Analyzing Synchronization

Analyzing Synchronization

SynchronizationThe process of comparing data between One Identity Manager and a target system. Objects and their properties are compared by fixed rules. Synchronization results in the identical data situation in the target system and One Identity Manager database. results are summarized in the synchronization log. You can specify the extent of the synchronization log for each system connection individually. One Identity Manager provides several reports in which the synchronization results are organized under different criteria.

To display a synchronization log

1. Select the category Logs.
2. Click in the navigation view toolbar.

   Logs for all completed synchronization runs are displayed in the navigation view.

3. Select a log by double-clicking on it.

   An analysis of the synchronization is shown as a report. You can save this report.

Synchronization logs are stored for a fixed length of time. The retention period is set in the configuration parameter "DPR\Journal\LifeTime" and its sub parameters.

To modify the retention period for synchronization logs

• Set the configuration parameter "Common\Journal\LifeTime" in the Designer and enter the maximum retention time for entries in the database journal. Use the configuration sub parameters to specify the retention period for each warning level.
• If there is a large amount of data, you can specify the number of objects to delete per DBQueue Processor operation and run in order to improve performance. Use the configuration parameters "Common\Journal\Delete\BulkCount" and "Common\Journal\Delete\TotalCount" to do this.
• Configure and set the schedule "Delete journal" in the Designer.

Post-Processing Outstanding Objects

Post-Processing Outstanding Objects

Objects, which do not exist in the target system, can be marked as outstanding in One Identity Manager by synchronizing. This prevents objects being deleted because of an incorrect data situation or an incorrect synchronization configuration.

Objects marked as outstanding:

• Cannot be edited in One Identity Manager.
• Are ignored by subsequent synchronization.
• Must be post-processed separately in One Identity Manager.

Start target system synchronization to do this.

To allow post-processing of outstanding objects

• Configure target system synchronization.

  For more information, see Configuring Target System Synchronization.

Related Topics

• How to Post-Process Outstanding Objects
• Users and Permissions for Synchronizing

Configuring Target System Synchronization

Configuring Target System Synchronization

Create a target system for post-processing outstanding objects. Assign tables you want to be populated by synchronization, to this target system type. Specify the tables for which outstanding objects can be published in the target system during post-processing. Define a process for publishing the objects.

To create a target system type

1. Start the Manager.
2. Select the category Data SynchronizationThe process of comparing data between One Identity Manager and a target system. Objects and their properties are compared by fixed rules. Synchronization results in the identical data situation in the target system and One Identity Manager database. | Basic configuration data | Target system types.

3. Click in the result list toolbar.

4. Edit the target system type master data.
5. Save the changes.

Enter the following data for a target system type.

Table 11: Master Data for a Target SystemAn instance of a target system in which the employees managed by One Identity Manager have access to network resources. Example: An Active Directory domain X for target system type "Active Directory", a directory Y for target system type "LDAP", a client Z for target system type "SAP R/3". Type

Property	Description
Target system typeGrouping similar target systems. Examples: Active Directory, LDAP, SharePoint.	Target system type description.
Description	Spare text box for additional explanation.
Display Name	Name of the target system type as displayed in One Identity Manager tools.
Cross boundary inheritance	Specifies whether user accounts can be assigned to groups if they belong to different custom target systems. NOTE: If this option is not set, the target system type is used to group the target systems.
Show in compliance rule wizard	Specifies whether the target system type for compliance rule wizard can be selected when rule conditions are being set up.
Text snippet	Text snippets used for linking text in the compliance rule wizard.

To add tables to the target system synchronization.

1. Select the category Data Synchronization | Basic configuration data | Target system types.
2. Select the target system type in the result list.
3. Select Assign synchronization tables in the task view.
4. Assign tables whose outstanding objects you want to handle in Add assignments.
5. Save the changes.
6. Select Configure tables for publishing.
7. Select tables whose outstanding objects can be published in the target system and set the option Publishable.
8. Save the changes.

To publish outstanding objects

• Create a process for each table with outstanding objects you want to publish. The process is triggered by the event "HandleOutstanding" and provisions the objects. Use the process function "AdHocProjection" of the process component "ProjectorComponent". For more detailed information about defining processes, see One Identity Manager Configuration Guide.

How to Post-Process Outstanding Objects

How to Post-Process Outstanding Objects

To post-process outstanding objects

1. Start the Manager.
2. Select the category Data synchronization | Target system synchronization: <target system type>.

   All tables assigned to the target system type are displayed in the navigation view.

3. Select the table whose outstanding objects you want to edit in the navigation view.

   All objects marked as outstanding are shown on the form.

   TIP: To display object properties of an outstanding object Select the object on the target system synchronization form. Open the context menu and click Show object.

4. Select the objects you want to rework. Multi-select is possible.
5. Click one of the following icons in the form toolbar to execute the respective method.

   Table 12: Methods for handling outstanding objects

   Icon	Method	Description
   	Delete	The object is immediately deleted in the One Identity Manager. Deferred deletion is not taken into account. The "outstanding" label is removed from the object. Indirect memberships cannot be deleted.
   	Publicize	The object is added in the target system. The "outstanding" label is removed from the object. The method triggers the event "HandleOutstanding". This runs a target system specific process that triggers the provisioning process for the object. Prerequisites: The table containing the object can be published. The target system connector has write access to the target system. A custom process is set up for provisioning the object.
   	Reset	The "outstanding" label is removed from the object.

6. Confirm the security prompt with Yes.

Related Topics

• Configuring Target System Synchronization
• Users and Permissions for Synchronizing