Creating a Synchronization Project

Creating a Synchronization Project

A synchronization project collects all the information required for synchronizing the One Identity Manager database with a target system. Connection data for target systems, schema types and properties, mapping and synchronization workflows all belong to this.

Have the following information available for setting up a synchronization project.

Table 7: Information Required for Setting up a Synchronization Project

Data	Explanation
Definition file	You provide the required Windows PowerShell cmdlets, schema types, schema properties and connection parameters in an XML file.
Synchronization serverJob serverServer with the One Identity Manager Service installed. installed with the target system connector. All One Identity Manager actions are executed against the target system environment on the synchronization server.	All One Identity Manager Service actions are executed against the target system environment on the synchronization server. Entries which are necessary for synchronization and administration with the One Identity Manager database are processed by the synchronization server. Installed components: One Identity Manager Service (started) The synchronization server must be declared as a Job server in One Identity Manager. The Job server name is required. For more information, see Setting Up the Synchronization Server.
Remote connection serverJob server installed with the RemoteConnectPlugin and the target system connector is installed. If direct access to the target system is not possible, a remote connection can be set up. Communication between the Synchronization EditorOne Identity Manager tool for configuring target system synchronization. and Target SystemAn instance of a target system in which the employees managed by One Identity Manager have access to network resources. Example: An Active Directory domain X for target system type "Active Directory", a directory Y for target system type "LDAP", a client Z for target system type "SAP R/3". is done through a remote connection server.	To configure synchronization with a target system, One Identity Manager must load the data from the target system. One Identity Manager communicates directly with target system to do this. If you do not have direct access on the workstation on which the SynchronizationThe process of comparing data between One Identity Manager and a target system. Objects and their properties are compared by fixed rules. Synchronization results in the identical data situation in the target system and One Identity Manager database. Editor is installed, because of the firewall configuration, for example, you can set up a remote connection. The remote connection server and the workstation must be in the same Active Directory domain. Remote connection server configuration: One Identity Manager Service is started RemoteConnectPlugin is installed The remote connection server must be declared as a Job server in One Identity Manager. The Job server name is required. TIP: The remote connection server requires the same configuration (with respect to the installed software) as the synchronization server. Use the synchronization as remote connection server at the same time, by simply installing the RemoteConnectPlugin as well. For more detailed information about setting up a remote connection, see the One Identity Manager Target System Synchronization Reference Guide.
Synchronization workflowsee WorkflowCollection of all the synchronization steps to be executed.	Set the option Data import in the synchronization step if synchronization data is imported from a secondary system. You cannot select the processing method "MarkAsOutstanding" for these synchronization steps. For more detailed information about synchronizing user data with different systems, see the One Identity Manager Target System Synchronization Reference Guide.
Base objectBase objects contain data about the target system to be synchronized, its system connection and the synchronization server.	If no base object can be specified, you can assign a base table and the synchronization server. Select the Base table from the menu in which to import the objects. The base table can be used to defined downstream processes for synchronization. For more information about downstream processes, see the One Identity Manager Target System Synchronization Reference Guide. All Job servers, which have the server function "Windows PowerShell connector" enabled are displayed in the Synchronization servers menu.
Variable setUsed to configure synchronization configuration for different systems. Each variable set contains at least the variables for the system connection parameter. The value of the variables are redefined for different uses.	If you implement specialized variable sets, ensure that the start up configuration and the base object use the same variable set.

To configure synchronization with the Windows PowerShell connector

1. Create a definition file, which described the structure of the target system and the Windows PowerShell cmdlets to use.
2. Create a new synchronization project.

3. Add mappings. Define property mapping rules and object matching rules.
4. Create synchronization workflows.
5. Create a start up configuration.
6. Define the synchronization scope.
7. Specify the base object of the synchronization.
8. Specify the extent of the synchronization log.
9. Run a consistency check.
10. Activate the synchronization project.
11. Save the new synchronization project in the database.

For more detailed information about create the various components of the synchronization configuration (mappings, workflows, startup configuration,...), see the One Identity Manager Target System Synchronization Reference Guide.

Detailed information about this topic

• Creating Definition Files
• How to Set up a Synchronization Project

Creating Definition Files

Creating Definition Files

When you set up synchronization, you enter the required Windows PowerShell cmdlets, schema types, schema properties and the information required for logging in to the target system in XML notation. Create one XML file for this, which contains the entire definition. The definition file is loaded when you configure synchronization in the project wizard. You can create Synchronization EditorOne Identity Manager tool for configuring target system synchronization. maps and synchronization workflows based on this definition.

You can find an example of a definition file on the One Identity Manager installation medium in directory ..\Modules\TSB\dvd\AddOn\SDK\ADSample.xml.

Table 8: Structure of the Definition File

Elements	Description
PluginAssemblies	Additionally required plugins. Plugin are required for converting return values from the connector or readable values from the Windows PowerShell.
ConnectionParameters	Definition of the connection parameter required for connecting to the target system.
Initialization	Describes the elements required for connecting Windows PowerShell and reading or writing data in the target system.
PredefinedCommands	List of all required cmdlets, which are already defined in the Windows PowerShell modules and snap-ins in use.
CustomCommands	Definition of custom cmdlets. Create cmdlets for all commands that are required in addition to PredefinedCommands . Specify a name, the required parameter and the command to run for each cmdlet.
Connect CommandSequence	Command sequence to execute in order to create a Windows PowerShell connection to the target system. The command sequence consists of a succession of cmdlets in a specified order.
Disconnect CommandSequence	Connection sequence to run in order to closed an existing Windows PowerShell connection. The command sequence consists of a succession of cmdlets in a specified order.
SchemaData model of a connected system. The schema describes all the master data from the connected system. see target system schema; see One Identity Manager schema; see connector schema; see extended schema	Describes how return values from cmdlets are mapped to a schema, which is loaded from the Windows PowerShell connector and can be edited in the synchronization configuration. Defines schema types, schema properties and processing methods, which can be run for each schema type.
Class	Schema typeDefines an object type within a schema. Refers to exactly one table or view of the database based schema or exactly one object type of the non-database based schema. definition. A schema type is defined by elements listed below
Properties	Definition of a schema type's schema properties.
CommandMappings	Specifiesthe cmdlets used for editing the schema property's values.
ReturnBindings	Specifies which cmdlets from the CommandMappings list, returns values for the schema property.
ModifiedBy	Specifies which cmdlet from the CommandMappings list writes the schema property's value in the target system.
ReadConfiguration	Definition of cmdlets used to read a list of objects (ListingCommand) or to read a single object with all properties (CommandSequence).
MethodConfiguration	Definition of methods for reading, writing and deleting a schema type's objects. A method consists of a succession of cmdlets in a specified order. Equivalent methods for all processing methods used in synchronization workflows, must be defined here.

How to Set up a Synchronization Project

How to Set up a Synchronization Project

There is an wizard to assist you with setting up a synchronization project. This wizard takes you all the steps you need to set up initial synchronization with a target system. Click Next once you have entered all the data for a step.

NOTE: The following sequence describes how you configure a synchronization project if the Synchronization EditorOne Identity Manager tool for configuring target system synchronization. is both: In default mode Started from the launchpad Additional settings can be made if the project wizard is run in expert mode or is started directly from the SynchronizationThe process of comparing data between One Identity Manager and a target system. Objects and their properties are compared by fixed rules. Synchronization results in the identical data situation in the target system and One Identity Manager database. Editor. Follow the project wizard instructions through these steps.

To set up a synchronization project

1. Start the Launchpad and log on to the One Identity Manager database.

   NOTE: If synchronization is executed by an application server, connect the database through the application server.

2. Select Windows PowerShell connector. Click Run.

   This starts the Synchronization Editor's project wizard.

3. Specify how the One Identity Manager can access the target system on the System access page.
   • If you have access from the workstation from which you started the Synchronization Editor, do not set anything.
   • If you do not have access from the workstation from which you started the Synchronization Editor, you can set up a remote connection.

     In this case, set the option Connect using remote connection server and select, under Job serverServer with the One Identity Manager Service installed., the server you want to use for the connection.

4. Click Next on the start page of system connection wizard.
5. On the Connector Definition page, you enter the required Windows PowerShell cmdlets, schema types, schema properties and the information required for logging in to the target system in XML notation.

   Table 9: Connector Definition

   Property	Description
   System ID/Name	Unique name for the system connection.
   Concurrent connections	Maximum number of connections to the target system that can exist in parallel.
   Definition	Definition that the target system schema converts into cmdlet calls. Enter the definition in XML notation. To load the definition from a definition file, click . To check the definition, click .

6. Enter the data for the required connection parameter on the Connection data page. All the parameters from the ConnectionParameters element of the XML definition are queried.
7. You can save the connection data on the last page of the system connection wizard.
   • Set the option Save connection locally to save the connection data. This can be reused when you set up other synchronization projects.
   • Click Finish, to end the system connection wizard and return to the project wizard.

8. Verify the One Identity Manager database connection data on the One Identity Manager connection page. The data is loaded from the connected database. Reenter the password.

   NOTE: Reenter all the connection data if you are not working with an encrypted One Identity Manager database and no synchronization project has been saved yet in the database. This page is not shown if a synchronization project already exists.

9. The wizard loads the target system schema. This may take a few minutes depending on the type of target system access and the size of the target system.

10. Select a project template on the Select project template page to use for setting up the synchronization configuration.

    NOTE: The Windows PowerShell connection does not provide a default project template for setting up synchronization. If you have created your own project template, you can select it to configure the synchronization project. Otherwise, select Create blank project.

11. Enter the general setting for the synchronization project on the General page.

    Table 10: General Synchronization Project Properties

    Property	Description
    Display name	Display name for the synchronization project.
    Script language	Language in which the scripts for this synchronization project are written. Scripts are implemented at various points in the synchronization configuration. Specify the script language when you set up an empty project. Important: The script language cannot be changed after the synchronization project has been saved. If you use a project template, the template's script language is used.
    Description	Spare text box for additional explanation.

12. Click Finish to complete the project wizard.
13. Save the synchronization project in the database.

Updating Schemas

Updating Schemas

All the schema data (schema types and schema properties) of the target system schema and the One Identity Manager schema are available when you are editing a synchronization project. Only a part of this data is really needed for configuring synchronization. If a synchronization project is finished, the schema is compressed to remove unnecessary data from the synchronization project. This can speed up loading the synchronization project. Deleted schema data can be added to the synchronization configuration again at a later point.

If the target system schema or the One Identity Manager schema has changed, these changes must also be added to the synchronization configuration. Then the changes can be added to the schema property mapping.

To include schema data that have been deleted through compressing and schema modifications in the synchronization project, update each schema in the synchronization project. This may be necessary if:

• A schema was changed by:
  • Changes to a target system schema
  • Customizations to the One Identity Manager schema
  • A One Identity Manager update migration
• A schema in the synchronization project was shrunk by:
  • Activating the synchronization project
  • Synchronization projectA collection of all data required for synchronizing and provisioning a target system. Connection data, schema classes and properties, mappings, and synchronization workflows all belongs to this. initial save
  • Compressing a schema

To update a system connection schema

1. Open the synchronization project in the Synchronization EditorOne Identity Manager tool for configuring target system synchronization..

2. Select the category Configuration | Target system.

   - OR -

   Select the category

   Configuration | One Identity Manager connection.

3. Select the view General and click Update schema.
4. Confirm the security prompt with Yes.

   This reloads the schema data.

To edit a mapping

1. Open the synchronization project in the SynchronizationThe process of comparing data between One Identity Manager and a target system. Objects and their properties are compared by fixed rules. Synchronization results in the identical data situation in the target system and One Identity Manager database. Editor.

2. Select the category Mappings.
3. Select a mapping in the navigation view.

   Opens the MappingList of object matching rules and property mapping rules which map the schema properties of two connected systems to one another. Editor. For more detailed information about editing mappings, see One Identity Manager Target SystemAn instance of a target system in which the employees managed by One Identity Manager have access to network resources. Example: An Active Directory domain X for target system type "Active Directory", a directory Y for target system type "LDAP", a client Z for target system type "SAP R/3". Synchronization Reference Guide.