立即与支持人员聊天
与支持团队交流

Identity Manager 8.2.1 - Target System Synchronization Reference Guide

Target system synchronization with the Synchronization Editor Working with the Synchronization Editor Basics of target system synchronization Setting up synchronization
Starting the Synchronization Editor Creating a synchronization project Configuring synchronization
Setting up mappings Setting up synchronization workflows Connecting systems Editing the scope Using variables and variable sets Setting up start up configurations Setting up base objects
Overview of schema classes Customizing the synchronization configuration Checking the consistency of the synchronization configuration Activating the synchronization project Defining start up sequences
Running synchronization Synchronization analysis Setting up synchronization with default connectors Updating existing synchronization projects Script library for synchronization projects Additional information for experts Troubleshooting errors when connecting target systems Configuration parameters for target system synchronization Configuration file examples

How to create property mapping rules

To create a property mappingClosed rule

  1. Select the Mappings category.
  2. In the navigation view, select a mapping.
  3. Click in the rule view menu bar for property mapping rules.
  4. Select a rule type and enter the rule details.
  5. To create a rule from a templateClosed, click .
  6. Click OK.

To create a property mapping rule by "drag and drop".

  1. Select the Mappings category.
  2. Select a mapping in the navigation view.
  3. Select the schema property to map in the schema view.
  4. Drag the schema property with the mouse from one schema view onto the schema property in the other schema view.
  5. If the schema property data types match, a property mapping rule is added for the selected schema property. You can edit the rule details later.

    If the schema property data types do not match, the conflict wizard is started which helps you create the property mapping rules.

One Identity Manager helps you to set up new property mapping rules based on existing rules. Use the mapping wizard for this.

To create a property mapping rule with the mapping wizard

  1. Select the Mappings category.
  2. In the navigation view, select a mapping.
  3. Click in the rule view menu bar for property mapping rules.
  4. Follow the mapping wizard's instructions.
  5. Test the new rule.

How to edit property mapping rules

To edit a property mappingClosed rule

  1. Select the Mappings category.
  2. Select a mapping in the navigation view.
  3. Double-click on the property mapping rule you want to edit in the rule view.
  4. Edit the rule details.
  5. Click OK.

How to delete property mapping rules

To delete a property mappingClosed rule

  1. Select the Mappings category.
  2. In the navigation view, select a mapping.
  3. Click in the rule view menu bar for property mapping rules.
  4. Confirm the security prompt with Yes.

Property mapping rule details

Enter the following details for a property mappingClosed rule.

Tip: To create a rule from a templateClosed, click .
Table 41: Property mapping rule details

Detail

Description

Rule Types

Select the rule type for a new rule.

Value compare rule

Compares the schema property value of the One Identity Manager schema with the value of a target system schema.

Multiple reference rule

Compares multi-value schema properties. The value list are compared element by element. Missing values are added; superfluous value are deleted.

Rule name

Name for the rule. The rule name must be unique within a mapping.

Click to change rule names. The rule name is used as key. Changes to the rule name may cause errors.

Display name

Rule display name.

Mapping directionClosed

Specify the permitted mapping direction for mapping selected schema properties.

Both directions

Property mapping ruleClosed is applied for both synchronizationClosed in the direction of the target system and synchronization direction One Identity Manager.

To the target system

Property mapping rule is only used for synchronizing in the direction of the target system.

To the One Identity Manager

Property mapping rule is only used for synchronizing in the direction of the One Identity Manager.

Do not assign

The property mapping rule is ignored.

You can set this value to disable a property mapping rule.

Taken from mapping

The mapping direction applies which is fixed in the mapping.

Ignore mapping direction restrictions on adding

Specifies whether the given direction of mapping is ignored when new objects are added.

If this option is set, the property mapping rule can also be run if the synchronization mapping is in the opposite direction. Property mapping rules not assigned a mapping direction are also ignore when new objects are added.

If this option is not set, the specify mapping direction is valid when new objects are added.

Example:

A telephone system is managed with One Identity Manager. The telephone system acts as the primary system when the telephone numbers are synchronized. The direction of mapping is set to One Identity Manager. The telephone number is a mandatory value in the target system.

In One Identity Manager, a new employee is added. Each employee is given and initial telephone number. These employees should be added to the target system by synchronizing them. So that the telephone numbers are written to the target system during synchronization, the Ignore mapping direction restrictions on adding option must be set on the property mapping rule.

For more information, see Detecting rogue modifications.

Description

Text field for additional explanation.

Schema propertyClosed

Select the schema properties to be mapped.

Do not overwrite

The schema property value is only changed by synchronization if the schema property does not contain a value.

Mapping condition

Condition under which the property mapping rule is used.

Click Create condition to create the condition with the wizard. For more information, see Wizard for entering filters.

Example: Left.CanonicalName = 'Managed Service Accounts'

The property mapping rule is applied to all objects assigned to the container "Managed Service Accounts" in One Identity Manager.

Table 42: Additional detail of a value compare rule

Detail

Description

Force mapping against direction of synchronization

If this option is set, the property mapping rule can also be applied if the synchronization mapping is in the opposite direction. For more information, see Mapping against the direction of synchronization.

The option can only be set if:

  • Detecting rogue modificationsClosed is disabled.

  • The direction of mapping is Target systemClosed or One Identity Manager.

The property mapping rule may not be run in both directions.

Detecting rogue modifications

Specifies whether rogue modifications are identified and logged if the direction of synchronization is opposite to the mapping direction.

The option can only be set if:

  • The direction of mapping is Target system or One Identity Manager.
  • Force mapping against direction of synchronization is disabled.

If this option is set, rogue modifications are detected and logged. The log can be evaluated after synchronization. For more information, see Synchronization analysis.

If the option is not set, the property mapping rule is ignored by synchronization.

For more information, see Detecting rogue modifications.

Correct rogue modifications

Specifies whether rogue modifications are corrected if the direction of synchronization is opposite to the mapping direction.

The option can only be set if:

  • Detecting rogue modifications is enabled.
  • The direction of mapping is Target system or One Identity Manager.
  • Force mapping against direction of synchronization is disabled.

If the option is set, the property mapping rule is run by synchronization. The object propertyClosed in the connected systemClosed is overwritten with the value from the primary system. Thus rogue changes are ignored.

If the option is not set, rogue changes are only logged.

For more information, see Detecting rogue modifications.

Ignore case

Specifies whether changes that only differ through case are ignored by the mapping. This option affects only schema properties with the String data type.

Deal with the first value of the property as a single value

If a multi-value schema property is mapped using a value compare rule, the first value from the value list is taken into account by synchronization.

Disable merge mode support

Specifies whether to disable merge mode for single provisioning of memberships in this property mapping rule. If the option is set, when memberships are provisioned and merge mode is enabled on the assignment tableClosed, the entire membership list is also transferred.

For more information, see Single membership provisioning.

Table 43: Additional detail of a multi-reference mapping rule
Member filter Description
Only include these Select all members in the value list to be mapped to the schema property of the connected system.
Exclude these Select all members in the value list not to be mapped to the schema property of the connected system.
相关文档

The document was helpful.

选择评级

I easily found the information I needed.

选择评级