Sun Identity Manager 8.1 Business Administrator's Guide

Configuring Synchronization

Identity Manager uses a synchronization policy to enable synchronization for resources.

ProcedureTo Edit or Configure Synchronization

Each resource has its own synchronization policy. Use the following steps to configure or edit a synchronization policy:

  1. In the Administrator interface, click Resources in the menu.

  2. Select the resource in the Resource List for which you want to configure synchronization.

  3. Find the Resource Actions list and select Edit Synchronization Policy.

    The Edit Synchronization page for the resource opens.

    Specify the following options in the Edit Synchronization Policy page to configure synchronization:

    • Target Object Type. Select the type of users to which the policy applies, either Identity Manager Users or Service Provider Users.

      Note –

      In a Service Provider implementation you must configure a synchronization policy (with Service Provider Users specified as the object type) to enable synchronization of data for those users. For more information about service provider users, see Chapter 17, Service Provider Administration.

    • Scheduling Settings. Use this section to specify the start-up method and polling schedule.

      You can specify the following Startup Types:

      • Automatic or Automatic with failover. Starts the authoritative source when the Identity system is started.

      • Manual. Requires that an administrator start the authoritative source.

      • Disabled. Disables the resource.

        Use the Start Date and Start Time options to specify when polling begins. Specify the polling cycles by selecting an interval and entering a value for the interval (seconds, minutes, hours, days, weeks, months).

        Note –

        If you change the start-up method or polling schedule, you must restart the server for those changes to take effect.

        If you set a polling start date and time that is in the future, polling will begin when specified. If you set a polling start date and time that is in the past, Identity Manager determines when to begin polling based on this information and the polling interval.

        For example:

        • You configure active synchronization for the resource on July 18, 2005 (Tuesday).

        • You set the resource to poll weekly, with a start date of July 4, 2005 (Monday) and time of 9:00 a.m.

      In this case, the resource will begin polling on July 25, 2005 (the following Monday).

      If you do not specify a start date or time, then the resource will poll immediately. If you take this approach, each time the application server is restarted, all resources configured for active synchronization will begin polling immediately. The typical approach, is to set a start date and time.

    • Synchronization Servers. In a clustered environment, each server can run synchronization. Select an option to specify which servers will be used to run synchronization for the resource.

      • Select Use any available server if it does not matter where synchronization runs. A server will be chosen from the set of possible servers when synchronization starts.

      • Select Use the settings in to use servers specified there to run synchronization. (This feature is deprecated.)

      • Select Use specified servers, and then select one or more available servers from the Synchronization Servers list, to select specific servers to run synchronization.

    • Resource Specific Settings. Use this section to specify how synchronization will determine the data to be processed for the resource.

    • Common Settings. Specify the general settings for data synchronization activities.

      These settings include:

      • Proxy Administrator. Select the administrator who will process updates. All actions will be authorized through capabilities assigned to this administrator. You should select a proxy administrator with an empty user form.

      • Input Form. Select an input form that will process data updates. This optional configuration item allows attributes to be transformed before they are saved on the accounts.

      • Rules (optional). Select rules to use during the data synchronization process.

        You can specify the following:

        • Process Rule. Select this rule to specify a process rule to run for each incoming account. This selection overrides all other options. If you specify a process rule, the process will be run for every row, regardless of other settings on the resource. It can be either a process name, or a rule evaluating to a process name.

        • Correlation Rule. Select a correlation rule to override the correlation rule specified in the resource’s reconciliation policy. Correlation rules correlate resource accounts to Identity system accounts.

        • Confirmation Rule. Select a confirmation rule to override the confirmation rule specified in the resource’s reconciliation policy.

        • Resolve Process Rule. Select this rule to specify the name of a Task Definition to run in case of multiple matches to a record in the data feed. This should be a process that prompts an administrator for manual action. It can be a process name or a rule evaluating to a process name.

        • Delete Rule. Select a rule, which returns true or false, that will be evaluated for each incoming user update to determine if a delete operation should occur.

      • Create Unmatched Accounts. When this option is enabled (true), the adapter will attempt to create accounts that it does not find in the Identity Manager system. If not enabled, the adapter will run the account through the process returned by the Resolve Process Rule.

      • Logging Settings. Specify a value for the logging options.

        The logging options consist of the following:

        • Maximum Log Archives. If greater than zero, retain the latest N log files. If zero, then a single log file is reused. If -1, then log files are never discarded.

        • Maximum Active Log Age. After this period of time has elapsed, the active log will be archived. If the time is zero, then no time-based archival will occur. If Maximum Log Archives is zero, then the active log will instead be truncated and reused after this time period. This age criteria is evaluated independently of the time criteria specified by Maximum Log File Size.

          Enter a number, and then select the unit of time (Days, Hours, Minutes, Months, Seconds, or Weeks). Days is the default unit.

        • Log File Path. Enter the path to the directory in which to create the active and archived log files. Log file names begin with the resource name.

        • Maximum Log file Size. Enter the maximum size, in bytes, of the active log file. The active log file will be archived when it reaches maximum size. If Maximum Log Archives is zero, then the active log will instead be truncated and reused after this time period. This size criteria is evaluated independently of the age criteria specified by Maximum Active Log Age.

        • Log Level. Specify a logging level.

          The following logging levels are available:

          • 0. No logging

          • 1. Error

          • 2. Information

          • 3. Verbose

          • 4. Debug

  4. Click Save to save the policy settings for the resource.