RemoteConnectPlugin
To configure synchronization with a target system, One Identity Manager must load the data from the target system. One Identity Manager communicates directly with the target system to do this. Sometimes direct access from the workstation, on which the Synchronization Editor is installed, is not possible. For example, because of the firewall configuration or the workstation does not fulfill the necessary hardware and software requirements. If direct access is not possible from the workstation, you can set up a remote connection. Prerequisite for this is that the RemoteConnectPlugin is installed on the Job server.
Table 120: RemoteConnectPlugin parameters
Authentication method (AuthenticationMethod) |
ADSGroup |
Method with which incoming queries can be authenticated.
Permitted values: ADGroup |
Permitted AD group (ADGroupAuthPermittedGroup) |
|
Distinguished name or object SID of the Active Directory group whose members are permitted to use a remote connection. This parameter is only required for the ADGroup authentication method. |
Port (Port) |
2880 |
Port for reaching the server. |
NOTE: Authentication of a remote connection can only be done through an Active Directory group.
File module with private key
In this module, you provide the data for files with a private key. Use this parameter if you work with several private keys, for example, if One Identity Manager Service data must be exchanged between two encrypted One Identity Manager databases.
If no key is entered here, the private key file from the File with private key (PrivateKey) parameter of the JobServiceDestination is used.
To enter a file with a private key
-
Click New and enter the following information:
-
Property: Enter the ID of the private key. The ID is expected in the JobServiceDestination in the Private key identifier parameter (PrivateKeyId). The default key has the ID Default.
-
Value: Enter the path of the private key file. You can enter the absolute or relative path to the One Identity Manager Service.
Example: Configuration in the file jobservice.cfg.
configuration>
<category name="privatekeys">
<value name="Default">private.key</value>
<value name="Key2">key2.key</value>
<value name="OtherKey">C:\Path\To\Other.key</value>
</category>
</configuration>
Related topics
Tracking changes with process monitoring
With One Identity Manager, it is possible to create a change history for objects and their properties. This can be used to fulfill reporting duties for internal committees and legal obligations for providing documentary evidence. Different methods can be used to track changes within One Identity Manager. With this combination of methods, all changes that are made in the One Identity Manager system can be traced.
-
Recording data modifications
Modifications to data can be recorded for add or delete operations on objects, and up to and including changes to individual object properties.
-
Recording process information
Recording process information allows all processes and process steps to be tracked while being processed by One Identity Manager Service.
-
Recording messages in the process history
In the process history, success, and error messages from handling each process step in the Job queues are recorded by the One Identity Manager Service.
All entries logged in One Identity Manager are initially saved in the One Identity Manager database. The proportion of historical data to total volume of a One Identity Manager database should not exceed 25 percent. Otherwise, performance problems may arise. You must ensure that log entries are regularly removed from the One Identity Manager database and archived. For more information about archiving data, see the One Identity Manager Data Archiving Administration Guide.
Detailed information about this topic
Basic rules for process monitoring
To use process monitoring in One Identity Manager.
-
In the Designer, check if the Common | ProcessState configuration parameter is set. If not, set the configuration parameter.
If the configuration parameter is set, you can configure process monitoring. In addition, the process view is enabled in the Manager.
-
You can control the extent of the logging using the configuration settings for each method.
The methods implemented by One Identity Manager allow monitoring of all modifications to the system that are triggered by a user action. Each action in One Identity Manager is labeled with a unique ID number. This ID number is called a GenProcID. All changes that can be traced back to the same cause are given the same GenProcID and are grouped in this way. If a previously stored action does not pass a GenProcID to the current action, a new ID is automatically created.
If an action is triggered from the One Identity Manager’s object layer, the GenProcID is written to the context data of the database connection. The logged in user is also noted in the context data and is made available in this way.
A new GenProcID is generated by the trigger if an action takes place directly in the database or through an application that works without the One Identity Manager object layer. This GenProcID is valid for the duration of the database connect, which means that all changes belong to the same action and link to the same GenProcID. The user data is made up of the database user’s name, the MAC address and the workstation name as well as the application name.
All actions (process triggers) that cause changes to the system, and their actual status information, are logged internally in the DialogProcess status table. Logging takes place independent of the chosen change history method. This log writing therefore provides a starting point for monitoring and allows the changes based on one action to be grouped together.
The following information is recorded for one action:
-
ID number (GenprocID)
-
Display name for the action
-
Base object that the action is triggered for
-
User that triggered the action
-
Time of action
-
Object key for selecting the process trigger
-
Comment on the action
-
Current process status
NOTE: The information is displayed in the Manager in the process view. For more information, see the One Identity Manager Operational Guide.
Detailed information about this topic