Identity Manager 9.1 - Target System Synchronization Reference Guide

If objects, which mapList of object matching rules and property mapping rules which map the schema properties of two connected systems to one another. a hierarchy, are synchronizedThe processSequence of process steps for mapping an operational workflow. The process steps are connected to one another by predecessor/successor relationships. This functionality allows flexibility when linking up actions and sequences on object events. of comparing data between One Identity Manager and a target system. Objects and their properties are compared by fixed rules. Synchronization results in the identical data situation in the target system and One Identity Manager database. the following errors can occur:

• Objects are mapped to the wrong position in the hierarchy.
• Objects are not loaded.

Probable reason

The parent objects could not be referenced. If the parent object is a mandatory property, the child objects cannot be saved.

By default, objects are processed in blocks of 1024 each during synchronization. Objects are loaded in random order. Therefore, a child object might be processed before its parent object has been loaded. Thus the parent object cannot be assigned.

Example: Importing cost center with the CSV connector

Cost centers make up an object hierarchy. The respective parent object is assigned through the UIDArtificial primary key generated by One Identity Manager as soon as the object is inserted into the One Identity Manager database. The UID is a unique value, which does not change even if the properties of an object change. An object is identified by a UID and can be uniquely referenced by it._ParentProfitCenter column. The complete hierarchy path is kept in the FullPath column.

During synchronization, a cost center might be loaded before its parent cost center. Therefore, the parent cost center cannot be referenced. Because the parent cost center is not a mandatory property, the object is loaded but appears at a strange place in the hierarchy. A different full name is formatted in the database as given in the CSV file. If the full name is the only matching criteria for identifying the object the objects cannot be assigned uniquely.

Solution

To prevent the error

• Label the column containing the hierarchy path as the sort criteria in the target system schema and set the partition size to "1".

  The objects are sorted by hierarchy path during synchronization and loaded one by one in the database in this order. This ensures that the parent object is already loaded and can be referenced.

• Ensure manual dependency resolution is set in the synchronization workflowSpecifies the order of all the synchronization stepsSpecific rule for processing exactly two schema classes. to be run during synchronization..

  This can be necessary in certain situations, for example, when synchronizing cost centers. In this case, the full name is the only matching criteria. In the One Identity Manager database this is put together from the cost center name (AccountNumber column) and the full name of the parent object. In the case of automated dependency resolution, the parent objects are not assigned until the second synchronization step. Therefore, no parent objects are assigned after the first synchronization step. The full name is only formatted from the cost center name. All child objects therefore, have another full name in the database as in the target system. In the second synchronization step, there objects can no longer be identified. Thus parent objects cannot be assigned by it.

  In the case of manual dependency resolution, all property mapping rules are run in one synchronization step. The parent object assigned immediately. This way, the templateRule for mapping object properties. Templates can be applied to an object and also have a cross-object effect. finds the correct full names.

To mark a column as sort criterion

1. Edit the target system schema in the Synchronization EditorOne Identity Manager tool for configuring target system synchronizationPost processing of objects that were marked as outstanding by synchronization...
   1. Select the Configuration > Target systemAn instance of a target system in which the employees managed by One Identity Manager have access to network resourcesEquipment that is necessary for an employee's work efficiency, for example, mobile phones, desks, company cars, or keys. Resources can be any equipment that is not system entitlements, devices, or software.. Example: An Active Directory domain X for target system type "Active Directory", a directory Y for target system type "LDAP", a client Z for target system type "SAP R/3". category.

   2. Click Edit connection.

      This starts the system connection wizard.

2. Select the page where you can edit the Hierarchical sort order option.

   NOTE: The system connection wizards of the various target systems display different pages. For example, in the system connection wizard for CSV systems, select the Display information page.
3. Select the column containing the hierarchy path.
4. Enable the Hierarchical sort order option.
5. Save the changes.

To adjust the partition size

1. Enable expert mode in the Synchronization Editor.
   1. Select the Database > Settings... menu.
   2. Enable Enable expert mode.
   3. Click OK.
2. Edit the start up configuration properties.
   1. Select the Configuration > Start up configurations category.
   2. Select the start up configuration in the document view and click Edit....
3. Select the Advanced tab.
4. Enter the value "1" in Partition size.

   For more information about start up configuration advanced properties, see the One Identity Manager Target System Synchronization Reference Guide.

5. Click OK.
6. Disable expert mode

To set manual dependency resolution

1. Edit the workflow properties.
   1. Select the Workflows category.
   2. Select the workflow in the navigation view.
   3. Select the General view in the Workflowsee decision workflow, see provisioning workflowSpecifies the order in which the synchronization steps are provisioned., see synchronization workflow, Editor and click Edit.
2. Select the value "Manual" in the Dependency resolution field.
3. Click OK.
4. Save the changes.

5. Activate the synchronization projectA collection of all data required for synchronizing and provisioning a target system. Connection data, schema classes and properties, mappings, and synchronization workflows all belongs to this..