Nexus Documentation
CURL vulnerability information (CVE-2023-38545) - Nexus awareness advisory on Microsoft's update KB5014754

Skip to end of metadata
Go to start of metadata

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 5 Next »

This article describes how to set up batch synchronization in Smart ID Identity Manager. Batch jobs can be used for example to do scheduled import of person data from Active Directory or human resources (HR) system. 

To create a batch synchronization, you first need a target data pool, a target core template, a search configuration with a corresponding data pool defining the data source, and a mapping, as described below. These tasks are done in Identity Manager Admin. The status of scheduled batch synchronizations can be viewed in Identity Manager operator UI

All search configurations and processes that are executed by a batch synchronization must be assigned to the role BaseRoleBatchSync which is defined in the Identity Manager Base package. 

To change which role is defined for batch synchronization, there is a setting in system.properties.


Prerequisites

 Prerequisites

The following prerequisites apply:

  • Installed Identity Manager

Create data pools, core template, search configuration, and mapping

 Log in to Identity Manager Admin


  1. Log in to the Identity Manager Admin as an admin user.


 Create source data pool

A source data pool is required to connect to the data source that you wish to synchronize with, for example Active Directory (LDAP) or HR system.

To add or edit data pools for batch synchronization:

  1. Go to Home > Data Pools. Add or edit a data pool, see Set up data pool in Identity Manager for a complete instruction.
    For example, do the following settings:
    1. Click Data Sources. Enter the connection details to the Active Directory (via LDAP) or HR system (via any suitable data connector) you wish to synchronize with. See Set up data pool in Identity Manager for how to connect to different data sources.
    2. Add External fields as needed.
    3. Click Field List. Change the order of the fields or the field details if needed.
    4. Save and exit the data pool.
 Create search configuration for unique identifier

A search configuration is required to search in the source data pool for the unique identifier fields.

To add or edit a search configuration for a specific batch job:

  1. Go to Home > Search Configurations. Add or edit a search configuration, select the created data pool as reference. See Set up search configuration in Identity Manager for a complete instruction.
    For example, do the following settings:
    1. Go to the General tab.
    2. Add the fields to be used as unique identifiers.
    3. Go to the Purpose tab and check Extended Search.
    4. Save and exit the search configuration.
 Create target data pool and core template

A target core template and corresponding data pool are required to store the imported data in.

To create a target core template and data pool:

  1. To create a target data pool, go to Home > Data Pools. Add or edit a data pool, see Set up data pool in Identity Manager for a complete instruction. Configure the details. Save and exit the data pool.
  2. To create a target identity template, go to Home > Identities. Add or edit an identity, see Set up identity template in Identity Manager for a complete instruction. Select the target data pool from the previous step. Configure any other details, and save and exit the identity template.
 Create mapping

To adapt the mapping for a specific batch job:

  1. Go to Home > Mappings. Add or edit a mapping, see Set up mapping in Identity Manager for a complete instruction.
    For example, do the following settings:
    1. In From Source Data Pool, select the source data pool.
    2. In To Target Data Pool, select the target data pool.
    3. Click Create references automatically, or add fields manually by clicking the plus sign + and then selecting the field names in the columns From Source Data Pool and To Target Data Pool.
    4. If you need to change a field in a mapping, select another field name in the drop-down list.
    5. Remove any fields that you don't need to use, to optimize the performance of the batch job.
    6. Save and exit the mapping.

Create batch synchronization

 Add or edit batch synchronization

To add or edit a batch synchronization:

  1. Go to Home > Batch Synchronization.
  2. To add a new batch synchronization, click +New. Enter a Name and Description. Click Save+Edit
  3. To edit an existing batch synchronization, double-click the batch synchronization name.
    The batch job configuration opens in Identity Manager Admin.
 Configure synchronization details

To adapt the batch synchronization to your data source:

  1. To edit the unique identifier, click Field Selection next to Unique fields and check the field that marks the unique identifier from your data source. It is possible to use multiple identifiers.
  2. In Source search configuration, select the created search configuration, specifying the unique identifier in the data source.
  3. In Target core template, select the target core template where the imported data will be stored.
  4. In Mapping, select the created mapping from the source to the target data pool.
 Set scheduling of the batch job

For scheduling the job, a Cron expression is required. There are Cron generators online that can be used to generate the expression to be entered in Identity Manager Admin.

To set the scheduling:

  1. Go to a Cron generator. There are Cron generators online, for example http://www.cronmaker.com/.
  2. Enter the required schedule, days, hours, and so on. Generate the Cron expression.
  3. Copy the resulting Cron expression.
  4. In Identity Manager Admin, go back to the batch synchronization and paste the Cron expression into Expression to schedule the job.

The batch synchronization job will only run if it is enabled, read more in "Activate/deactivate a batch synchronization job".

 Activate/deactivate a batch synchronization job

When you have set the scheduling of a batch synchronization job, you can chose to activate or deactivate the job with the Batch Synchronization enabled check box. 

Activate:

  1. In the Job Configuration tab, check Batch Synchronization enabled.
    1.  The batch job will run when the corresponding Cron expression is triggered.

Deactivate:

  1. In the Job Configuration tab uncheck Batch Synchronization enabled.
    1. The batch job will not run, regardless of the Cron expression.

The scheduler usually runs every minute and checks if the data of batch synchronization job was updated. If the enable flag is set, the scheduler creates a new batch sync job.

 Optional: Select a process to run for imported data

If you want to do some action for all imported or updated data, a process can be set. The process is only executed if data is inserted or updated, not for identical data.

To change which process to run in a batch job:

  1. Go back to the batch job.
  2. In Process, select the required process in the drop-down list.
  3. Save and exit the batch job.
 View status of batch job

To see the status of a batch job:

  1. Log in to the Identity Manager operator UI.
  2. Click the ADMIN tab, and then Batch sync jobs in the menu on the left.
    All scheduled batch jobs are listed with a description, status, start and end time of the last synchronization and when the next execution is due.

The configuration depends on if the check box Batch Synchronization enabled in Identity Manager Admin is checked or unchecked. Read more under heading "Activate/deactivate a batch synchronization job" above.

This article is valid for Smart ID 21.04 and later.

Related information

Links

  • No labels

Copyright 2024 Technology Nexus Secured Business Solutions AB. All rights reserved.
Contact Nexus | https://www.nexusgroup.com | Disclaimer | Terms & Conditions