Synchronization

Synchronization - contractual relationship →

Synchronization of identities has been described above. Another option is to synchronize the tree structure. We'll show sync over an example of organizational structure synchronization:

First you need to create a type of structure. In our case ORGANIZATIONS.
On the system, we create a mapping for entity type Tree. Select the type of structure you want (ORGANIZATIONS).
Create Required mapping attributes:
- identifier - The attribute contains an unambiguous element identifier from the end system. Used for parenting. It must be labeled identifier.
- code - The code is a unique identifier in the tree.
- name - Name of the element. This name will be displayed in the tree component.
- parent - An attribute pointing to your parent. From mapping point of view, this attribute must return identifier parents, Identifier from the end system. From the IDM view, parent contains a reference to the parent object, ie IdmTreeNode. Searching and conversion between system identifier and parent IDM (IdmTreeNode) do synchronization automatically.
Create optional mapping attributes. A typical example is some extended attribute.
We create sync to select the mapping you created. The tree structure synchronization configuration is similar to the synchronization of identities. In addition, it is possible to define (in the form of a Groovy script) how to "know" the roots of the tree.
Start synchronization.
Tree sync is always run as reconciliation at this time. It means setting your own filter or token will have no effect.

Basic algorithm

Root search
For each root, are recursively searched a children (based on equality value the identity UID (identifier) parent attribute parent and childe attribute). * Synchronization is started for each tree element.

Situation The account does not exist , it is solely based on a comparison of the existence of accounts on the target system against the existence of IDM accounts.

The roots of the tree are searched over the set of all accounts obtained from the target system. The reason why roots are not found using the search method on the end system is that their definition is in some cases too complex (the search criteria in the IC module are inadequate). Such a case is, for example, a situation where roots are all the elements (accounts) whose parent attribute are shown to themselves.

Root search is performed using the Groovy script in the synchronization configuration tree root / tree definition . This script runs over all system elements. If Boolean.TRUE returns, then the element is root. If it returns Boolean.FALSE , it is not the root. The entry of this script is account (IcObject), an object of the element received from the IC module.

If the root trace script is not filled, then every element whose parent attribute is null is considered to be root.

Example of a script addressing the situation described above :

if(account){
 // Get value from parent attribute
 def parentValue = account.getAttributeByName("id_nadraz_prac_mista").getValue();
 // Get value from ID attribute
 def uidValue = account.getAttributeByName("id").getValue();
 
 // Root is account, where is parent value equals with ID (externalId) value.
 if(parentValue != null && parentValue.equals(uidValue)){
     // We need clear value of parent attribute. In IDM has roots always parent = null.
     account.getAttributeByName("id_nadraz_prac_mista").setValues(null);
     return Boolean.TRUE;
 }
}
 
return Boolean.FALSE;

All roots in IDM, must have parent attribute = null. In case when is roots define different (for example parent points on itself), then is important do transformation for each root (how looks script above).

Leaving uid attribute and parent reference equal makes the synchronization loop infinitely - take care while setting the root computation script.

← Synchronization - roles

Synchronization - tree nodes

Synchronization - contractual relationship →

Synchronization - tree nodes sync tree

Basic algorithm

Finding tree roots