Chat now with support
Chat with Support

Identity Manager 8.0 - Target System Synchronization Reference Guide

Target Synchronization with the Synchronization Editor Basics of Target System Synchronization Setting up Synchronization
Starting the Synchronization Editor Creating a Synchronization Project How to Configure Synchronization
Setting Up Mappings Setting up Synchronization Workflows Connecting Systems Editing the Scope Using Variables and Variable Sets Setting up Start up Configurations Setting up Base Objects
Overview of schema Classes Customizing Synchronization Configuration Checking Synchronization Configuration Consistency Activating the Synchronization Project
Running Synchronization Synchronization Analysis Setting up Synchronization with Default Connectors Updating Existing Synchronization Projects Additional Information for Experts Error Handling Appendix: Example of a Configuration File

Working with an Encrypted Database

Working with an Encrypted Database

Table 17: Configuration Parameter for Handling Encrypted Values
Configuration parameter Description
DPR\UI\EncryptedValueHandling The configuration parameter defines the Synchronization EditorClosed behavior when handling encrypted values.
Options Description
ByUser The user can decide whether encrypted values should be ignored or not. (default)
IgnoreAll The decryption dialog does not appear when you open the synchronization project. All encrypted values are ignored by default.

When you set up a synchronization project in an encrypted One Identity Manager database, sensitive data is encrypted. This affects passwords for connection data as well as variables that are labeled as secret. The SynchronizationClosed Editor requires all connection data in decrypted form in order to access connected systems. Therefore, these values must be reentered when you open the synchronization project.

To open the synchronization project

  1. Open the synchronization project.

    An extra dialog box is displayed.

  2. Enter the value required to establish a system connection.
  3. Click OK.
Table 18: Decryption Dialog
Property Description
Encrypted value Value required by the connector to establish a system connection.
Show values Specifies whether the values entered are shown. If this option is not set, input is masked.
Remember the values and save locally Specifies whether the data entered is saved locally. The next time the synchronization project is opened, the stored values are applied and can be confirmed or altered.

IMPORTANT: If an encrypted value has been changed in the One Identity Manager database, the modified value must also be changed on the workstation the next time the synchronization project is opened.

Otherwise, the value is overwritten by the locally stored data when the synchronization project is saved. Modifications (of passwords, for example) go missing this way!

To avoid overwriting

  • Update the preset values and set the option Remember the values and save locally.

To delete locally saved data

  1. Select the menu Database | Settings....
  2. Select the menu Database | Settings....
  3. Select a value and click Delete.

If you do not know the necessary value, you can still open the synchronization project and edit it selectively. However, all actions which required accessing the connected system, cannot be executed.

To open the synchronization project despite missing values

  • Click Ignore all in the decryption dialog.

If the Synchronization Editor now accesses the connection system, it cannot establish a system connection because certain connection parameters are still encrypted. The values can be decrypted through an appropriately configured remote connection. Set up a remote connection server to do this. For more information, see Remote Connection.Note here the relevant restrictions for setting up a remote connection server.

To enable the system connection despite encrypted connection data

  1. Edit the system connection.

    For more information, see How to Edit System Connection Properties.

    A prompt appears asking whether you want to connect remotely.

  2. Set the first option and click OK.
    1. Enter the remote connection properties.

      For more information, see Remote Connection Properties.

    2. Click Connect.

      This sets up the remote connection. It stays up as long as the synchronization project is open in the Synchronization Editor,

NOTE: If a remote connection is not possible, you have the option to enter values for establishing the system connection at this point.

  • Set the second option for this and enter the missing values. Click OK.

To set up access to an encrypted database over a remote connection, by default.

  • Set the configuration parameter "DPR\UI\EncryptedValueHandling" in the Designer and select the value "IgnoreAll" on the Options tab.

    The decryption dialog does not appear when you open the synchronization project. All encrypted values are ignored by default.

Changing a Synchronization User's Password

Changing a Synchronization User's Password

One Identity Manager provides a system user with all the permissions necessary to set up target system synchronization through an application server and to run it. When you set up the One Identity Manager database, you entered the password "SynchronizationClosed" for the system user. You can change this password in the Synchronization EditorClosed. The password must then be changed in all synchronization projects that connect to the database through an application server. One Identity Manager can try to update these passwords automatically. If this is not possible, modify the synchronization projects manually.

IMPORTANT: The password may not be changed while synchronization is starting up or running. Only change the password outside working hours!

Only passwords that are managed in One Identity Manager can be changed. There is no menu item shown for externally managed passwords. For more detailed information about managing system user passwords, see the One Identity Manager Configuration Guide.

To change the system user's Password

  1. Select the menu Database | Change synchronization user password....
  2. Enter the required data:
  3. Click OK.
Table 19: Password data
Property Description
Old password Password valid until now.
New password and password confirmation New password for the system user to log on o the database.
Show passwords Passwords are not masked.
Try to update existing synchronization projects One Identity Manager checks all the synchronization projects and tries to update the password. The password is only changed in synchronization projects that are connected with the database through an application server.

To manually update the database connection password

  1. Open the synchronization project which needs to have its password updated.
  2. Select the category Configuration | One Identity Manager connection.
  3. Confirm the prompt with OK.

    Do not establish a remote connection.

  4. Click Edit connection....
  5. Select the Connection parameter page in the system connection wizard.
  6. Enter the new password in Synchronization user's password.
  7. Click Test.
  8. If the connection is successfully established, click Next..
  9. Close the system connection wizard.
  10. Save the changes.

Basics of Target System Synchronization

To configure target system synchronization you must have knowledge of the One Identity Manager's basic procedure for synchronizing and provisioning data. These basics are explained in the following sections.

Table 20: Basic Synchronization Terminology
Term Described in
Dependency resolution How does Dependency Resolution Work
Outstanding objects Deleting Objects in One Identity Manager
FilterClosed What are Filters
Mapping directionClosed Direction of Synchronization and Mapping

Mapping against the Direction of Synchronization

Primary and secondary systems Synchronizing User Data with Different Systems
ProvisioningClosed Synchronization and Provisioning
Revision filterClosed How does Revision Filtering Work
SchemaClosed How are Schemas Mapped
ScopeClosed What is a Scope
Direction of synchronizationClosed Direction of Synchronization and Mapping
Rogue modificationClosed Detecting Rogue Modifications

Synchronization Editor Communications

Synchronization Editor Communications

A server installed with the One Identity Manager Service and, if necessary, other target system specific software, is required for synchronization. This server (named the synchronization server in the following) requires direct access to the target system. The synchronization server communicates directly with the One Identity Manager database by default. You can also set up a connection over an application server for this.

Figure 4: Communication Paths for SynchronizationClosed

To configure synchronization with a target system, One Identity Manager must load the data from the target system. One Identity Manager communicates directly with target system to do this. If you do not have direct access on the workstation on which the Synchronization EditorClosed is installed, because of the firewall configuration, for example, you can set up a remote connection.

Figure 5: Communication Paths for Synchronization Project Configuration

Related Topics
Related Documents