Chat now with support
Chat with Support

Identity Manager 8.1.5 - Administration Guide for Privileged Account Governance

Mapping a Privileged Account Management system in One Identity Manager Synchronizing a Privileged Account Management system
Setting up the initial synchronization of a One Identity Safeguard Customizing the synchronization configuration for One Identity Safeguard Executing synchronization Tasks after a synchronization Troubleshooting
Managing PAM user accounts and employees Managing the assignments of PAM user groups Provision of login information for PAM user accounts Mapping of PAM objects in One Identity Manager PAM access requests Handling of PAM objects in the Web Portal Basic data for managing a Privileged Account Management system Configuration parameters for the management of a Privileged Account Management system Default project template for One Identity Safeguard Editing One Identity Safeguard system objects Known issues about connecting One Identity Safeguard appliances About us

Accelerating provisioning and single object synchronization

To smooth out spikes in data traffic, handling of processes for provisioning and single object synchronization can be distributed over several Job servers. This will also accelerate these processes.

NOTE: You should not implement load balancing for provisioning or single object synchronization on a permanent basis. Parallel processing of objects might result in dependencies not being resolved because referenced objects from another Job server have not been completely processed.

Once load balancing is no longer required, ensure that the synchronization server executes the provisioning processes and single object synchronization.

To configure load balancing

  1. Configure the server and declare it as a Job server in One Identity Manager.

    • Assign the One Identity Safeguard connector server function to the Job server.

    All Job servers must access the same appliance as the synchronization server for the respective base object.

  2. In the Synchronization Editor, assign a custom server function to the base object.

    This server function is used to identify all the Job servers being used for load balancing.

    If there is no custom server function for the base object, create a new one.

    For more information about editing base objects, see the One Identity Manager Target System Synchronization Reference Guide.

  3. In the Manager, assign this server function to all the Job servers that will be processing provisioning and single object synchronization for the base object.

    Only select those Job servers that have the same configuration as the base object's synchronization server.

Once all the processes have been handled, the synchronization server takes over provisioning and single object synchronization again.

To use the synchronization server without load balancing.

  • In the Synchronization Editor, remove the server function from the base object.

For detailed information about load balancing, see the One Identity Manager Target System Synchronization Reference Guide.

Detailed information about this topic

Adjusting the Windows PowerShell definition of the One Identity Safeguard connector

You can use this setting to adjust the definition used by the One Identity Safeguard connector.

IMPORTANT: You should only make changes to the connector definition with the help of support desk staff. Changes to this setting will have wide ranging effects on synchronization and must be made carefully.

NOTE: A customized connection definition is not overwritten by default and must be made with careful consideration.

To customize the connector definition

  1. Open the synchronization project in the Synchronization Editor.

  2. Select Configuration | Target system.

  3. Click Edit connection.

    This starts the system connection wizard.

  4. Enable Show advanced options on the system connection wizard's start page.

  5. Customize the connector definition as required on the Advanced options page.

    1. Select Customize connector definition.

    2. Edit the definition according to the instructions given by the support desk staff. You take the following action:

      • Choose to load the definition from a file.

      • Use to test the definition for errors.

      • Choose to display the differences to the standard version.

  6. Save the changes.

Executing synchronization

Synchronization is started using scheduled process plans. It is possible to start synchronization manually in the Synchronization Editor. You can simulate synchronization beforehand to estimate synchronization results and discover errors in the synchronization configuration. If synchronization was terminated unexpectedly, you must reset the start information to be able to restart synchronization.

If you want to specify the order in which target systems are synchronized, use the start up sequence to run synchronization. In a start up sequence, you can combine start up configurations from different synchronization projects and specify the order of execution. For detailed information about start up configurations, see the One Identity Manager Target System Synchronization Reference Guide.

Detailed information about this topic

Starting synchronization

When setting up the initial synchronization project using the Launchpad, a default schedule for regular synchronizations is created and assigned. To execute regular synchronizations, activate this schedule.

To synchronize on a regular basis

  1. Open the synchronization project in the Synchronization Editor.

  2. Select the Configuration | Start up configurations category.
  3. Select a start up configuration in the document view and click Edit schedule.
  4. Edit the schedule properties.
  5. To enable the schedule, click Activate.
  6. Click OK.

You can also start synchronization manually if there is no active schedule.

To start initial synchronization manually

  1. Open the synchronization project in the Synchronization Editor.

  2. Select the Configuration | Start up configurations category.

  3. Select a start up configuration in the document view and click Execute.

  4. Confirm the security prompt with Yes.

IMPORTANT: As long as a synchronization process is running, you must not start another synchronization process for the same target system. This especially applies, if the same synchronization objects would be processed.

  • If another synchronization process is started with the same start up configuration, the process is stopped and is assigned Frozen status. An error message is written to the One Identity Manager Service log file.

    • Ensure that start up configurations that are used in start up sequences are not started individually at the same time. Assign start up sequences and start up configurations different schedules.

  • Starting another synchronization process with different start up configuration that addresses same target system may lead to synchronization errors or loss of data. Specify One Identity Manager behavior in this case, in the start up configuration.

    • Use the schedule to ensure that the start up configurations are run in sequence.

    • Group start up configurations with the same start up behavior.

Related Documents

The document was helpful.

Select Rating

I easily found the information I needed.

Select Rating