立即与支持人员聊天
与支持团队交流

Identity Manager 9.2.1 - Administration Guide for Integration with OneLogin Cloud Directory

Integration with OneLogin Cloud Directory Synchronizing a OneLogin domain
Setting up initial synchronization with a OneLogin domain Customizing the synchronization configuration Running synchronization Tasks following synchronization Troubleshooting Ignoring data error in synchronization Pausing handling of target system specific processes (Offline mode)
Managing OneLogin user accounts and identities Managing memberships in OneLogin roles Login credentials for OneLogin user accounts Mapping OneLogin objects in One Identity Manager
OneLogin domains OneLogin user accounts OneLogin applications OneLogin roles OneLogin authentication methods OneLogin service providers OneLogin clients OneLogin scopes OneLogin policies OneLogin groups OneLogin privileges OneLogin custom user fields Reports about OneLogin objects
Handling of OneLogin objects in the Web Portal Base data for OneLogin domains Configuration parameters for managing OneLogin domains Default template for OneLogin domains Editing OneLogin system objects OneLogin connector settings

Synchronizing a OneLogin domain

The One Identity Manager Service is responsible for synchronizing data between the One Identity Manager database and OneLogin.

This sections explains how to:

  • Set up synchronization to import initial data from OneLogin domains to the One Identity Manager database.

  • Adjust a synchronization configuration to synchronize different OneLogin domains with the same synchronization project, for example.

  • Start and deactivate the synchronization.

  • Evaluate the synchronization results.

TIP: Before you set up synchronization with a OneLogin domain, familiarize yourself with the Synchronization Editor. For more information about this tool, see the One Identity Manager Target System Synchronization Reference Guide.

Detailed information about this topic

Setting up initial synchronization with a OneLogin domain

The Synchronization Editor provides a project template that can be used to set up the synchronization of user accounts and permissions for the OneLogin environment. You use these project templates to create synchronization projects with which you import the data from a OneLogin domain into your One Identity Manager database. In addition, processes are created that are required to provision changes to target system objects from the One Identity Manager database into the target system.

To load OneLogin objects into the One Identity Manager database for the first time

  1. Prepare a user account in the OneLogin domain with sufficient permissions for synchronization.

  2. One Identity Manager components for managing OneLogin domains are available if the TargetSystem | OneLogin configuration parameter is set.

    • In the Designer, check if the configuration parameter is set. Otherwise, set the configuration parameter and compile the database.

      NOTE: If you disable the configuration parameter at a later date, model components and scripts that are no longer required, are disabled. SQL procedures and triggers are still carried out. For more information about the behavior of preprocessor relevant configuration parameters and conditional compiling, see the One Identity Manager Configuration Guide.

    • Other configuration parameters are installed when the module is installed. Check the configuration parameters and modify them as necessary to suit your requirements.

  3. Install and configure a synchronization server and declare the server as a Job server in One Identity Manager.
  4. Create a synchronization project with the Synchronization Editor.
Related topics

Users and permissions for synchronizing with a OneLogin domain

The following users play a role in synchronizing with a OneLogin domain.

Table 2: Users for synchronization
Users Permissions

Security tokens or users for accessing the OneLogin domain

Base64-encrypted client secret or combination of user name and password.

The Manage All scope is a prerequisite for sufficient permissions.

One Identity Manager Service user account

The user account for the One Identity Manager Service requires user permissions to carry out operations at file level (adding and editing directories and files).

The user account must belong to the Domain users group.

The user account must have the Login as a service extended user permissions.

The user account requires permissions for the internal web service.

NOTE: If the One Identity Manager Service runs under the network service (NT Authority\NetworkService), you can grant permissions for the internal web service with the following command line call:

netsh http add urlacl url=http://<IP address>:<port number>/ user="NT AUTHORITY\NETWORKSERVICE"

The user account needs full access to the One Identity Manager Service installation directory in order to automatically update One Identity Manager.

In the default installation, One Identity Manager is installed under:

  • %ProgramFiles(x86)%\One Identity (on 32-bit operating systems)

  • %ProgramFiles%\One Identity (on 64-bit operating systems)

User for accessing the One Identity Manager database

The Synchronization default system user is provided to run synchronization using an application server.

Setting up a synchronization server for OneLogin domains

All One Identity Manager Service actions are run against the target system environment on the synchronization server. Data entries required for synchronization and administration with the One Identity Manager database are processed by the synchronization server.

The One Identity Manager Service with the OneLogin machine role must be installed on the synchronization server. The OneLogin machine role contains the OneLogin connector. The OneLogin connector is implemented for synchronizing and provisioning OneLogin domain objects.

Detailed information about this topic
相关文档

The document was helpful.

选择评级

I easily found the information I needed.

选择评级