Following a synchronization,
To manage the user accounts using account definitions, assign an account definition and a manage level to these user accounts.
Synchronization Editor helps you to analyze and eliminate synchronization errors.
The simulation allows you to estimate the result of synchronization. This means you can, for example, recognize potential errors in the synchronization configuration.
You can generate the synchronization analysis report for analyzing problems which occur during synchronization, for example, insufficient performance.
The One Identity Manager offers different options for logging errors. These include the synchronization log, the log file for One Identity Manager Service, the logging of messages with NLOG, and similar.
Reset start information
If synchronization was terminated unexpectedly, for example, because a server was not available, the start information must be reset manually. Only then can the synchronization be restarted.
For more information about these topics, see the One Identity Manager Target System Synchronization Reference Guide.
The central component of One Identity Manager is to map employees and their master data with permissions through which they have control over different target systems. For this purpose, information about user accounts and permissions can be read from the target system into the One Identity Manager database and linked to employees. This gives an overview of the permissions for each employees in all of the connected target systems. One Identity Manager provides the possibility to manage user accounts and their permissions. You can provision modifications in the target systems. Employees are supplied with the necessary permissions in the connected target systems according to their function in the company. Regular synchronization keeps data consistent between target systems and the One Identity Manager database.
Because requirements vary between companies, One Identity Manager offers different methods for supplying user accounts to employees. One Identity Manager supports the following method for linking employees and their user accounts.
Employees can automatically obtain their account definitions using user account resources. If an employee does not yet have a user account
When you manage account definitions through user accounts, you can specify the way user accounts behave when employees are enabled or deleted.
For detailed information about employee handling and administration, see the One Identity Manager Target System Base Module Administration Guide.
One Identity Manager has account definitions for automatically allocating user accounts to employees during working hours. You can create account definitions for every target system. If an employee does not yet have a user account in a target system, a new user account is created. This is done by assigning account definitions to an employee.
Specify the manage level for an account definition for managing user accounts. The user account’s manage level specifies the extent of the employee’s properties that are inherited by the user account. This allows an employee to have several user accounts in one target system, for example:
For more detailed information about the principles of account definitions, manage levels, and determining the valid IT operating data, see the One Identity Manager Target System Base Module Administration Guide.
The following steps are required to implement an account definition:
Creating account definitions
Configuring manage levels
Creating the formatting rules for IT operating data
Determining IT Operating Data
Assigning account definitions to employees and target systems