Chat now with support
Chat with Support

Identity Manager 8.0 - Target System Synchronization Reference Guide

Target Synchronization with the Synchronization Editor Basics of Target System Synchronization Setting up Synchronization
Starting the Synchronization Editor Creating a Synchronization Project How to Configure Synchronization
Setting Up Mappings Setting up Synchronization Workflows Connecting Systems Editing the Scope Using Variables and Variable Sets Setting up Start up Configurations Setting up Base Objects
Overview of schema Classes Customizing Synchronization Configuration Checking Synchronization Configuration Consistency Activating the Synchronization Project
Running Synchronization Synchronization Analysis Setting up Synchronization with Default Connectors Updating Existing Synchronization Projects Additional Information for Experts Error Handling Appendix: Example of a Configuration File

Wizard for Entering Filters

At certain points you can define custom filter conditions. The filter conditions are formulated like a condition (WHERE clause) for a database query.

You can enter database queries directly or put them together with a wizard. Use and to switch to the appropriate view.

  • The comparison operators =, <>, <, >, <=, >= and like are supported for defining conditions.
  • To link condition you can use the logical operators AND, OR and NOT.
  • You can use variables in your condition definitions. Variable must be masked.

    Syntax: '$<variable>$'

    NOTE: If the condition contains a dollar sign, which is not labeling a variable, it must be masked with $.

    Example: '300 $$' compared to the value '300 $'

    TIP: If you enter a condition directly, you can access predefined variables with the button.

Each condition is displayed in a special control in the wizard. The controls contain connection points to logically join single conditions or delete single conditions. The connection points are set if you mouse over the edge of the respective control.

Figure 2: Wizard for Entering Filters

To create a filter with a wizard

  1. Click Create condition.

    This inserts a control for the first condition.

  2. Enter the condition.
    1. Click the left-hand part of the condition and select the property to filter by.

      The properties for filtering are listed. You can also define other properties and use variables.

    2. Specify the comparison operator. Click the comparison operator to change it.

      Use the comparison operators =, <>, <, >, <=, >= and like to define conditions.

    3. Specify the comparison value on the right-hand side of the condition.

      You can enter a string for a comparison value or select a property from the list. You can also use variables.

      NOTE: To be able to switch to this input field at a later date, choose Input field from the list.
  3. To link condition you can use the logical operators AND, OR and NOT.
    1. Mouse over the edge of the control to which you wish to create a link.

      The connection points appear.

    2. Mouse over a connection point and select the connection.

      This adds a new control for the next condition.

    Note:To remove a control, select the connection point, Delete.

Support for Scripting

Support for Scripting

You can apply scripts at various points in the synchronization project; for example, when defining the schema properties or when you define data operations for system connection through the native database connector. You can enter scripts in C# or Visual Basic .NET depending on script's language, which was specified for the synchronization project.

You write scripts in a special editing dialog box. It has an advanced edit mode which provides additional actions.

To switch to advanced mode

  • Use the key combination CTRL + ALT + Enter or a the button in the right bottom corner.

Figure 3: Directly Entering a Database Query

Table 14: Meaning of Icon in Advanced Edit Mode
Icon Meaning
Quitting advanced edit mode.
Undoes last change.
Redoes last change.
Cuts selected code.
Copies selected code into clipboard.
Inserts code from clipboard.
Deletes selected code.
Decreases insert.
Increases insert.
Shows/hides line numbers.
Inserts code snippet.
Word wrap automatically.
Search within code.

One Identity Manager provides code snippets for you to use as templates.

To insert a code snippet

  1. Change to advance editing mode.
  2. Click in the toolbar.
  3. Select a category
  4. Select a code snippet.
  5. Customize the script code as required.
  6. Click to quit extended editing mode.

Additional input aids are provided for creating script code.

Syntax Highlighting

The input fields support syntax highlighting depending on the syntax type.

Auto-Completion

Auto-completion can be used when creating script code. The amount of scripted code to enter is reduced by displaying the names of properties or functions that can be used. Automatic completion is called with the key combination CTRL + SPACE at the appropriate point in the editor. The contents of the list is determined by the key words in the code.

Entering Code Snippets

You can insert code snippets using the following options:

  1. Using the icon
    • Select the in the menu bar.
  2. Using a shortcut
    • Press the F2 key.

NOTE: If you select the code snippet using a shortcut or the icon, a short description and the shortcut name is displayed in a tooltip.

TIP: You can use custom code snippets. To do this, create a directory CustomSnippets in the One Identity Manager installation directory to store the code snippets. Use Visual Studio documentation to develop your own code snippets.

Save Changes Permanently

Save Changes Permanently

Different wizards are run to add new objects like synchronization projects, mappings or workflows with the Synchronization EditorClosed. The data you enter is temporarily saved. Changes to these objects are also saved only temporarily.

To save changes to the synchronization project permanently

  • Click Commit to database in the SynchronizationClosed Editor.

    - OR -

  • To save the synchronization project with change labels, open the Commit to database submenu and click Commit and assign a change label... For more detailed information, see the One Identity Manager Configuration Guide.

One Identity Manager compresses the schemas when the synchronization project is saved for the first time. This removes schema data from the synchronization projects, which is not required in the synchronization configuration. This can speed up loading the synchronization project.

Related Topics

Remote Connection

Remote Connection

To configure synchronization with a target system, One Identity Manager must load the data from the target system. One Identity Manager communicates directly with target system to do this. If you do not have direct access on the workstation on which the Synchronization EditorClosed is installed, because of the firewall configuration, for example, you can set up a remote connection.

Prerequisite

The remote connection server and the workstation must be in the same Active Directory domain.

To permit remote access to a target system

  1. Provide a server installed with the following software.
    • One Identity Manager Service with the RemoteConnectPlugin

      The plugin requires the following parameters:

      Table 15: RemoteConnectPlugins Parameters
      Parameter Value Description
      Authentication method ADSGroup Method with which incoming queries can be authenticated.

      Permitted values: ADGroup

      Permitted AD group   Distinguished name or object SID of the Active Directory group whose members are permitted to use a remote connection. This parameter is only required for the authentication methods "ADGroup".
      Port 2880 Port for reaching the server.

      NOTE: Authentication of a remote connection can only be done through an Active Directory group.

      For more information, see the One Identity Manager Configuration Guide.

    • Target system connector
    • Target specific client components as they must be installed on the synchronization server.

      For more information, see the administration guides for connecting target systems.

  2. Declare the remote connection server as Job serverClosed in One Identity Manager.
  3. Start the One Identity Manager Service.

TIP: The remote connection server requires the same configuration (with respect to the installed software) as the synchronization server. Use the synchronization as remote connection server at the same time, by simply installing the RemoteConnectPlugin as well.

To edit a Job server

  1. Select the category Base Data | Installation | Job server in the Designer.
  2. Start the Job Server Editor using the task Edit job server....
  3. Enter a new Job server using the menu item Job servers | New.
  4. Edit the Job server's master data.
  5. Select the menu item View | Server functions and specify the server functionality.

Select a minimum of the following server functions:

  • <target system connector>
  • One Identity Manager Service installed
  1. Select the menu item View | Machine roles and assign roles to the server.

    Select at least the following roles:

    • Server/Jobserver/<target system>
  2. Enter the Job server queue names in the One Identity Manager Service configuration file.

For more information, see the One Identity Manager Configuration Guide and the administration guides for connecting target systems.

Remote access may be necessary, if:

  1. A synchronization project must be set up.
  2. An existing synchronization project must be configured but there is generally no direct access to the target system.
  3. A existing synchronization project must be configured but there is temporarily no direct access to the target system.

    One Identity Manager requires a connection to target system, for example, to update the target system schema, to define a scope or to test the object matching rules. A message appears if you cannot connect to the target system when editing the synchronization configuration. Then you can decide whether you want to connect through a remote connection server, temporarily. In this case, a remote connection dialog opens.

  4. An existing synchronization project needs to be configured but some connection data is encrypted and the encryption values are not known to the SynchronizationClosed Editor user.

To set up a remote connection for a new synchronization project.

  • Set the option Connect using remote connection server in the project wizard on the System access page and select the server to use for the connection under Job server.

    The remote connection stays connected as long as the project wizard is open.

To set up a remote connection for an existing synchronization project.

  1. Open the synchronization project.
  2. Click Remote connection in the Synchronization Editor's toolbar.

    This opens the remote connection dialog.

  3. Enter the remote connection properties.
  4. Click Connect.

    This sets up the remote connection. It stays up as long as the synchronization project is open in the Synchronization Editor,

Table 16: Remote Connection Properties
Property Description
Select remote connection server automatically Select this option if you want the remote connection server to be selected automatically.
Job server In the menu, select the Job server you want for One Identity Manager communicating with the target system.

All Job servers are displayed that are marked with One Identity Manager Service installed.

Select remote connection server manually Select this option if you do not want the remote connection server to be selected automatically because, for example, the server name cannot be resolved.
Server Enter the full server name or the server's IP address.
Port RemoteConnectPlugin uses the port 2880.

To close a remote connection

  • Click Remote connection in the Synchronization Editor's toolbar.
Related Topics
Related Documents