Chat now with support
Chat with Support

Identity Manager 8.0 - Target System Synchronization Reference Guide

Target Synchronization with the Synchronization Editor Basics of Target System Synchronization Setting up Synchronization
Starting the Synchronization Editor Creating a Synchronization Project How to Configure Synchronization
Setting Up Mappings Setting up Synchronization Workflows Connecting Systems Editing the Scope Using Variables and Variable Sets Setting up Start up Configurations Setting up Base Objects
Overview of schema Classes Customizing Synchronization Configuration Checking Synchronization Configuration Consistency Activating the Synchronization Project
Running Synchronization Synchronization Analysis Setting up Synchronization with Default Connectors Updating Existing Synchronization Projects Additional Information for Experts Error Handling Appendix: Example of a Configuration File

Synchronization Configuration Export

Synchronization Configuration Export

SynchronizationClosed projects created for a test database, for example, can be transported to a live database. To be able to use synchronization configuration here, modify the One Identity Manager database connection parameter and the start up configuration.

Prerequisite

  • The schema of both One Identity Manager databases are identical. Customized schema extensions used in the mapping exist in both databases.

To export a synchronization project from one One Identity Manager database to another

  1. Save the synchronization project in the source database with change labels. Add new changes labels to do this.
    • To save the synchronization project with change labels, open the Commit to database submenu and click Commit and assign a change label...
  2. Create a transport package for the synchronization project using the Database Transporter.
    1. Select the export criteria Transport by change label.
    2. Select the change label.
    3. Click Options and set Add dependent objects to transport file and Close change labels after export.

      TIP: To display objects that belong to change labels, click Show.
  3. Import the transport package into the target database with the Database Transporter.
  4. Edit the synchronization project in the target database.
    1. Add a new base object:

      Use the wizard to do this, if it is available.

      The wizard creates a variable set with the given connection parameters. It adds the synchronization base object, for example, the actual Active Directory domain you want to synchronize, as object in the One Identity Manager database.

    2. Customize the One Identity Manager database connection data.

      Select the category Configuration | One Identity Manager connection | General and click Edit connection....

    3. Customize your start up configuration.
      • Assign a schedule to it.
      • Assign the variable set that belongs to the associated base object.
    4. Run a consistency check.

    5. Activate the synchronization project.

Detailed information about this topic

For more detailed information about committing with change labels as well as creating and importing transport packages, see the One Identity Manager Configuration Guide.

Operations for Provisioning Processes

Operations for Provisioning Processes

In order to provision object modifications in the target system, you must specify which synchronization workflow provisioning should take over. This information is stored in the table DPRObjectOperation. If you create your own provisioning processes, define operations for each of the provisioning tasks. Assign the operations to the synchronization workflows, which are going to be executed. Edit the assignments in the Designer.

To define operations for provisioning processes

  1. Select the category Process Orchestration | ProvisioningClosed process operations in the Designer.
  2. Select the menu item Object | New.
  3. Edit the operation properties.
  4. Save the changes.
  5. Use this operation as parameter for the script DPR_GetAdHocData in the provisioning process.
Table 74: Operations for Provisioning Processes
Property Description
Name Name of the operation.
Synchronization workflowClosed Workflow for executing provisioning.
System connection Target system connection for the target system in which changes must be provisioned.
Table Table responsible for triggering provisioning.
Display name Operation display name in the One Identity Manager tools' user interface.
Description Spare text box for additional explanation.
Processing status Only used internally by One Identity Manager.

Creating Synchronization Projects Automatically

Creating Synchronization Projects Automatically

You can create synchronization projects automatically. This can be particularly useful if you want to set up synchronization projects for different Active Directory domains, which require the same configuration. A new synchronization project is generated from the command line. using the configuration of a reference project. The reference project's configuration is supplied in a configuration file. which you can modify. You can define variable settings, like the target system to connect or password, in parameters, which are used passed values when the command is called.

To set up automation

  1. Enable expert mode.
  2. Create the reference project using the project wizard.
    1. Create a new synchronization project.
    2. Click Save configuration... on the last page of the project wizard.
    3. Select a repository for the configuration file and give it a name.

      The file is saved as a Synchronization EditorClosed workspace file with the extension sews.

    4. Quit the wizard.
  3. Customize the synchronization configuration in the configuration file.
    • Check the saved settings and adjust the values.
    • Create parameters for variable settings.
  4. To create synchronization projects with this conifiguration
    • Call the SynchronizationClosed Editor Command Line Interface.
  5. To automatically create synchronization projects, use scripts which execute the Synchronization Editor Command Line Interface .
Detailed information about this topic

Customizing the Configuration File

Customizing the Configuration File

All data in the configuration file that the project wizard collected when the synchronization project was created, is saved in XML format. The file is divided into three main sections:

Structure of the configuration file

<?xml version="1.0" encoding="utf-8" ?>

<SynchronizationEditorWorkspace Version="1.0">

<Parameters>

...

</Parameters>

<Global>

...

</Global>

<Editors>

...

</Editors>

</SynchronizationEditorWorkspace>

Customize the settings to create a new synchronization project based on this configuration file. Use parameters for all variable values if different synchronization projects are going to be created with this configuration file.

To Customize the configuration file

  1. Decide on the variable values.
  2. Define parameters for each of these values.
  3. Replace the values with parameters.
Example

SynchronizationClosed projects should be created for various Active Directory domains in different One Identity Manager databases on one and the same database server. A synchronization project has been created with the project wizard for one of these domains. This reference project's configuration file must be adjusted such that it can be used for all the other domains.

The following settings must be customized:

  • Define parameters for the One Identity Manager database, database user, system user and its password.
  • Define parameter for the domain name, domain controller Active Directory user and its password.
  • Define a parameter for the synchronization project, if more than one synchronization projects is going to added to one database.
  • Replace the respective values in the global and editor sections with these parameters.

    IMPORTANT: The One Identity Manager database connection data in the global definitions (WorkDatabase.ConnectionString) and in the editor definitions (MainConnection.ConnectionParameter) must be identical. If you replace these value with parameters, use the same parameter in each case.

    The following table shows the modifications required in the configuration file based on a reference project from a SQL Server database. For more detailed information about connecting to an SQL Server or Oracle database, see the One Identity Manager Installation Guide. For more detailed information about initial data for the authentication module, see the One Identity Manager Configuration Guide.

    Table 75: Modifications in the configuration file
    Element/value Changes

    WorkDatabase.ConnectionString

    data source=<database server>;

    initial catalog=<database>;

    user id=<user>;

    pooling=false;

    password=$DBPassword$

     

    Replace <database> and <user> with parameters, for example $Database$ and $DBUser$.

    WorkDatabase.AuthenticationString

    module=<authentication module>;

    user[VI.DB_USER]=<system user>;

    (Password)Password[VI.DB_Password]=<password>

     

    Replace <system user> and <password> with parameters, for example $SystemUser$ and $SystemPassword$.

    MainConnection.ConnectionParameter

    authentication=ProjectorAuthenticator;

    data source=<database server>;

    DBFactory="VI.DB.ViSqlFactory, VI.DB";

    initial catalog=<database>;

    password="<DBPassword>";

    pooling=false;

    user id=<user>

     

    Replace <database>, <DBPassword> and <user> with parameters from the element WorkDatabase.ConnectionString.

    ConnectedSystemConnection.ConnectionParameter

    ADAuthentication=<authentication type>;

    ADEnableras=<Remote Access Service>;

    ADEnablerecyclebin=<Active Directory recycle bin>;

    ADEnableterminal=<terminal service>;

    ADPort=<port>;

    ADRootdn="<distinguished domain name>";

    ADServer=<domain controller>;

    ADTypeEnableExtensions=<Typklassen erlaubt>;

    ADTypeExtensions=<Typklassendefinition>;

    baseloginaccount=<Active Directory Benutzer>;

    basepassword="<Active Directory Kennwort>"

     

    Replace <distinguished domain name>, <domain controller>, <Active Directory user> and <Active Directory password> with parameters.

    ShellDisplay

    <synchronization project display name>

     

    Replace <synchronization project display name> with a parameter, if more than one synchronization projects are going to be added to one database.

For more information, see Appendix: Example of a Configuration File.

Related Documents