Chat now with support
Chat with Support

Identity Manager 9.2 - Administration Guide for Connecting to Custom Target Systems

Managing custom target systems Setting up scripted data provisioning in a custom target system Managing user accounts and identities Managing assignments of groups and system entitlements Login credentials for user accounts Mapping custom target system objects in One Identity Manager Treatment of custom target system objects in the Web Portal Basic configuration data for custom target systems Configuration parameters for managing custom target systems

Custom target system identifiers

To differentiate between objects from different custom target systems in the One Identity Manager database, specify an ID for each target system. Each object can be assigned to exactly one target system through this ID. You can add more properties to each ID to describe the target system in more detail.

To set up custom target systems

  • In the Designer, set the TargetSystem | UNS | CreateNewRoot configuration parameter and compile the database.

    If you disable the configuration parameter at a later date, model components and scripts that are no longer required, are disabled. SQL procedures and triggers are still carried out. For more information about the behavior of preprocessor relevant configuration parameters and conditional compiling, see the One Identity Manager Configuration Guide.

To create or edit a target system identifier

  1. In the Manager, select the Custom Target Systems > Basic configuration data > Target systems category.

  2. Select a target system in the result list. Select the Change main data task.

    - OR -

    Click in the result list.

  3. Edit the target system type main data.

  4. Save the changes.

TIP: You can also edit target system properties in the Manager in the Custom Target Systems > <target system> category.

Detailed information about this topic

General main data for custom target systems

Enter the following data for a custom target system.

Table 21: Custom target system main data

Property

Description

Target system

Name of the target system.

Target system type

Type of the target system. Several target systems can be grouped together in a target system type. You can assign user accounts to groups belonging to different target systems within a target system type.

Canonical name

Name of the target system conforming with DNS syntax.

target system name.parent target system name.primary system name

Distinguished name

Target system's distinguished name. This distinguished name is used to form distinguished names for child objects. If the target system does not supply any distinguished names, you can enter the target system identifier here, for example.

Syntax example: DC = <target system>

Display name

Name that is displayed in the One Identity Manager tools for the target system.

Account definition (initial)

Initial account definition for creating user accounts. This account definition is used if automatic assignment of identities to user accounts is used for this target system and if user accounts are to be created that are already managed (Linked configured). The account definition's default manage level is applied.

User accounts are only linked to the identity (Linked) if no account definition is given. This is the case on initial synchronization, for example.

Deferred deletion [days]

Number of days to defer deletion operations for this target system. For more information, see Setting deferred deletion for custom target system user accounts.

Target system managers

Application role in which target system managers are specified. The target system managers only modify the target system objects assigned to them. Therefore, each target system can have a different target system manager assigned to it.

Select the One Identity Manager application role whose members are responsible for administration of this target system. Use the button to add a new application role.

Synchronized by

Type of synchronization through which the data is synchronized between the target system and One Identity Manager. You can no longer change the synchronization type once objects for this target system are present in One Identity Manager.

Table 22: Permitted values
Value Synchronization by Provisioned by

Synchronization by script

none

One Identity Manager script components

No synchronization

none

none

If you select Scripted synchronization, you can define custom processes to exchange data between One Identity Manager and the target system. You can configure data imports with the program Data Import or set up synchronization with the CSV connector in the Synchronization Editor.

Types of system entitlements used

Types of system entitlements to which user accounts can be assigned in this target system.

User account has memberships

Specifies for which types of system entitlements, assignments are maintained in the user accounts.

Enable the types with assignments that are maintained in the user accounts. The assignments are stored in the UNSAccountBHasUNSGroupB, UNSAccountBHasUNSGroupB1, UNSAccountBHasUNSGroupB2, UNSAccountBHasUNSGroupB3 tables.

Disable the types with system entitlement assignments to be maintained. The assignments are stored in the UNSAccountBInUNSGroupB, UNSAccountBInUNSGroupB1, UNSAccountBInUNSGroupB2, UNSAccountBInUNSGroupB3 tables.

Example:

In the System entitlement types used menu, the values Group and System entitlement 1 are selected. In the User account has memberships menu, only the value System entitlement 1 is selected.

The assignments to the system entitlements are stored in the UNSAccountBHasUNSGroupB1 (System entitlement 1: Assignments to user accounts) and UNSAccountBInUNSGroupB (User accounts: Assignments to groups) tables.

Description

Text field for additional explanation.

Group memberships as MVP

Specifies whether group memberships can be grouped together as a list on an multi-value property column of this target system's user accounts (relevant for data import).

Container structure

Specifies whether the target system has a contain structure.

Related topics

Customizing data synchronization for custom target systems

You can make special adjustments for synchronizing data between the One Identity Manager database and target system environment. The following information is displayed for a data synchronization:

Table 23: Data synchronization main data
Property Description

synchronization server

Unique server ID. Select the server to handle the processes for the target system from the list. This synchronization server is used, for example, when provisioning is done through synchronization by script.

No write operations

Use this option to prevent changes to target system objects from the One Identity Manager database being provisioned in the target system.

Related topics

Defining categories for inheriting groups and system entitlements

NOTE: The functionality described here for groups applies equally to system entitlements.

In One Identity Manager, user accounts can selectively inherit groups. To do this, groups and user accounts are divided into categories. The categories can be freely selected and are specified using a mapping rule. Each category is given a specific position within the template. The mapping rule contains different tables. Use the user account table to specify categories for target system dependent user accounts. In the group table, enter your categories for the target system-dependent groups. Each table contains the category positions position 1 to position 63.

Prerequisites

To assign tables to the target system type

  1. In the Manager, select the Custom Target Systems > Basic configuration data > Target system types category.

  2. In the result list, select the target system type of the customer target system.

  3. Select the Assign synchronization tables task.

  4. In the Add assignments pane, assign the UNSAccountB, UNSGroupB, and UNSRootB tables.

    • If used, assign the UNSGroupB1, UNSGroupB2, and UNSGroupB3 tables.

  5. Save the changes.

To define a category

  1. In the Manager, select the target system in the Custom target systems category.

  2. Select the Change main data task.

  3. Switch to the Mapping rule category tab.

  4. Extend the relevant roots of a table.

  5. To enable the category, double-click .

  6. Enter a category name of your choice for user accounts and groups in the login language that you use.

  7. Save the changes.
Detailed information about this topic
Related Documents

The document was helpful.

Select Rating

I easily found the information I needed.

Select Rating