• State Not Answered
  • Replies 1 reply
  • Subscribers 97 subscribers
  • Views 902 views
  • Users 0 members are here
Options
Related

Detect and notify changes made on a target system

roberto berardi
over 2 years ago

Hi, I'm using oneidentity 8.2.1.
I'm looking for a way to detect all the updates made manually on a target system (AD), overwrite them and notify the changes. I thought that I can schedule a synch and use the flag "Force mapping against direction" to overwrite the updated values. After that, how can I notify the changed values by email? Do you think is good to use the dprjournal and dprjournalobect tables? There are any other ways you suggest?

Thanks,
Roberto

Parents
  • 0 over 2 years ago

    You can use the "Detect Rogue Changes" and "correct rogue changes "checkboxes in the SyncEditor mappings. This will create entries in DPRJornal tha you can (and must) parse and mail separately.

    Another option is to actually read the changed data from the targetsystem into OIM and have a (custom) process, either on INSERT or as POSTSYNC, run the templates to correct the values and run provisioning processes. The drawback is significant load on the OIM system for all the processes and calculations. On the other hand you have much more fine grained options to react on those changes. You can allow some changes in AD, start attestations depending on the change, change other object (like disable the person) or alert intrusion detection systems. Also you can persistently document/track those changes in the OIM history log/db.

Reply
  • 0 over 2 years ago

    You can use the "Detect Rogue Changes" and "correct rogue changes "checkboxes in the SyncEditor mappings. This will create entries in DPRJornal tha you can (and must) parse and mail separately.

    Another option is to actually read the changed data from the targetsystem into OIM and have a (custom) process, either on INSERT or as POSTSYNC, run the templates to correct the values and run provisioning processes. The drawback is significant load on the OIM system for all the processes and calculations. On the other hand you have much more fine grained options to react on those changes. You can allow some changes in AD, start attestations depending on the change, change other object (like disable the person) or alert intrusion detection systems. Also you can persistently document/track those changes in the OIM history log/db.

Children
No Data