To create a property mapping rule
To create a property mapping rule by "drag and drop".
If the schema property data types do not match, the conflict wizard is started which helps you create the property mapping rules.
One Identity Manager helps you to set up new property mapping rules based on existing rules. Use the mapping wizard for this.
To create a property mapping rule with the mapping wizard
To edit a property mapping rule
To delete a property mapping rule
Enter the following details for a property mapping rule.
|Tip: To create a rule from a template, click .|
|Rule Types||Select the rule type for a new rule.
|Rule name||Name for the rule. The rule name must be unique within a mapping.
Click to change rule names. The rule name is used as key. Changes to the rule name may cause errors.
|Display name||Rule display name.|
|Mapping directionDirection of synchronization permitted for mapping schema properties.||Specify the permitted mapping direction for mapping selected schema properties.
|Ignore mapping direction restrictions on adding||If this option is set, the specified mapping direction is ignored when new objects are added. Property mapping rules not assigned a mapping direction are also ignore when new objects are added.
If this option is not set, the specify mapping direction is valid when new objects are added.
An Active Directory environment should be administrated through One Identity Manager. One Identity Manager is the master system for synchronizing both systems. The user account object GUIDs are, however, not mapped in One Identity Manager but in the Active Directory environment. The mapping direction "One Identity Manager" is set in object GUID. To prevent the object GUID of newly added user accounts from being written to the Active Directory environment, the option Ignore mapping direction restrictions on adding must not be set.
|Description||Spare text box for additional explanation.|
|Schema propertyProperty of a schema type. Refers to exactly one column of a table or view of the database based schema or exactly one object type property of the non-database based schema.||Select the schema properties to be mapped.|
|Do not overwrite||The schema property value is only changed by synchronization if the schema property does not contain a value.|
|MappingList of object matching rules and property mapping rules which map the schema properties of two connected systems to one another. condition||Condition under which the property mapping rule is used.
Click Create condition to create the condition with the wizard. For more information, see Wizard for Entering Filters.
Example: Left.CanonicalName = 'Managed Service Accounts'
The property mapping rule is applied to all objects assigned to the container "Managed Service Accounts" in One Identity Manager.
|Force mapping against direction of synchronization||If this option is set, the property mapping rule can also be applied if the synchronization mapping is in the opposite direction. For more information, see Mapping against the Direction of Synchronization.
"Target system" or "One Identity Manager" must be set as mapping direction. The property mapping rule may not be executed in both directions.
The option can only be set if Detect rogue modifications is not set.
|Detecting rogue modifications||If this option is set, rogue modifications are detected and logged. For more information, see Detecting Rogue Modifications.
This option can only be set if Force mapping against direction of synchronization is disabled.
|Correct rogue modifications||If this options is set, rogue modifications are corrected. For more information, see Detecting Rogue Modifications.
The option can only be set if Detect rogue modifications is set.
The option may only be set if the schema property that may changed through the correction has write-access.
Rogue modificationA change that was not made in the synchronization master system. Example: the direction of synchronization is define as "target system". This makes One Identity Manager the master system for synchronization. Changes to the target system are identified as invalid. should be corrected when schema property "DB abc" (in One Identity Manager) and "TS rst" (in the target system) are synchronized. The mapping direction is "Target system". The option Detect rogue modifications may only be set id the schema property "DB abc" has write-access.
|Ignore case||If this option is set, the mapping ignores case sensitivity.
If this option is not set, case sensitivity is taken into account in the mapping.
|Deal with the first value of the property as a single value||If a multi-value schema property is mapped using a value compare rule, the first value from the value list is taken into account by synchronization.|
|Only include these||Select all members in the value list to be mapped to the schema property of the connected system.|
|Exclude these||Select all members in the value list not to be mapped to the schema property of the connected system.|