Chat now with support
Chat with Support

Identity Manager 9.1 - Target System Synchronization Reference Guide

Target system synchronization with the Synchronization Editor Working with the Synchronization Editor Basics of target system synchronization Setting up synchronization
Starting the Synchronization Editor Creating a synchronization project Configuring synchronization
Setting up mappings Setting up synchronization workflows Connecting systems Editing the scope Using variables and variable sets Setting up start up configurations Setting up base objects
Overview of schema classes Customizing the synchronization configuration Checking the consistency of the synchronization configuration Activating the synchronization project Defining start up sequences
Running synchronization Synchronization analysis Setting up synchronization with default connectors Updating existing synchronization projects Script library for synchronization projects Additional information for experts Troubleshooting errors when connecting target systems Configuration parameters for target system synchronization Configuration file examples

How to remove unnecessary project data

All the schema data (schema types and schema properties) of the target system schema and the One Identity Manager schema are available when you are editing a synchronization projectClosed. Only a part of this data is really needed for configuring synchronization. If a synchronization project is finished, the schema is compressed to remove unnecessary data from the synchronization project. This can speed up the loading of the synchronization project.

  • Activating the Synchronization Project

    Unnecessary schema data is automatically removed from the synchronization project on activation.

  • Shrink schema
    1. Schemas are shrunk when the synchronization project is saved for the first time.
    2. Each time the system is connected, you have the option to shrink the schema.

      All the schema types that are not currently in use are displayed in a dialog. You may remove these from the synchronization project. Here you can select the schema types that should remain available for you to use later.

To shrink the system connection schema

  1. Select Configuration | Target systemClosed.

    - OR -

    Select Configuration | One Identity Manager connection.

  2. Click Shrink schema... in the General view.
  3. Mark all the schema types that should not be removed.

    These schema types remain there and can still be used in the synchronization configuration.

  4. Click OK.

You can add the deleted schema data back into the synchronization project again later. To do this you must update the respective schema.

Related topics

Updating schemas

To include schema data that have been deleted through compression and schema modifications in the synchronization projectClosed, update each schema in the synchronization project. This may be necessary if:

  • A schema was changed by:

    • Changes to a target system schema

    • CustomizationsClosed to the One Identity Manager schema

    • A One Identity Manager update migration

  • A schema in the synchronization project was shrunk by:

    • Enabling the synchronization project

    • Saving the synchronization project for the first time

    • Compressing a schema

To update a system connection schema

  1. Select the Configuration > Target systemClosed category.

    - OR -

    Select the Configuration > One Identity Manager connection category.

  2. Select the General view and click Update schema.

  3. Confirm the security prompt with Yes.

    This reloads the schema data.

Then you can add the changes to the schema property mapping.

NOTE: The synchronization is deactivated if the schema of an activated synchronization project is updated. Reactivate the synchronization project to synchronize.

Related topics

Synchronizing and provisioning memberships

Memberships, such as user accounts in groups, are saved in assignment tablesClosed in the One Identity Manager database. Membership lists are commonly maintained as an object propertyClosed in the target system. If a membership is modified in One Identity Manager, the object must be updated.

Changing a membership label

To label whether a membership was changed, a base table assignment is maintained, which maintains information about the last change of membership in the Dependencies modification date column (XDateSubItem). During provisioning of modified memberships, One Identity Manager decided which objects must be updated based on this date. In the case of synchronizationClosed with revision filtering, the highest value from XDateSubItem and XDateUpdated is used as a revision counterClosed for the database objects.

If a membership is changed in One Identity Manager, the change date for dependencies must updated so that the modification can be provisioned.

Prerequisites

  • The base table has the XDateSubItem column.

  • The Update dependencies modification date property is true in the table relation between assignment and base table (QBMRelation.IsForUpdateXDateSubItem = TRUE).

Figure 13: Memberships in the One Identity Manager database

If a membership changes (through insertion, deletion, or resetting of status "Outstanding") a task for updating the XDateSubItem column of the base table is queued in the DBQueueClosed (QBM-K-XDateSubItemUpdate). If necessary, more processing tasksClosed, for example, calculating inheritance, are queued in the DBQueue. These tasks are handled first. The QBM-K-XDateSubItemUpdate task is deferred until all the processing tasks for the modified object and the module to which it belongs, have been handled. If other memberships in this module are changed in the meantime, these changes are collected by the existing task for updating the XDateSubItem column and subsequently handled together. Once the QBM-K-XDateSubItemUpdate task is run, an update task for the XDateSubItem column is queued in the Job queueClosed. The column value is updated. The task for provisioning changed memberships is then placed in the Job queue.

Figure 14: Processing a membership change in One Identity Manager

Example

Active Directory user account membership in an Active Directory group is deleted in One Identity Manager (ADSAccountInADSGroup table). The change date for dependencies is updated on the Active Directory group (ADSGroup.XDateSubItem). The change to the membership for this Active Directory group is provisioned in the target system. The next time synchronization with revision filtering is run, XDateSubItem is taken as the highest change date for the revision counter and is compared to the schema type's revision in the target system schema.

Related topics
Related Documents

The document was helpful.

Select Rating

I easily found the information I needed.

Select Rating