立即与支持人员聊天
与支持团队交流

Identity Manager 9.1.2 - Target System Synchronization Reference Guide

Target system synchronization with the Synchronization Editor Working with the Synchronization Editor Basics of target system synchronization Setting up synchronization
Starting the Synchronization Editor Creating a synchronization project Configuring synchronization
Setting up mappings Setting up synchronization workflows Connecting systems Editing the scope Using variables and variable sets Setting up start up configurations Setting up base objects
Overview of schema classes Customizing the synchronization configuration Checking the consistency of the synchronization configuration Activating the synchronization project Defining start up sequences
Running synchronization Synchronization analysis Setting up synchronization with default connectors Updating existing synchronization projects Script library for synchronization projects Additional information for experts Troubleshooting errors when connecting target systems Configuration parameters for target system synchronization Configuration file examples

General properties of a synchronization step

Enter the following general properties for a synchronization stepClosed.

Table 50: General properties of a synchronization step
Property Meaning
Name An arbitrary name for the synchronizationClosed step. The name must be unique within a synchronization workflowClosed.
Mapping Select the mapping to be processed by the synchronization step.
Synchronization in directionClosed Select the direction in which synchronization should take place.
Use workflow templateClosed The direction of synchronization is defined in the workflow.

For more information, see Properties of a workflow.

Target systemClosed One Identity Manager is the primary system for synchronization.
One Identity Manager The target system is the primary system for synchronization.
Revision filteringClosed The revision filtering can be used to limit synchronization to just the objects that have been modified since the last synchronization.

For more information, see How does revision filtering work?.

Use workflow template The desired behavior is specified with the workflow.
Use revision filter Only modified object are synchronized.
Do not use revision filter All objects are synchronized.

Exception handling

Specify whether synchronization should be continued if an error occurs during processing of synchronization objects (adding, deleting, updating, and reloading objects). Object processing is continued using the next object; the error is logged.

To optimize error localization, you can stop synchronization if an error occurs during the processing of synchronization objects. In this case, no further synchronization objects are processed.

NOTE: This property does not affect configuration, network, or general synchronization errors (for example, if it is not possible to resolve a reference). The effectiveness of this property depends on the actual error, error position, the target system, and the implementation of the target system connectors.

Use workflow template The desired behavior is specified with the workflow.
Continue on error Processing is continued with the next object. Errors are logged.

This option should be used for productive systems.

Break on error The entire synchronization is stopped.

This option should only be used to find errors, for example in going live processes.

Data import

Set this option if the synchronization step synchronizes a secondary system and changes are immediately provisioned in the primary system.

Do not set this option if the synchronization step synchronizes primaryClosedry system.

For more information, see Synchronizing user data with different systems.

Description Text field for additional explanation.
Disabled If this option is set, the synchronization step is not synchronized.

Specifying processing methods

Specify how changes to system objects should be handled on the ProcessingClosed tab. You can select the following default methods. Furthermore, the schema types of the various target systems provide additional processing methods if required.

The processing methods are defined for different sets of synchronizationClosed objects.

  • Objects only found in the target system and missing in One Identity Manager.

  • Objects only found in One Identity Manager and missing in the target system.

  • Objects with modified properties

    This means there are object pairs whose objects differ.

  • Objects without modifications

    This means there are object pairs whose objects are identical.

Table 51: Default processing methods in a synchronization step

Processing methodClosed (technical name)

Meaning

Insert

Objects that only exist in one of the connected systemClosed are added to the other system.

Delete

Objects that only exist in one of the connected system are deleted from the system.

The following applies to synchronization in One Identity Manager.

The object is immediately deleted if it came from a primary system. Deferred deletion is not taken into account. Deferred deletion is taken into account if the object comes from a secondary system. For more information, see Synchronizing user data with different systems. For more information about deferred deletion, see the One Identity Manager Configuration Guide.

Update

Objects whose properties have change are updated.

MarkAsOutstanding

Objects that only exist in the One Identity Manager are marked as outstanding during synchronizing in the direction of One Identity Manager. These objects can be reworked after synchronization is complete. Objects marked as outstanding are ignored by subsequent synchronization.

No processing

No processing methods are run.

Table 52: Meaning of the icons

Icon

Meaning

Adds an extra processing method for the object set.

If you allow several processing methods for one object set, add conditions for processing these methods.

Create a condition for running the method.

All objects are processed the same way if you do not create a condition.

Moves the processing method forwards in the running order.

Moves the processing method backwards in the running order.

Deletes the processing method.

Detailed information about this topic

Specifying additional processing methods

Some target systems provide extra processingClosed methods in addition to the default ones. One Identity Manager can run different processing methods in sequence for the same set of objects.

To define different processing methods for a set of objects

  1. Select a processing method from the menu for synchronizingClosed an object set.
  2. Click to specify another processing method for this object set. Select a processing method from the menu.
  3. Use and to specify the order in which to run the processing methods.
Example

You can enter external user IDs for One Identity Manager user accounts in SAP. User accounts that only exist in SAP are added if One Identity Manager user accounts from SAP R/3 are synchronized with One Identity Manager. The associated external user ID's are also transferred into the target system.

Object set Processing methods
Objects only found in One Identity Manager are: Insert

AddExtID

Related topics

Editing subsets

ProcessingClosed methods can be limited to a set of the objects. To do this, specify the condition under which the processing method is to be run. You can specify different processing methods for different sets of objects. These are run in the given order.

To define processing for different sets

  1. Select a processing method from the menu for synchronizingClosed an object set.
  2. Click to specify another processing method for this object set. Select a processing method from the menu.
  3. Create the conditions required for running the processing method. Click next to the method.

    Enter the condition. You can use comparisons, logical operators, and variables. You can write queries with a wizard or enter them directly.

    • Use the following expression in the condition to access the schema properties of the system in which you want the processing method to be run: Base.<schema property>
    • To access the schema properties of the other system in the condition, use the expression: Other.<schema property>
  4. Use and to specify the order in which to run the processing methods.
Example

All user accounts that only exist in Active Directory are processed as follows when synchronizing Active Directory user accounts from One Identity Manager in the direction of One Identity Manager:

 

Object set Processing methodClosed Condition
1 All user accounts, connected to an employee, are marked for deletion. MarkForDeletion Base.UIDClosed_Person <> ''
All user accounts, not connected with an employee, are deleted. Delete Base.UID_Person = ''
2 All user accounts, in container A, are deleted. Delete Base.UID_ADSContainer = '4b53ff19-6ae4-4a87-86bd-eca3ddf5ebf2'
All user accounts, not belonging to container A, are marked for deletion. MarkForDeletion Base.UID_ADSContainer <> '4b53ff19-6ae4-4a87-86bd-eca3ddf5ebf2'
       
Related topics
相关文档

The document was helpful.

选择评级

I easily found the information I needed.

选择评级