that the system identifiers are unique within the One Identity Manager environment.

    • Identifiers may not be defined more than once.
    • Identifiers may not be changed after the connection has been saved.
  2. Select the time zone for the time zone data in the database on the page, Time zone selection. The time zone is required to convert the time saved in the database into the local time. The local time is displayed in the One Identity Manager tools.
  3. You can enter a file on the Load configuration page from which the connection configuration can be loaded. This data is used in subsequent steps in the connection wizard and can be modified there.
  1. Define the views of database data you require on the Define views page. This way, you specify, which data to load from the external database.

    The views defined here are added in the local SQLite database. The data is read from the external database corresponding to the queries and saved in the local database. Only these views are used for configuring synchronization and for synchronization itself.

    Table 12: Defining Database Views
    Property Description
    Existing View Selecting a view to edit.
    • Click to create a new view.
    • To edit an existing view, select it in the menu.
    • Click to delete an existing rule.
    Definition View definition. Enter a unique name for the view and query in the database system's syntax.
  2. On the page, Select partial schemas, you can reduce the database schema by selecting partial schemas. If the database contains several schema, specify here, which schemas are loaded into the synchronization project.
    • Enable all the schemas to process in the Partial schemas / owner list.

    NOTE: This page is only shown for database systems that allow more than one schema.

  1. The database schema is loaded on the SchemaClosed detection page during which One Identity Manager tries to identify a known schema.

    If the schema is loaded successfully, the next step in the sequence can be carried out. A message informs you whether the schema was identified.

  1. On the Extend key information page, specify columns for each table to be used as unique keys for identifying objects.

    NOTE: Tables without unique keys are not used in the synchronization configuration.

    Table 13: Defining Unique Keys
    Property Description
    Hide unconfigured tables Specifies whether table are hidden if no settings have been changed.
    Schema Tables without a unique key.
    Column is key Specifies whether the column contains a unique key.
    Column group Button for editing column groups. Create a column group, if a unique key can only be made of a combination of more than one column.
    • To create a column group, click Add...
    • To edit or remove an existing column group, click Edit or remove...
    Table 14: Column Group Properties
    Property Description
    Key name Column group identifier. Permitted characters are letters and underscore. A virtual column is formed from the column group with the name "vrtColumnGroup<column group>".
    Columns Columns included in the column group. Mark all the column, which together make up the unique key.
  1. You can enter information about object relations in the Define data relations page.
    Table 15: Defining Column Relations
    Property Description
    Hide unconfigured tables Specifies whether table are hidden if no settings have been changed.
    Schema Database schema tables.
    Target(s) Columns pointed to by the reference. Enter table and column names in the following syntax: [<schema>].<table name>.<column name>. If a reference points to several column, enter the targets in a comma delimited list. The target columns must be labeled as key columns.

    TIP: You can enter the column name of a reference column with the context menu item Copy fully qualified column names and enter the target.

    Referential integrity enabled Specifies whether referential integrity of the target table data is ensured.
  2. You can enter additional schema information on the Complete schema page.
    Table 16: Additional Schema Information
    Property Description
    Hide unconfigured tables Specifies whether table are hidden if no settings have been changed.
    Schema Tables and columns in the database.
    Display value Columns used in the display pattern.
    • To use a display pattern, click Add.
    Preferred key Specifies whether the column is primarily used for object identification. A preferred key can defined, if a table has more than one unique key. Only columns with the data type "String" can be selected.
    Contains sensitive data Specifies whether the column contains sensitive data.
    RevisionClosed counter Specifies whether columns have a revision counter. The data in this column form the comparison value for revision filtering.
    Hierarchy sort criterion Specifies whether the column maps the path in an object hierarchy. SynchronizationClosed objects are sorted by this order. This make it possible to resolve object dependencies. Only one column per table can be used as a sort criterion.
    ScopeClosed reference Specifies whether the column can be used for setting the reference scope.
    Table 17: Table Properties
    Property Description
    Display pattern Pattern for displaying objects in the Synchronization EditorClosed. The display pattern is, for example, used in error messages or test result from object matching rules. The display pattern is, for example, used in error messages or in the test results from object matching rules. Enter a display table for each display pattern.
    • To use a column in a display pattern, select a column and click Add.
  1. On the Commit data changes page, define whether data changes from the One Identity Manager database are transferred to the external database

    WARNING: Well-founded programming knowledge is required for setting up committing of data. Errors at this stage can lead to loss of data.

    • Set Commit data changes to the target database to transfer the data.
  2. Specify how to commit the modifications on the Commit data modifications page. Define the operations to execute and the sequence of data transfer.

    To define a data operation

    1. Select a strategy.
    2. Select the tab Processing and add the processing step.
    3. Mark a step.
    4. Select the tab Script code and write a script to commit the data.
    Table 18: Committing Data Modifications
    Property Description
    Strategy Strategy used to set up and commit the data. Select the strategy you want use to define how to commit the data.
    Table 19: Strategy for Committing Data
    Strategy Description
    Several processing steps Strategy using more than one processing step to commit data.
    • To delete a configuration, click .
    Processing Processing steps to execute on committing.
    • To add a new step, click .
    • To delete a step, click .
    • To change the step sequence, click or .
    Table 20: Defining Processing Steps
    Property Description
    Steps Sequence in which the objects to process are committed.
    View View to which to apply the processing step.
    Maximum count loops Specifies how often the processing step is executed to resolves all references.
    Script code Script to execute in the selected step.

    You can use custom code snippets in the script. The snippets must contain a keyword element with the keyword "ADOCommit". For more detailed information about support for writing scripts, see the One Identity Manager Target SystemClosed Synchronization Reference Guide.

Related Topics

Updating Schemas

Updating Schemas

All the schema data (schema types and schema properties) of the target system schema and the One Identity Manager schema are available when you are editing a synchronization project. Only a part of this data is really needed for configuring synchronization. If a synchronization project is finished, the schema is compressed to remove unnecessary data from the synchronization project. This can speed up loading the synchronization project. Deleted schema data can be added to the synchronization configuration again at a later point.

If the target system schema or the One Identity Manager schema has changed, these changes must also be added to the synchronization configuration. Then the changes can be added to the schema property mapping.

To include schema data that have been deleted through compressing and schema modifications in the synchronization project, update each schema in the synchronization project. This may be necessary if:

  • A schema was changed by:
    • Changes to a target system schema
    • Customizations to the One Identity Manager schema
    • A One Identity Manager update migration
  • A schema in the synchronization project was shrunk by:
    • Activating the synchronization project
    • Synchronization projectClosed initial save
    • Compressing a schema

To update a system connection schema

  1. Select the category Configuration | Target system.

    - OR -

    Select the category

    Configuration | One Identity Manager connection.

  2. Select the view General and click Update schema.
  3. Confirm the security prompt with Yes.

    This reloads the schema data.

To edit a mapping

  1. Select the category Mappings.
  2. Select a mapping in the navigation view.

    Opens the MappingClosed Editor. For more detailed information about editing mappings, see One Identity Manager Target SystemClosed SynchronizationClosed Reference Guide.

NOTE: The synchronization is deactivated if the schema of an activated synchronization project is updated. Reactivate the synchronization project to synchronize.
Related Documents