The navigation view in the Logs category has its own toolbar.
Icon | Meaning |
---|---|
Reload the data. | |
Display synchronization log. | |
Display provisioning log. | |
Only display most recent logs. This display logs from within the past 24 hours. | |
Sort by execution time. | |
Sort by execution status. |
To display a synchronization log
Logs for all completed synchronization runs are displayed in the navigation view.
An analysis of the synchronization is shown as a report. You can save the report.
To display a provisioning log.
Logs for all completed provisioning processes are displayed in the navigation view.
Select a log by double-clicking on it.
An analysis of the provisioning is show as a report. You can save the report.
The log is marked in color in the navigation view. This mark shows you the execution status of the synchronization/provisioning.
Objects, which do not exist in the target system, can be marked as outstanding in One Identity Manager by synchronizing. This prevents objects being deleted because of an incorrect data situation or an incorrect synchronization configuration.
Objects marked as outstanding:
Start target system synchronization to do this.
To post-process outstanding objects
|
TIP: To display object properties of an outstanding object
|
Icon |
Method |
Description |
---|---|---|
|
Delete |
The object is immediately deleted in the One Identity Manager. Deferred deletion is not taken into account. The "outstanding" label is removed from the object. Indirect memberships cannot be deleted. |
|
Publish |
The object is added in the target system. The "outstanding" label is removed from the object. The method triggers the event "HandleOutstanding". This runs a target system specific process that triggers the provisioning process for the object. Prerequisites:
|
|
Reset |
The "outstanding" label is removed from the object. |
|
NOTE: By default, the selected objects are processed in parallel, which speeds up execution of the selected method. If an error occurs during processing, the action is stopped and all changes are discarded. Bulk processing of objects must be disabled if errors are to be localized, which means the objects are processed sequentially. Failed objects are named in the error message. All changes that were made up until the error occurred are saved. To disable bulk processing
|
For more detailed information about post-processing outstanding objects from connected target systems, see the target system connection guides.
Membership of user accounts in groups, for example, can result from direct assignment or through inheritance in One Identity Manager. The membership's origin is stored in the assignment table XOrigin. Inherited memberships cannot be deleted as long as the inheritance source still exists. If inherited memberships are deleted in the target system, they are marked as outstanding by synchronization, depending on which processing method was selected.
You can differentiate between the following cases of deleting membership through synchronization:
Membership Origin | Method Delete | Method MarkAsOutstanding |
---|---|---|
Only direct | The membership is deleted immediately by synchronization. | The membership is marked as outstanding by synchronization. |
Only inherited | The membership is marked as outstanding by synchronization. | The membership is marked as outstanding by synchronization. |
Direct and inherited | The membership is marked as outstanding by synchronization. The reference to direct assignment is removed (column value XOrigin is updated). | The membership is marked as outstanding by synchronization. |
Outstanding memberships must be post-processed separately. You can publish these memberships if the inheritance source still exists or you set the status back and remove the inheritance source.
Ben King has an Active Directory user account that is a member of the Active Directory group "Backup operators". This membership is loaded into the One Identity Manager database by initial synchronization and saved as direct membership in the table ADSAccountInADSGroup (XOrigin = '1'). Ben King is member of the business role "Project A". This business role is assigned to the Active Directory group "Backup operators". Therefore, Ben King becomes an indirect member of this Active Directory group (ADSAccountInADSGroup.XOrigin = '3'). The group membership is deleted in the target system. The deleted membership is immediately deleted in the One Identity Manager database the next time synchronization is run (ADSAccountInADSGroup.XOrigin = '2'). The membership is marked as outstanding because it remains in the One Identity Manager database due to inheritance. The outstanding membership must be post-processed in target system synchronization. There are two possible ways to do this:
The method "Publish" is applied. Membership is re-added to the target system.
The method "Delete" cannot be applied.
© 2023 One Identity LLC. ALL RIGHTS RESERVED. Feedback Terms of Use Privacy