立即与支持人员聊天
与支持团队交流

Identity Manager 9.2 - Administration Guide for Connecting to a Universal Cloud Interface

Managing Universal Cloud Interface environments Synchronizing a cloud application in the Universal Cloud Interface
Setting up initial synchronization with a cloud application in the Universal Cloud Interface Customizing the synchronization configuration Running synchronization Tasks following synchronization Troubleshooting Ignoring data error in synchronization Pausing handling of target system specific processes (Offline mode)
Provisioning object changes Managing cloud user accounts and identities Managing assignments of cloud groups and cloud system entitlements Login credentials for cloud user accounts Mapping cloud objects in One Identity Manager
Cloud target systems Container structures Cloud user accounts Cloud groups Cloud system entitlements Cloud permissions controls Reports about objects in cloud target systems
Handling cloud objects in the Web Portal Basic data for managing a Universal Cloud Interface environment Configuration parameters for managing cloud target systems Default project template for cloud applications in the Universal Cloud Interface

Start up configurations for cloud application synchronization

The project wizard adds two start up configurations that run cloud application synchronization.

  • Synchronization of the cloud application

    Cloud application objects, such as user accounts, groups, group memberships, are synchronized. This is done by the Initial synchronization workflow. Synchronization is run on a daily basis by the default schedule.

  • Synchronization of pending changes

    If cloud objects are changed in the Cloud Systems Management Module, these changes must first be transferred to the Universal Cloud Interface Module and can then be provisioned in the cloud application itself. To track whether the changes have been successfully provisioned in the cloud application, they are labeled with Pending changes. The details, time of creation, and processing status of every pending change are saved. Once provisioning is complete, the processing status must be transferred from the Universal Cloud Interface to the Cloud Systems Management Module. To do this, run the Synchronization of pending changes start up configuration. This is done by the State synchronization workflow. Synchronization is run on an hourly basis with the default schedule.

Related topics

Configuring the synchronization log

All the information, tips, warnings, and errors that occur during synchronization are recorded in the synchronization log. You can configure the type of information to record separately for each system connection and synchronization workflow.

To configure the content of the synchronization log for a system connection

  1. To configure the synchronization log for target system connection, in the Synchronization Editor, select the Configuration > Target system category.

    - OR -

    To configure the synchronization log for the database connection, in the Synchronization Editor, select the Configuration > One Identity Manager connection category.

  2. In the General section, click Setup.

  3. In the Synchronization log section, set Create synchronization log.

  4. Enable the data to be logged.

    NOTE: Some content generates a particularly large volume of log data. The synchronization log should only contain data required for error analysis and other analyzes.

  5. Click OK.

To configure the content of the synchronization log for a synchronization workflow

  1. In the Synchronization Editor, select the Workflows category.

  2. Select a workflow in the navigation view.

  3. In the General section, click Edit.

  4. Select the Synchronization log tab.

  5. Enable the data to be logged.

    NOTE: Some content generates a particularly large volume of log data. The synchronization log should only contain data required for error analysis and other analyzes.

  6. Click OK.

Synchronization logs are stored for a fixed length of time.

To modify the retention period for synchronization logs

  • In the Designer, enable the DPR | Journal | LifeTime configuration parameter and enter the maximum retention period.

Related topics

Customizing the synchronization configuration

Having used the Synchronization Editor to set up a synchronization project for initial synchronization with a Universal Cloud Interface, you can use the synchronization project to load cloud application objects into the Cloud Systems Management Module. If you manage user accounts and their authorizations with One Identity Manager, changes are provisioned in the Universal Cloud Interface environment.

You must customize the synchronization configuration in order to regularly compare the cloud application and to synchronize changes.

  • To use Cloud Systems Management Module as the primary system during synchronization, create a workflow with synchronization in the direction of the Target system.

  • You can use variables to create generally applicable synchronization configurations that contain the necessary information about the synchronization objects when synchronization starts. Variables can be implemented in base objects, schema classes, or processing method, for example.

  • Use variables to set up a synchronization project for synchronizing different cloud applications. Store the connection parameter as a variable for logging in to the databases.

  • To specify which target system objects and database objects are included in synchronization, edit the scope of the target system connection and the One Identity Manager database connection. To prevent data inconsistencies, define the same scope in both systems. If no scope is defined, all objects will be synchronized.

  • Update the schema in the synchronization project if the One Identity Manager schema or target system schema has changed. Then you can add the changes to the mapping.

  • Add your own schema types if you want to synchronize data, which does not have schema types in the connector schema. Include the schema extensions in the mapping.

  • If the cloud application schema cannot be adequately represented by the default project template, customize the synchronization configuration. At the same time, define how the system entitlements are mapped in the One Identity Manager schema. When you are setting up synchronization, ensure that the base object for the cloud application(CSMRoot) is created in the database and the System entitlements types used (GroupUsageMask) and User account has memberships (UserContainsGroupList) properties are set correctly.

For more information about configuring synchronization, see the One Identity Manager Target System Synchronization Reference Guide.

Detailed information about this topic

How to configure Universal Cloud Interface synchronization

The synchronization project for initial synchronization provides a workflow for initial loading of target system objects (initial synchronization) and one for provisioning object modifications from the One Identity Manager database to the target system (provisioning). To use One Identity Manager as the primary system during synchronization, you also require a workflow with synchronization in the direction of the Target system.

To create a synchronization configuration for synchronizing Universal Cloud Interface

  1. In the Synchronization Editor, open the synchronization project.

  2. Check whether the existing mappings can be used to synchronize into the target system. Create new maps if required.

  3. Create a new workflow with the workflow wizard.

    This creates a workflow with Target system as its direction of synchronization.

  4. Create a new start up configuration. Use the new workflow to do this.

  5. Save the changes.
  6. Run a consistency check.

Related topics
相关文档

The document was helpful.

选择评级

I easily found the information I needed.

选择评级