立即与支持人员聊天
与支持团队交流

Identity Manager 9.0 LTS - Administration Guide for Connecting to Google Workspace

Mapping a Google Workspace environment in One Identity Manager Synchronizing a Google Workspace customer
Setting up initial synchronization of a Google Workspace customer Customizing the synchronization configuration for Google Workspace Running synchronization Tasks following synchronization Troubleshooting Ignoring data error in synchronization Pausing handling of target system specific processes (Offline mode)
Managing Google Workspace user accounts and employees
Account definitions for Google Workspace user accounts Assigning employees automatically to Google Workspace user accounts Manually linking employees to Google Workspace user accounts Supported user account types Specifying deferred deletion for Google Workspace user accounts
Login information for Google Workspace user accounts Managing Google Workspace entitlement assignments Mapping of Google Workspace objects in One Identity Manager
Google Workspace customers Google Workspace user accounts Google Workspace groups Google Workspace products and SKUs Google Workspace organizations Google Workspace domains Google Workspace domain aliases Google Workspace admin roles Google Workspace admin privileges Google Workspace admin role assignments Google Workspace external email addresses Reports about Google Workspace objects
Handling of Google Workspace objects in the Web Portal Basic configuration data for managing a Google Workspace customer Troubleshooting the connection to a Google Workspace customer Configuration parameters for managing a Google Workspace environment Default project template for Google Workspace API scopes for the service account Processing methods of Google Workspace system objects Special features in the assignment of Google Workspace groups

Configuring single object synchronization

Changes made to individual objects in the target system can be immediately applied in the One Identity Manager database without having to start a full synchronization of the target system environment. Individual objects can only be synchronized if the object is already present in the One Identity Manager database. The changes are applied to the mapped object properties. If a membership list belongs to one of these properties, the entries in the assignment table will also be updated. If the object is no longer present in the target system, then it is deleted from the One Identity Manager database.

Prerequisites
  • A synchronization step exists that can import the changes to the changed object into One Identity Manager.

  • The path to the base object of the synchronization is defined for the table that contains the changed object.

Single object synchronization is fully configured for synchronization projects created using the default project template. If you want to incorporate custom tables into this type of synchronization project, you must configure single object synchronization for these tables. For more information about this, see the One Identity Manager Target System Synchronization Reference Guide.

To define the path to the base object for synchronization for a custom table

  1. In the Manager, select the Google Workspace > Basic configuration data > Target system types category.

  2. In the result list, select the Google Workspace target system type.

  3. Select the Assign synchronization tables task.

  4. In the Add assignments pane, assign the custom table for which you want to use single object synchronization.

  5. Save the changes.
  6. Select the Configure tables for publishing task.

  7. Select the custom table and enter the Root object path.

    Enter the path to the base object in the ObjectWalker notation of the VI.DB.

    Example: FK(UID_GAPCustomer).XObjectKey

  8. Save the changes.
Related topics

Accelerating provisioning and single object synchronization

To smooth out spikes in data traffic, handling of processes for provisioning and single object synchronization can be distributed over several Job servers. This will also accelerate these processes.

Load balancing is used only for individual provisioning processes into the customer environment to prevent parallel processing from creating inconsistent data in the target system. If the maximum number of instances on the process task or process component is set to 1 or -1, load balancing cannot take place.

NOTE: You should not implement load balancing for provisioning or single object synchronization on a permanent basis. Parallel processing of objects might result in dependencies not being resolved because referenced objects from another Job server have not been completely processed.

Once load balancing is no longer required, ensure that the synchronization server runs the provisioning processes and single object synchronization.

To configure load balancing

  1. Configure the server and declare it as a Job server in One Identity Manager.

    • Job servers that share processing must have the No process assignment option enabled.

    • Assign the Google Workspace connector server function to the Job server.

    All Job servers must access the same customer as the synchronization server for the respective base object.

  2. In the Synchronization Editor, assign a custom server function to the base object.

    This server function is used to identify all the Job servers being used for load balancing.

    If there is no custom server function for the base object, create a new one.

    For more information about editing base objects, see the One Identity Manager Target System Synchronization Reference Guide.

  3. In the Manager, assign this server function to all the Job servers that will be processing provisioning and single object synchronization for the base object.

    Only select those Job servers that have the same configuration as the base object's synchronization server.

Once all the processes have been handled, the synchronization server takes over provisioning and single object synchronization again.

To use the synchronization server without load balancing.

  • In the Synchronization Editor, remove the server function from the base object.

For more information about load balancing, see the One Identity Manager Target System Synchronization Reference Guide.

Detailed information about this topic

Running synchronization

Synchronization is started using scheduled process plans. It is possible to start synchronization manually in the Synchronization Editor. You can simulate synchronization beforehand to estimate synchronization results and discover errors in the synchronization configuration. If synchronization stopped unexpectedly, you must reset the start information to be able to restart synchronization.

If you want to specify the order in which target systems are synchronized, use the start up sequence to run synchronization. In a start up sequence, you can combine start up configurations from different synchronization projects and specify the order in which they are run. For more information about start up sequences, see the One Identity Manager Target System Synchronization Reference Guide.

Detailed information about this topic

Starting synchronization

When you set up the initial synchronization project using the Launchpad, a default schedule for regular synchronization is created and assigned. Activate this schedule to synchronize on a regular basis.

To synchronize on a regular basis

  1. In the Synchronization Editor, open the synchronization project.

  2. Select the Configuration > Start up configurations category.

  3. Select a start up configuration in the document view and click Edit schedule.

  4. Edit the schedule properties.

  5. To enable the schedule, click Activate.

  6. Click OK.

You can also start synchronization manually if there is no active schedule.

To start initial synchronization manually

  1. In the Synchronization Editor, open the synchronization project.

  2. Select the Configuration > Start up configurations category.

  3. Select a start up configuration in the document view and click Run.

  4. Confirm the security prompt with Yes.

IMPORTANT: As long as a synchronization process is running, you must not start another synchronization process for the same target system. This especially applies, if the same synchronization objects would be processed.

  • If another synchronization process is started with the same start up configuration, the process is stopped and is assigned Frozen status. An error message is written to the One Identity Manager Service log file.

    • Ensure that start up configurations that are used in start up sequences are not started individually at the same time. Assign start up sequences and start up configurations different schedules.

  • Starting another synchronization process with different start up configuration that addresses same target system may lead to synchronization errors or loss of data. Specify One Identity Manager behavior in this case, in the start up configuration.

    • Use the schedule to ensure that the start up configurations are run in sequence.

    • Group start up configurations with the same start up behavior.

相关文档

The document was helpful.

选择评级

I easily found the information I needed.

选择评级