立即与支持人员聊天
与支持团队交流

Identity Manager 9.2.1 - Administration Guide for Integration with OneLogin Cloud Directory

Integration with OneLogin Cloud Directory Synchronizing a OneLogin domain
Setting up initial synchronization with a OneLogin domain Customizing the synchronization configuration Running synchronization Tasks following synchronization Troubleshooting Ignoring data error in synchronization Pausing handling of target system specific processes (Offline mode)
Managing OneLogin user accounts and identities Managing memberships in OneLogin roles Login credentials for OneLogin user accounts Mapping OneLogin objects in One Identity Manager
OneLogin domains OneLogin user accounts OneLogin applications OneLogin roles OneLogin authentication methods OneLogin service providers OneLogin clients OneLogin scopes OneLogin policies OneLogin groups OneLogin privileges OneLogin custom user fields Reports about OneLogin objects
Handling of OneLogin objects in the Web Portal Base data for OneLogin domains Configuration parameters for managing OneLogin domains Default template for OneLogin domains Editing OneLogin system objects OneLogin connector settings

Editing target system connection properties

You can also use the system connection wizard to change the connection parameters. If variables are defined for the settings, the changes are transferred to the active variable set.

NOTE: In the following circumstances, the default values cannot be restored:

  • The connection parameters are not defined as variables.

  • The default variable set is selected as an active variable set.

In both these cases, the system connection wizard overwrites the default values. They cannot be restored at a later time.

To edit connection parameters using the system connection wizard

  1. In the Synchronization Editor, open the synchronization project.

  2. In the toolbar, select the active variable set to be used for the connection to the target system.

    NOTE: If the default variable set is selected, the default values are overwritten and cannot be restored at a later time.

  3. Select the Configuration > Target system category.

  4. Click Edit connection.

    This starts the system connection wizard.

  1. Follow the system connection wizard instructions and change the relevant properties.

  2. Save the changes.
Related topics

Updating schemas

All the schema data (schema types and schema properties) of the target system schema and the One Identity Manager schema are available when you are editing a synchronization project. Only a part of this data is really needed for configuring synchronization. If a synchronization project is finished, the schema is compressed to remove unnecessary data from the synchronization project. This can speed up the loading of the synchronization project. Deleted schema data can be added to the synchronization configuration again at a later point.

If the target system schema or the One Identity Manager schema has changed, these changes must also be added to the synchronization configuration. Then the changes can be added to the schema property mapping.

To include schema data that have been deleted through compression and schema modifications in the synchronization project, update each schema in the synchronization project. This may be necessary if:

  • A schema was changed by:

    • Changes to a target system schema

    • Customizations to the One Identity Manager schema

    • A One Identity Manager update migration

  • A schema in the synchronization project was shrunk by:

    • Enabling the synchronization project

    • Saving the synchronization project for the first time

    • Compressing a schema

To update a system connection schema

  1. Select the Configuration > Target system category.

    - OR -

    Select the Configuration > One Identity Manager connection category.

  2. Select the General view and click Update schema.

  3. Confirm the security prompt with Yes.

    This reloads the schema data.

To edit a mapping

  1. In the Synchronization Editor, open the synchronization project.

  2. Select the Mappings category.

  3. Select a mapping in the navigation view.

    Opens the Mapping Editor. For more information about mappings, see the One Identity Manager Target System Synchronization Reference Guide.

NOTE: The synchronization is deactivated if the schema of an activated synchronization project is updated. Reactivate the synchronization project to synchronize.

Speeding up synchronization

When you start synchronization, all synchronization objects are loaded. Some of these objects have not be modified since the last synchronization and, therefore, must not be processed. Synchronization is accelerated by only loading those object pairs that have changed since the last synchronization. One Identity Manager uses revision filtering to accelerate synchronization.

OneLogin supports revision filtering. The change date of OneLogin objects from the OneLogin change history is used as the revision counter (OLGEvent table).

To speed up synchronization and reduce the number of synchronization entries in the change history, you can adjust the scope of the Event schema type in your synchronization project.

NOTE: However, to use Behavior Driven Governance, events must be synchronized with the types 5, 6, 7, 8, 11, 22, 29. For more information about Behavior Driven Governance, see the One Identity Manager Administration Guide for Behavior Driven Governance.

To adjust the scope

  1. Open the synchronization project in the Synchronization Editor.

  2. In the navigation, select Configuration > Target system.

  3. Select the Scope view.

  4. Click Edit scope.

  5. Select the Event schema type.

  6. Select the system filter tab and extend the existing filter definition as follows:

    event_type_id=5,6,7,8,11,22,29&since=$olgeventsincefilter$

  7. Save the changes.

Each synchronization saves the last date is was run as a revision in the One Identity Manager database (DPRRevisionStore table, Value column). This value is used as a comparison for revision filtering when the same workflow is synchronized the next time. When this workflow is synchronized the next time, the OneLogin objects' change date is compared with the revision saved in the One Identity Manager database. Only those objects that have been changed since this date are loaded from the OneLogin domain.

Optimized revision filtering is supported because OneLogin has event-based logging. Therefore, it is possible to query information about the last change to a schema type. If the objects of a schema type were neither added nor changed, the synchronization step can be skipped and the objects do not have to be loaded for comparison. The OneLogin connector provides all the relevant information.

To use optimized revision filtering

  • In the Designer, set the Common | TableRevision configuration parameter.

    Now each time a table changes, the table's revision date updates. This information is stored in the QBMTableRevision table, RevisionDate column. In this way, One Identity Manager identifies whether a table object has been added, changed, or deleted.

The revision is found at start of synchronization. Objects modified by synchronization are loaded and checked by the next synchronization. This means that the second synchronization after initial synchronization is not significantly faster.

Revision filtering can be applied to workflows and start up configuration.

To permit revision filtering on a workflow

  • In the Synchronization Editor, open the synchronization project.

  • Edit the workflow properties. Select the Use revision filter item from Revision filtering menu.

To permit revision filtering for a start up configuration

  • In the Synchronization Editor, open the synchronization project.

  • Edit the start up configuration properties. Select the Use revision filter item from the Revision filtering menu.

NOTE: If the Common | TableRevision is not set, all revision data in the QBMTableRevision table is deleted.

For more information about revision filtering, see the One Identity Manager Target System Synchronization Reference Guide.

 

Configuring single object synchronization

Changes made to individual objects in the target system can be immediately applied in the One Identity Manager database without having to start a full synchronization of the target system environment. Individual objects can only be synchronized if the object is already present in the One Identity Manager database. The changes are applied to the mapped object properties. If a membership list belongs to one of these properties, the entries in the assignment table will also be updated. If the object is no longer present in the target system, then it is deleted from the One Identity Manager database.

Prerequisites
  • A synchronization step exists that can import the changes to the changed object into One Identity Manager.

  • The path to the base object of the synchronization is defined for the table that contains the changed object.

Single object synchronization is fully configured for synchronization projects created using the default project template. If you want to incorporate custom tables into this type of synchronization project, you must configure single object synchronization for these tables. For more information about this, see the One Identity Manager Target System Synchronization Reference Guide.

To define the path to the base object for synchronization for a table

  1. In the Manager, select the OneLogin > Basic configuration data > Target system types category.

  2. In the result list, select the OneLogin target system type.

  3. Select the Assign synchronization tables task.

  4. In the Add assignments pane, assign the custom table for which you want to use single object synchronization.

  5. Save the changes.
  6. Select the Configure tables for publishing task.

  7. Select the custom table and enter the Root object path.

    Enter the path to the base object in the ObjectWalker notation of the VI.DB.

    Example: FK(UID_OLGAPIDomain).XObjectKey

  8. Save the changes.
Related topics
相关文档

The document was helpful.

选择评级

I easily found the information I needed.

选择评级