Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Comment: updated name to Identity Manager

This article describes how to set up batch synchronization in Smart ID Identity Manager (PRIME). Batch jobs can be used for example to do scheduled import of person data from Active Directory or human resources (HR) system. 

To create a batch synchronization, you first need a target data pool, a target core template, a search configuration with a corresponding data pool defining the data source, and a mapping, as described below. These tasks are done in Identity Manager Admin (PRIME Designer). The status of scheduled batch synchronizations can be viewed in Identity Manager main client operator UI (PRIME Explorer)

Note

All search configurations and processes that are executed by a batch synchronization must be assigned to the role BaseRoleBatchSync which is defined in the PRIME Identity Manager Base package. 

To change which role is defined for batch synchronization, there is a setting in system.properties.


Prerequisites

Expand
titlePrerequisites

The following prerequisites apply:

  • Installed PRIMEIdentity Manager

Create data pools, core template, search configuration, and mapping

Expand
titleLog in to PRIME DesignerIdentity Manager Admin
  1. Log in to the PRIME DesignerIdentity Manager Admin as an admin user.


Expand
titleCreate source data pool

A source data pool is required to connect to the data source that you wish to synchronize with, for example Active Directory (LDAP) or HR system.

To add or edit data pools for batch synchronization:

  1. Go to Home > Data Pools. Add or edit a data pool, seeSet up data pool in Identity Manager for a complete instruction.
    For example, do the following settings:

    1. Click Data Sources. Enter the connection details to the Active Directory (via LDAP) or HR system (via any suitable data connector) you wish to synchronize with. SeeSet up data pool in Identity Manager for how to connect to different data sources.
    2. Add External fields as needed.
    3. Click Field List. Change the order of the fields or the field details if needed.
    4. Save and exit the data pool.


Expand
titleCreate search configuration for unique identifier

A search configuration is required to search in the source data pool for the unique identifier fields.

To add or edit a search configuration for a specific batch job:

  1. Go to Home > Search Configurations. Add or edit a search configuration, select the created data pool as reference. See Set up search configuration in Identity Manager for a complete instruction.
    For example, do the following settings:
    1. Go to the General tab.
    2. Add the fields to be used as unique identifiers.
    3. Go to the Purpose tab and check Extended Search.
    4. Save and exit the search configuration.


Expand
titleCreate target data pool and core template

A target core template and corresponding data pool are required to store the imported data in.

To create a target core template and data pool:

  1. To create a target data pool, go to Home > Data Pools. Add or edit a data pool, see Set up data pool in Identity Manager for a complete instruction. Configure the details. Save and exit the data pool.
  2. To create a target identity template, go to Home > Identities. Add or edit an identity, see Set up identity template in Identity Manager for a complete instruction. Select the target data pool from the previous step. Configure any other details, and save and exit the identity template.


Expand
titleCreate mapping

To adapt the mapping for a specific batch job:

  1. Go to Home > Mappings. Add or edit a mapping, see Set up mapping in Identity Manager for a complete instruction.
    For example, do the following settings:
    1. In From Source Data Pool, select the source data pool.
    2. In To Target Data Pool, select the target data pool.
    3. Click Create references automatically, or add fields manually by clicking the plus sign + and then selecting the field names in the columns From Source Data Pool and To Target Data Pool.
    4. If you need to change a field in a mapping, select another field name in the drop-down list.
    5. Remove any fields that you don't need to use, to optimize the performance of the batch job.
    6. Save and exit the mapping.

Create batch synchronization

Expand
titleAdd or edit batch synchronization

To add or edit a batch synchronization:

  1. Go to Home > Batch Synchronization.
  2. To add a new batch synchronization, click +New. Enter a Name and Description. Click Save+Edit
  3. To edit an existing batch synchronization, double-click the batch synchronization name.
    The batch job configuration opens in PRIME DesignerIdentity Manager Admin.


Expand
titleConfigure synchronization details

To adapt the batch synchronization to your data source:

  1. To edit the unique identifier, click Field Selection next to Unique fields and check the field that marks the unique identifier from your data source. It is possible to use multiple identifiers.
  2. In Source search configuration, select the created search configuration, specifying the unique identifier in the data source.
  3. In Target core template, select the target core template where the imported data will be stored.
  4. In Mapping, select the created mapping from the source to the target data pool.


Expand
titleSet scheduling of the batch job

For scheduling the job, a Cron expression is required. There are Cron generators online that can be used to generate the expression to be entered in PRIMEIdentity Manager Admin.

To set the scheduling:

  1. Go to a Cron generator. There are Cron generators online, for example http://www.cronmaker.com/.
  2. Enter the required schedule, days, hours, and so on. Generate the Cron expression.
  3. Copy the resulting Cron expression.
  4. In PRIME DesignerIdentity Manager Admin, go back to the batch synchronization and paste the Cron expression into Expression to schedule the job.


Expand
titleOptional: Select a process to run for imported data

If you want to do some action for all imported or updated data, a process can be set. The process is only executed if data is inserted or updated, not for identical data.

To change which process to run in a batch job:

  1. Go back to the batch job.
  2. In Process, select the required process in the drop-down list.
  3. Save and exit the batch job.


Expand
titleView status of batch job

To see the status of a batch job:

  1. Log in to PRIME ExplorerIdentity Manager.
  2. Click the ADMIN tab, and then Batch sync jobs in the menu on the left.
    All scheduled batch jobs are listed with a description, status, start and end time of the last synchronization and when the next execution is due.