Chat now with support
Chat with Support

Identity Manager 9.1 - One Identity Manager Connector User Guide

Configuring single object synchronization

Changes made to individual objects in the target system can be immediately applied in the One Identity Manager database without having to start a full synchronization of the target system environment. Individual objects can only be synchronized if the object is already present in the One Identity Manager database. The changes are applied to the mapped object properties. If the object is no longer present in the target system, then it is deleted from the One Identity Manager database.

Prerequisites
  • A synchronization step exists that can import the changes to the changed object into One Identity Manager.

  • The path to the base object of the synchronization is defined for the table that contains the changed object.

To define the path to the base object for synchronization for a table

  1. In the Manager, select the Data Synchronization > Basic configuration data > Target system types category.

  2. In the result list, select the target system type.

  3. Select the Assign synchronization tables task.

  4. In the Add assignments pane, assign the table for which you want to use single object synchronization.

  5. Save the changes.
  6. Select the Configure tables for publishing task.

  7. Select the table and enter the Root object path.

    • If a concrete base object is defined for the target system, enter the path to the base object in the ObjectWalker notation of the VI.DB.

      Example: FK(UID_GAPCustomer).XObjectKey

    • If no concrete base object is defined for the target system, enter the XObjectKey of the base table.

      Example: <Key><T>DialogTable</T><P>RMB-T-Org</P></Key>

  8. Save the changes.

Starting synchronization

Synchronization is started using scheduled process plans. A scheduled process plan is added once a start up configuration is assigned to a schedule. Use schedules to define running times for synchronization.

NOTE: Synchronization can only be started if the synchronization project is enabled.

To run synchronization regularly, configure, and activate the a schedule. You can also start synchronization manually if there is no active schedule.

IMPORTANT: As long as a synchronization process is running, you must not start another synchronization process for the same target system. This especially applies, if the same synchronization objects would be processed.

  • If another synchronization process is started with the same start up configuration, the process is stopped and is assigned Frozen status. An error message is written to the One Identity Manager Service log file.

    • Ensure that start up configurations that are used in start up sequences are not started individually at the same time. Assign start up sequences and start up configurations different schedules.

  • Starting another synchronization process with different start up configuration that addresses same target system may lead to synchronization errors or loss of data. Specify One Identity Manager behavior in this case, in the start up configuration.

    • Use the schedule to ensure that the start up configurations are run in sequence.

    • Group start up configurations with the same start up behavior.

If you want to specify the order in which target systems are synchronized, use the start up sequence to run synchronization. In a start up sequence, you can combine start up configurations from different synchronization projects and specify the order in which they are run. For more information about start up sequences, see the One Identity Manager Target System Synchronization Reference Guide.

Analyzing synchronization

Synchronization results are summarized in the synchronization log. You can specify the extent of the synchronization log for each system connection individually. One Identity Manager provides several reports in which the synchronization results are organized under different criteria.

To display a synchronization log

  1. In the Synchronization Editor, open the synchronization project.

  2. Select the Logs category.

  3. Click in the navigation view toolbar.

    Logs for all completed synchronization runs are displayed in the navigation view.

  4. Select a log by double-clicking it.

    An analysis of the synchronization is shown as a report. You can save the report.

Synchronization logs are stored for a fixed length of time.

To modify the retention period for synchronization logs

  • In the Designer, enable the DPR | Journal | LifeTime configuration parameter and enter the maximum retention period.

Post-processing outstanding objects

Objects, which do not exist in the target system, can be marked as outstanding in One Identity Manager by synchronizing. This prevents objects being deleted because of an incorrect data situation or an incorrect synchronization configuration.

Outstanding objects:

  • Cannot be edited in One Identity Manager.

  • Are ignored by subsequent synchronizations.

  • Are ignored by inheritance calculations.

This means, all memberships and assignments remain intact until the outstanding objects have been processed.

Start target system synchronization to do this.

To allow post-processing of outstanding objects

Related topics
Related Documents

The document was helpful.

Select Rating

I easily found the information I needed.

Select Rating