Chat now with support
Chat with Support

Identity Manager 9.2.1 - Administration Guide for Connecting to a Universal Cloud Interface

Managing Universal Cloud Interface environments Synchronizing a cloud application in the Universal Cloud Interface
Setting up initial synchronization with a cloud application in the Universal Cloud Interface Customizing the synchronization configuration Running synchronization Tasks following synchronization Troubleshooting Ignoring data error in synchronization Pausing handling of target system specific processes (Offline mode)
Provisioning object changes Managing cloud user accounts and identities Managing assignments of cloud groups and cloud system entitlements Login credentials for cloud user accounts Mapping cloud objects in One Identity Manager
Cloud target systems Container structures Cloud user accounts Cloud groups Cloud system entitlements Cloud permissions controls Reports about objects in cloud target systems
Handling cloud objects in the Web Portal Basic data for managing a Universal Cloud Interface environment Configuration parameters for managing cloud target systems Default project template for cloud applications in the Universal Cloud Interface

Updating schemas

All the schema data (schema types and schema properties) of the target system schema and the One Identity Manager schema are available when you are editing a synchronization project. Only a part of this data is really needed for configuring synchronization. If a synchronization project is finished, the schema is compressed to remove unnecessary data from the synchronization project. This can speed up the loading of the synchronization project. Deleted schema data can be added to the synchronization configuration again at a later point.

If the target system schema or the One Identity Manager schema has changed, these changes must also be added to the synchronization configuration. Then the changes can be added to the schema property mapping.

To include schema data that have been deleted through compression and schema modifications in the synchronization project, update each schema in the synchronization project. This may be necessary if:

  • A schema was changed by:

    • Changes to a target system schema

    • Customizations to the One Identity Manager schema

    • A One Identity Manager update migration

  • A schema in the synchronization project was shrunk by:

    • Enabling the synchronization project

    • Saving the synchronization project for the first time

    • Compressing a schema

To update a system connection schema

  1. In the Synchronization Editor, open the synchronization project.

  2. Select the Configuration > Target system category.

    - OR -

    Select the Configuration > One Identity Manager connection category.

  3. Select the General view and click Update schema.

  4. Confirm the security prompt with Yes.

    This reloads the schema data.

To edit a mapping

  1. In the Synchronization Editor, open the synchronization project.

  2. Select the Mappings category.

  3. Select a mapping in the navigation view.

    Opens the Mapping Editor. For more information about mappings, see the One Identity Manager Target System Synchronization Reference Guide.

NOTE: The synchronization is deactivated if the schema of an activated synchronization project is updated. Reactivate the synchronization project to synchronize.

Speeding up synchronization with revision filtering

When you start synchronization, all synchronization objects are loaded. Some of these objects have not be modified since the last synchronization and, therefore, must not be processed. Synchronization is accelerated by only loading those object pairs that have changed since the last synchronization. One Identity Manager uses revision filtering to accelerate synchronization.

One Identity Manager supports revision filtering. The date of the last target system object change (column XDateUpdated) is used as revision counter. Each synchronization saves its last run date as a revision in the One Identity Manager database (DPRRevisionStore table, Value column). This value is used as a comparison for revision filtering when the same workflow is synchronized the next time. When this workflow is synchronized the next time, the target system objects' change date is compared with the revision saved in the One Identity Manager database. Only those objects that have been changed since this date are loaded from the target system.

Synchronization is even faster if the change information on the schema type also takes deleted objects into account. If a schema type's objects were neither added, changed nor deleted, the synchronization step can be skipped. Objects must not be loaded for comparison. To take advantage of this optimization, the revision data for tables must be saved in both of the connected databases.

To use optimized revision filtering

  1. Start the Designer and connect to the target system database.

  2. Set the Common | TableRevision configuration parameter.

  3. Save the changes.
  4. Connect the Designer to the One Identity Manager database.

  5. Set the Common | TableRevision configuration parameter.

  6. Save the changes.

Now each time a table changes, the table's revision date updates. This information is stored in the QBMTableRevision table, RevisionDate column. In this way, One Identity Manager identifies whether a table object has been added, changed, or deleted.

Synchronization with revision filtering compares a table's revision date against the revision saved in the One Identity Manager database. If the revision date is older, no objects have been changed in this table since the previous synchronization. Therefore, synchronization does not carry out this step for the affected schema type. If the revision date is newer, synchronization carries out this step and the changed objects are determined as described above.

The revision is found at start of synchronization. Objects modified by synchronization are loaded and checked by the next synchronization. This means that the second synchronization after initial synchronization is not significantly faster.

Revision filtering can be applied to workflows and start up configuration.

To permit revision filtering on a workflow

  • In the Synchronization Editor, open the synchronization project.

  • Edit the workflow properties. Select the Use revision filter item from Revision filtering menu.

To permit revision filtering for a start up configuration

  • In the Synchronization Editor, open the synchronization project.

  • Edit the start up configuration properties. Select the Use revision filter item from the Revision filtering menu.

NOTE: If the Common | TableRevision is not set, all revision data in the QBMTableRevision table is deleted.

For more information about revision filtering, see the One Identity Manager Target System Synchronization Reference Guide.

Configuring single object synchronization

Single object synchronization is not supported.

Speeding up provisioning

To smooth out spikes in data traffic, handling of processes for provisioning can be distributed over several Job servers. This can speed up the provisioning process.

NOTE: You should not implement load balancing for provisioning on a permanent basis. Parallel processing of object might result in dependencies not being resolved because referenced objects from another Job server have not been completely processed.

Once load balancing is no longer required, ensure that the synchronization server runs the provisioning processes.

To configure load balancing

  1. Configure the servers and declare them as Job servers in One Identity Manager.

    • Job servers that share processing must have the No process assignment option enabled.

    • Assign the Universal Cloud Interface connector server function to the Job server.

    All Job servers must access the same cloud target system as the synchronization server for the respective base object.

  2. In the Synchronization Editor, assign a custom server function to the base object.

    This server function is used to identify all the Job servers being used for load balancing.

    If there is no custom server function for the base object, create a new one.

    For more information about editing base objects, see the One Identity Manager Target System Synchronization Reference Guide.

  3. In the Manager, assign this server function to all the Job servers that will be handling provisioning for the base object.

    Only select those Job servers that have the same configuration as the base object's synchronization server.

Once all the processes have been handled, the synchronization server takes over provisioning again.

To use the synchronization server without load balancing.

  • In the Synchronization Editor, remove the server function from the base object.

For more information about load balancing, see the One Identity Manager Target System Synchronization Reference Guide.

Detailed information about this topic
Related Documents

The document was helpful.

Select Rating

I easily found the information I needed.

Select Rating