Chat now with support
Chat with Support

Identity Manager 8.2.1 - Administration Guide for Connecting to Cloud Applications

Mapping cloud applications in One Identity Manager Synchronizing cloud applications through the Universal Cloud Interface Provisioning object changes Managing provisioning processes in the Web Portal Mapping cloud objects in One Identity Manager
Cloud applications Container structures in cloud applications User accounts in cloud applications Groups and system entitlements in cloud applications Permissions controls in a cloud application
Base data for managing cloud applications Default project template for cloud applications Cloud system object processing methods Configuration parameters for managing cloud applications

Synchronizing single objects

Individual objects can only be synchronized if the object is already present in the One Identity Manager database. The changes are applied to the mapped object properties. If a membership list belongs to one of these properties, the entries in the assignment table will also be updated.

NOTE: If the object is no longer present in the target system, then it is deleted from the One Identity Manager database.

To synchronize a single object

  1. In the Manager, select the Universal Cloud Interface category.

  2. Select the object type in the navigation view.

  3. In the result list, select the object that you want to synchronize.

  4. Select the Synchronize this object task.

    A process for reading this object is entered in the job queue.

Features of synchronizing memberships

If you synchronize changes in an object's member list, run single object synchronization on the assignment's root object, The base table of an assignment contains an XDateSubItem column containing information about the last change to the memberships.

Example:

Base object for assigning user accounts to groups is the group.

In the target system, a user account was assigned to a group. To synchronize this assignment, in the Manager, select the group that the user account was assigned to and run single object synchronization. In the process, all of the group's memberships are synchronized.

The user account must already exist as an object in the One Identity Manager database for the assignment to be made.

Detailed information about this topic

Troubleshooting

Synchronization Editor helps you to analyze and eliminate synchronization errors.

  • Simulating synchronization

    The simulation allows you to estimate the result of synchronization. This means you can, for example, recognize potential errors in the synchronization configuration.

  • Analyzing synchronization

    You can generate the synchronization analysis report for analyzing problems which occur during synchronization, for example, insufficient performance.

  • Logging messages

    One Identity Manager offers different options for logging errors. These include the synchronization log, the log file for One Identity Manager Service, the logging of messages with NLOG, and similar.

  • Reset start information

    If synchronization stopped unexpectedly, for example, because a server was not available, the start information must be reset manually. Only then can the synchronization be restarted.

For more information about these topics, see the One Identity Manager Target System Synchronization Reference Guide.

Related topics

Ignoring data error in synchronization

By default, objects with incorrect data are not synchronized. These objects can be synchronized once the data has been corrected. In certain situations, however, it might be necessary to synchronize objects like these and ignore the data properties that have errors. This synchronization behavior can be configured in One Identity Manager.

To ignoring data errors during synchronization in One Identity Manager

  1. In the Synchronization Editor, open the synchronization project.

  2. Select the Configuration > One Identity Manager connection category.

  3. In the General view, click Edit connection.

    This starts the system connection wizard.

  4. On the Additional options page, enable Try to ignore data errors.

    This option is only effective if Continue on error is set in the synchronization workflow.

    Default columns, such as primary keys, UID columns, or mandatory input columns cannot be ignored.

  5. Save the changes.

IMPORTANT: If this option is set, One Identity Manager tries to ignore commit errors that could be related to data errors in a single column. This causes the data changed in the affected column to be discarded and the object is subsequently saved again. This effects performance and leads to loss of data.

Only set this option in the exceptional circumstance of not being able to correct the data before synchronization.

Assigning default profiles to user accounts in Salesforce applications

Cloud applications such as Salesforce require a system entitlement with a specific type to be already assigned when new user accounts are created. To this purpose, a default profile is automatically assigned to cloud user accounts when they are created in One Identity Manager.

Prerequisites
  • Synchronization of a cloud application with the SCIM connector is set up in Universal Cloud Interface. When creating the synchronization project, the target product One Identity Starling Connect was selected and the One Identity Starling Connect synchronization project template was used.

  • The target system was initially synchronized.

  • Cloud application synchronization is set up in Cloud Systems Management Module.

  • The cloud target system was initially synchronized.

  • In the canonical name or display name of the cloud target system, the string Salesforce is used.

  • There is a Cloud system entitlement 2 to be used as the default profile. The system entitlement name is entered for this system entitlement (CSMGroup2.GroupName).

To change the default profile for new user accounts

  • In the Designer, edit the value of the TargetSystem | CSM | ApplicationType | Salesforce | DefaultProfileName configuration parameter and enter the name of the system entitlement 2, which is then assigned automatically to all new user accounts.

NOTE: By default, the mapping in Universal Cloud Interface is transferred to the cloud application by the vrtProfileFirst profiles~value property mapping rule in the user mapping. If the default profile in the cloud application is stored in a different schema property, adjust the property mapping rule accordingly.

TIP: If you do not want a default profile to be automatically assigned to new user accounts, disable the TargetSystem | CSM | ApplicationType | Salesforce | DefaultProfileName configuration parameter in the Designer.

Related Documents

The document was helpful.

Select Rating

I easily found the information I needed.

Select Rating