立即与支持人员聊天
与支持团队交流

Active Roles 8.1.1 - Synchronization Service Administration Guide

Synchronization Service overview Deploying Synchronization Service Getting started Connections to external data systems
External data systems supported with built-in connectors
Working with Active Directory Working with an AD LDS (ADAM) instance Working with Skype for Business Server Working with Oracle Database Working with Oracle Database user accounts Working with Exchange Server Working with Active Roles Working with One Identity Manager Working with a delimited text file Working with Microsoft SQL Server Working with Micro Focus NetIQ Directory Working with Salesforce Working with ServiceNow Working with Oracle Unified Directory Working with an LDAP directory service Working with an OpenLDAP directory service Working with IBM DB2 Working with IBM AS/400 Working with IBM RACF Working with MySQL database Working with an OLE DB-compliant relational database Working with SharePoint Working with Microsoft 365 Working with Microsoft Azure Active Directory Configuring data synchronization with the SCIM Connector Configuring data synchronization with the Generic SCIM Connector Objects and operations supported by the SCIM Connector Example of using the Generic SCIM Connector for data synchronization
Using connectors installed remotely Creating a connection Renaming a connection Deleting a connection Modifying synchronization scope for a connection Using connection handlers Specifying password synchronization settings for a connection
Synchronizing identity data Mapping objects Automated password synchronization Synchronization history Scenarios of use Developing PowerShell scripts for attribute synchronization rules Using PowerShell script to transform passwords

Additional group object attributes for a Salesforce connection

You can specify the following additional group attributes in your Salesforce connection.

Table 46: Additional group attributes

Attribute

Description

Supported operations

vaMemberOf

Allows you to define group membership for the group in Salesforce.

NOTE: Consider the following when using this attribute:

  • This attribute is primarily intended for group membership synchronization.

  • This attribute contains references to other groups where this group is a member.

Read, Write

vaMemberOfName

Allows you to define group membership for the group.

Specify the names of Salesforce groups where you want the group to be a member.

Read, Write

vaMember

Allows you to define members of the group.

This attribute contains references to the users and/or groups that are members of a particular group.

Read, Write

vaMemberName

Allows you to define members of a particular group.

Specify the names of users and/or groups you want to be members of the group.

Read, Write

Scenario: Provisioning users from an Active Directory domain to Salesforce

This scenario illustrates how to configure a sync workflow to provision users from an Active Directory domain to Salesforce.

Configuring a connection to the source Active Directory domain

For instructions on how to create a new connection to an Active Directory domain, see Creating an Active Directory connection.

Configuring a connection to Salesforce

For instructions on how to create a new connection to Salesforce, see Creating a Salesforce connection.

Creating a new sync workflow

For instructions on how to create a new sync workflow for the configured Salesforce connection, see Scenario: Provisioning users from an Active Directory domain to Salesforce.

Configuring a workflow step

Once the required connections and the sync workflow are set, configure a new workflow step.

To configure a workflow step

  1. In the Synchronization Service Console, navigate to the Workflows tab and open the sync workflow you created by clicking its name. Then, click Add synchronization step.

  2. On the Select an action page, click Provision, then click Next.

  3. On the Specify source and criteria page, do the following:

    1. Click Specify in the Source connected system option, then click Select existing connected system, and select the Active Directory connection you configured in the Configuring a connection to source Active Directory domain step.

    2. Click Finish.

    3. In Source object type, click Select, then select the User object type from the list. Click OK.

    4. Click Next.

  4. On the Specify target page, do the following:

    1. Click Specify in the Target connected system option, then click Select existing connected system, and select the Salesforce connection you configured in the Configuring a connection to Salesforce step.

    2. Click Finish.

    3. Click Select in the Target object type option, then select the User object type from the list. Click OK.

    4. Click Next.

  5. On the Specify provisioning rules page, in the Initial Attribute Population Rules option, add rules to populate the following required attributes:

    • Username: Use this attribute to specify a Salesforce user name for the user being provisioned. Make sure the user name you specify meets the format <UserName>@<Domain>, for example jdoe@domain.com.

    • vaProfileName: Use this attribute to assign a Salesforce profile to the user being provisioned. A profile defines specific permissions a user has in Salesforce. For more information on profiles, see the Salesforce documentation. Alternatively, you can specify a Salesforce profile by using the ProfileId attribute.

    • Email: Use this attribute to specify an existing valid email address for the user being provisioned.

    • LastName: Use this attribute to specify the last name of the user being provisioned.

    • Alias: Use this attribute to specify a unique Salesforce alias for the user being provisioned. A Salesforce alias can include up to 8 characters. For more information on the Alias attribute, see the Salesforce documentation.

Running your workflow

For instructions on how to run a sync workflow, see Running a sync workflow.

Working with ServiceNow

This section describes how to create or modify a connection to ServiceNow so that Synchronization Service could work with data in that data system.

To create a connection to ServiceNow, use the ServiceNow Connector of Active Roles Synchronization Service.

The ServiceNow Connector supports the following features:

Table 47: ServiceNow Connector – Supported features

Feature

Supported

Bidirectional synchronization

Specifies whether you can both read and write data in the connected data system.

Yes

Delta processing mode

Specifies whether the connection can process only the data that has changed in the connected data system since the last synchronization operation. This reduces the overall synchronization duration.

No

Password synchronization

Specifies whether you can synchronize user passwords from an Active Directory (AD) domain to the connected data system.

Yes

Secure Sockets Layer (SSL) data encryption

Specifies whether the connector can use SSL to encrypt data transmitted between Active Roles Synchronization Service and the connected data system.

Yes

Creating a ServiceNow connection

To create a new ServiceNow connection, you must:

  1. Configure ServiceNow to accept synchronization requests from Active Roles Synchronization Service.

  2. Create a new ServiceNow connection in the Synchronization Service with the ServiceNow Connector.

  3. Synchronize the configured ServiceNow Connector schema with the connected ServiceNow instance.

Configuring ServiceNow

To configure ServiceNow

  1. Open the website of your ServiceNow instance.

  2. In the left pane of the ServiceNow website, under System Properties, click Web Services.

  3. Make sure ServiceNow requires basic authorization for incoming RSS and SOAP requests.

  4. In the right pane, make sure you clear the check box below This property sets the elementFormDefault attribute.

  5. Click Save.

Creating a new connection to ServiceNow

To create a new connection

  1. In the Synchronization Service Console, open the Connections tab.
  2. Click Add connection, then use the following options:
    • Connection name: Type a descriptive name for the connection.
    • Use the specified connector: Select ServiceNow Connector.

  3. Click Next.

  4. On the Specify connection settings page, use the following options:
    • ServiceNow instance name: Type the name of the ServiceNow instance to which you want to connect.

    • Access ServiceNow instance using. Type the user name and password of the account with which you want to access the specified ServiceNow instance.

    • Use a proxy server for your LAN: Select this check box if your LAN uses a proxy server. Then enter the proxy server address in the Proxy server box.

    • Use credentials for proxy: Select this check box if your proxy server requires authentication. Use the appropriate text boxes to specify the user name and password with which you want to authenticate.

    • Test Connection: Click this button to verify the specified connection settings.

  5. To complete the configuration of the ServiceNow connection, click Finish.

  6. Synchronize the ServiceNow Connector schema with that of the connected ServiceNow instance.

    This step is required to pass information about object classes and attributes existing in the connected ServiceNow instance to the ServiceNow Connector, so that the connector could correctly read and write data in the connected ServiceNow instance.

    To synchronize the connector schema, do the following:

    1. Below the ServiceNow connection you have just created, click the Connection settings link.

    2. On the Connection Settings tab, click the Update connector schema item to expand it.

    3. Click Update Schema.

相关文档

The document was helpful.

选择评级

I easily found the information I needed.

选择评级