立即与支持人员聊天
与支持团队交流

Identity Manager 8.2 - Administration Guide for Privileged Account Governance

About this guide Managing a Privileged Account Management system in One Identity Manager Synchronizing a Privileged Account Management system
Setting up the initial synchronization of a One Identity Safeguard Customizing the synchronization configuration for One Identity Safeguard Running synchronization Tasks following synchronization Troubleshooting Ignoring data error in synchronization
Managing PAM user accounts and employees Managing the assignments of PAM user groups Login information for PAM user accounts Mapping of PAM objects in One Identity Manager PAM access requests Handling of PAM objects in the Web Portal Basic data for managing a Privileged Account Management system Configuration parameters for the management of a Privileged Account Management system Default project template for One Identity Safeguard Editing One Identity Safeguard system objects One Identity Safeguard connector settings Known issues about connecting One Identity Safeguard appliances

Displaying synchronization results

Synchronization results are summarized in the synchronization log. You can specify the extent of the synchronization log for each system connection individually. One Identity Manager provides several reports in which the synchronization results are organized under different criteria.

To display a synchronization log

  1. In the Synchronization Editor, open the synchronization project.

  2. Select the Logs category.

  3. Click in the navigation view toolbar.

    Logs for all completed synchronization runs are displayed in the navigation view.

  4. Select a log by double-clicking it.

    An analysis of the synchronization is shown as a report. You can save the report.

To display a provisioning log

  1. In the Synchronization Editor, open the synchronization project.

  2. Select the Logs category.

  3. Click in the navigation view toolbar.

    Logs for all completed provisioning processes are displayed in the navigation view.

  4. Select a log by double-clicking it.

    An analysis of the provisioning is shown as a report. You can save the report.

The log is marked in color in the navigation view. This mark shows you the status of the synchronization/provisioning.

TIP: The logs are also displayed in the Manager under the <target system> > synchronization log category.

Related topics

Deactivating synchronization

Regular synchronization cannot be started until the synchronization project and the schedule are active.

To prevent regular synchronization

  1. In the Synchronization Editor, open the synchronization project.

  2. Select the start up configuration and deactivate the configured schedule.

    Now you can only start synchronization manually.

An activated synchronization project can only be edited to a limited extend. The schema in the synchronization project must be updated if schema modifications are required. The synchronization project is deactivated in this case and can be edited again.

Furthermore, the synchronization project must be deactivated if synchronization should not be started by any means (not even manually).

To deactivate the synchronization project

  1. In the Synchronization Editor, open the synchronization project.

  2. Select the General view on the home page.

  3. Click Deactivate project.

Synchronizing single objects

Individual objects can only be synchronized if the object is already present in the One Identity Manager database. The changes are applied to the mapped object properties. If a membership list belongs to one of these properties, the entries in the assignment table will also be updated.

NOTE: If the object is no longer present in the target system, then it is deleted from the One Identity Manager database.

To synchronize a single object

  1. In the Manager, select the Privileged Account Management category.

  2. Select the object type in the navigation view.

  3. In the result list, select the object that you want to synchronize.

  4. Select the Synchronize this object task.

    A process for reading this object is entered in the job queue.

Features of synchronizing memberships

If you synchronize changes in an object's member list, run single object synchronization on the assignment's root object, The base table of an assignment contains an XDateSubItem column containing information about the last change to the memberships.

Example:

Base object for assigning PAM user accounts to PAM user groups is the user group.

In the target system, a user account was assigned to a group. To synchronize this assignment, in the Manager, select the group that the user account was assigned to and run single object synchronization. In the process, all of the group's memberships are synchronized.

The user account must already exist as an object in the One Identity Manager database for the assignment to be made.

Detailed information about this topic

Tasks following synchronization

After the synchronization of data from the target system into the One Identity Manager database, rework may be necessary. Check the following tasks:

相关文档

The document was helpful.

选择评级

I easily found the information I needed.

选择评级