Chat now with support
Chat with Support

Identity Manager 8.0 - One Identity Manager Connector User Guide

Configuring Memberships Provisioning

Configuring Memberships Provisioning

Memberships, for example, user accounts in groups, are saved in assignment tables in the One Identity Manager database. During provisioning of modified memberships, changes made in the target system will probably be overwritten. This behavior can occur under the following conditions:

  • Memberships are saved in the target system as an object property in list form (Example: List of user accounts in the property Members of an Active Directory group).
  • Memberships can be modified in either of the connected systems.
  • A provisioning workflow and provisioning processes are set up.

If a membership in One Identity Manager changes, the complete list of members is transferred to the target system by default. Memberships, previously added to the target system are removed by this; previously deleted memberships are added again.

To prevent this, provisioning can be configured such that only the modified membership is provisioned in the target system. The corresponding behavior is configured separately for each assignment table.

To allow separate provisioning of memberships

  1. Start the Manager.
  2. Select the category Data SynchronizationClosed | Basic configuration data | Target system types.
  3. Select Configure tables for publishing.
  4. Select the assignment tables for which you want to allow separate provisioning. Multi-select is possible.
    • The option can only be set for assignment tables whose base table has a column XDateSubItem.
    • Assignment tables, which are grouped together in a virtual schema property in the mapping, must be labeled identically (For example ADSAccountInADSGroup, ADSGroupInADSGroup and ADSMachineInADSGroup).
  5. Click Enable merging.
  6. Save the changes.

For each assignment table labeled like this, the changes made in the One Identity Manager are saved in a separate table. During modification provisioning, the members list in the target system is compared to the entries in this table. This means that only modified memberships are provisioned and the members list does not get entirely overwritten.

NOTE: The complete members list is updated by synchronization. During this process, objects with changes but incomplete provisioning are not handled. These objects are logged in the synchronization log.

For more detailed information about provisioning memberships, see the One Identity Manager Target SystemClosed Synchronization Reference Guide.

Error Handling

Troubleshooting

For detailed information about correcting errors during synchronization of object hierarchies, see the One Identity Manager Target SystemClosed SynchronizationClosed Reference Guide.

Help for Analyzing Synchronization Issues

Help for Analyzing Synchronization Issues

You can generate a report for analyzing problems which occur during synchronization, for example, insufficient performance. The report contains information such as:

  • Consistency check results
  • Revision filterClosed settings
  • ScopeClosed applied
  • Analysis of the synchronization buffer
  • Object access times in the One Identity Manager database and in the target system

To generate a synchronization analysis report

  1. Open the synchronization project in the Synchronization EditorClosed.

  2. Select the menu Help | Generate synchronization analysis report and answer the security prompt with Yes.

    The report may take a few minutes to generate. It is displayed in a separate window.

  3. Print the report or save it in one of the available output formats.
Related Documents