|DPR\UI\EncryptedValueHandling||The configuration parameter defines the Synchronization EditorOne Identity Manager tool for configuring target system synchronization. behavior when handling encrypted values.
When you set up a synchronization project in an encrypted One Identity Manager database, sensitive data is encrypted. This affects passwords for connection data as well as variables that are labeled as secret. The SynchronizationThe process of comparing data between One Identity Manager and a target system. Objects and their properties are compared by fixed rules. Synchronization results in the identical data situation in the target system and One Identity Manager database. Editor requires all connection data in decrypted form in order to access connected systems. Therefore, these values must be reentered when you open the synchronization project.
To open the synchronization project
An extra dialog box is displayed.
|Encrypted value||Value required by the connector to establish a system connection.|
|Show values||Specifies whether the values entered are shown. If this option is not set, input is masked.|
|Remember the values and save locally||Specifies whether the data entered is saved locally. The next time the synchronization project is opened, the stored values are applied and can be confirmed or altered.
To delete locally saved data
If you do not know the necessary value, you can still open the synchronization project and edit it selectively. However, all actions which required accessing the connected system, cannot be executed.
To open the synchronization project despite missing values
If the Synchronization Editor now accesses the connection system, it cannot establish a system connection because certain connection parameters are still encrypted. The values can be decrypted through an appropriately configured remote connection. Set up a remote connection server to do this. For more information, see Remote Connection.Note here the relevant restrictions for setting up a remote connection server.
To enable the system connection despite encrypted connection data
A prompt appears asking whether you want to connect remotely.
This sets up the remote connection. It stays up as long as the synchronization project is open in the Synchronization Editor,
NOTE: If a remote connection is not possible, you have the option to enter values for establishing the system connection at this point.
To set up access to an encrypted database over a remote connection, by default.
The decryption dialog does not appear when you open the synchronization project. All encrypted values are ignored by default.
One Identity Manager provides a system user with all the permissions necessary to set up target system synchronization through an application server and to run it. When you set up the One Identity Manager database, you entered the password "SynchronizationThe process of comparing data between One Identity Manager and a target system. Objects and their properties are compared by fixed rules. Synchronization results in the identical data situation in the target system and One Identity Manager database." for the system user. You can change this password in the Synchronization EditorOne Identity Manager tool for configuring target system synchronization.. The password must then be changed in all synchronization projects that connect to the database through an application server. One Identity Manager can try to update these passwords automatically. If this is not possible, modify the synchronization projects manually.
|IMPORTANT: The password may not be changed while synchronization is starting up or running. Only change the password outside working hours!|
Only passwords that are managed in One Identity Manager can be changed. There is no menu item shown for externally managed passwords. For more detailed information about managing system user passwords, see the One Identity Manager Configuration Guide.
To change the system user's Password
|Old password||Password valid until now.|
|New password and password confirmation||New password for the system user to log on o the database.|
|Show passwords||Passwords are not masked.|
|Try to update existing synchronization projects||One Identity Manager checks all the synchronization projects and tries to update the password. The password is only changed in synchronization projects that are connected with the database through an application server.|
To manually update the database connection password
Do not establish a remote connection.
To configure target system synchronization you must have knowledge of the One Identity Manager's basic procedure for synchronizing and provisioning data. These basics are explained in the following sections.
|Dependency resolution||How does Dependency Resolution Work|
|Outstanding objects||Deleting Objects in One Identity Manager|
|Filter||What are Filters|
|Mapping directionDirection of synchronization permitted for mapping schema properties.||Direction of Synchronization and Mapping|
|Primary and secondary systems||Synchronizing User Data with Different Systems|
|ProvisioningActual changes to an object in the One Identity Manager database (added, modified, deleted) are made immediately written to the target system.||Synchronization and Provisioning|
|Revision filterFilters all system objects not changed since the last synchronization. The deciding factor being the revision property modification. SynchronizationThe process of comparing data between One Identity Manager and a target system. Objects and their properties are compared by fixed rules. Synchronization results in the identical data situation in the target system and One Identity Manager database. can be speeded up with revision filtering.||How does Revision Filtering Work|
|SchemaData model of a connected system. The schema describes all the master data from the connected system. see target system schema; see One Identity Manager schema; see connector schema; see extended schema||How are Schemas Mapped|
|ScopeSection of a connected system which should be synchronized. The scope is defined with a filter.||What is a Scope|
|Direction of synchronizationDirection in which synchronization is run. The master system is defined by the direction of synchronization.||Direction of Synchronization and Mapping|
|Rogue modificationA change that was not made in the synchronization master system. Example: the direction of synchronization is define as "target system". This makes One Identity Manager the master system for synchronization. Changes to the target system are identified as invalid.||Detecting Rogue Modifications|
A server installed with the One Identity Manager Service and, if necessary, other target system specific software, is required for synchronization. This server (named the synchronization server in the following) requires direct access to the target system. The synchronization server communicates directly with the One Identity Manager database by default. You can also set up a connection over an application server for this.
Figure 4: Communication Paths for SynchronizationThe process of comparing data between One Identity Manager and a target system. Objects and their properties are compared by fixed rules. Synchronization results in the identical data situation in the target system and One Identity Manager database.
To configure synchronization with a target system, One Identity Manager must load the data from the target system. One Identity Manager communicates directly with target system to do this.
Figure 5: Communication Paths for Synchronization Project Configuration