Previous Topic: Create a Directory MonitorNext Topic: Synchronize Users

Administration GuideUsersAdding Users to CA CloudMinderDirectory Synchronization for On-Premise MonitoringCreate a Directory Syncronization Template

Create a Directory Syncronization Template

Synchronization templates control how local changes are propagated to your endpoints, and how they are formatted. You can create a synchronization template to connect your local user store with the cloud.

Follow these steps:

  1. Log in to CA IAM Connector Server, and select the Directory Sync tab.
  2. Click the monitor entry where you want to add a synchronization template, and click Add in the Template area.

    The Add Template dialog appears.

  3. Enter a name, select Cloud Server from the server type pull-down menu, and the endpoint type you want from the Endpoint Type pull-down menu.
  4. Click the Browse button and navigate to the account container where your synchronized accounts are stored, if needed.
  5. Select the User Store tab,
    1. Select the LDAP URI for the user store you want to synchronize in the Monitor Source area.
    2. Click Browse to locate container details in the Trigger Container area,

      or

    3. Add a Trigger group:
      1. Click Add in the Trigger Groups area.
      2. Enter a filter value if you want to refine the search for available groups. You can also accept the default in the Add Trigger Group dialog, and click Search.

        A list of available Active Directory groups appears.

      3. Select the group or groups you want using the shuttle control, and click OK.
    4. To enter an optional filter statement in the User inclusion filter area, click the Filter checkbox.
  6. Select the Attributes tab to configure how the template maps Active Directory source information to the target endpoint:
    1. Set required attribute mappings by selecting available mapping targets from the Maps To pull-down menu. You can also type a literal string.
    2. Set mappings for other available attributes as desired. Select a policy setting (WEAK or STRONG) for each mapping you add.

      For single-value attributes, you need only be sure that the policy is not NONE. For multivalued attributes, Strong replaces any existing attribute value in the endpoint, and weak adds the new attribute value to any existing endpoint values.

    3. If the standard mapping table does not meet your needs, use the advanced editor. Click Advanced to display the editor. The advanced editor allows you to:
      • Use JavaScript evaluated attribute values.
      • Pick object references for association values.
      • Set alternate attribute mappings or default values that apply when the primary mapping cannot be resolved.
    4. To set additional synchronization preferences, select the Options tab, and select one or more of the following settings:
      Suspend Deleted Accounts

      Suspends cloud-based accounts when the corresponding ADS user is deleted.

      Send Modifications as Deltas:

      Sends only modified user attributes during a synchronization, not all user attributes.

      One Level:

      Synchronizes only ADS users in the parent Trigger Container. Users in child containers are ignored.

      Send Renames as Delete/Add:

      Synchronizes changed 'User ID’ attributes by deleting the older entry and replacing it with the new information. For example, if you change from sAMAccountName to uid, synchronization deletes the cloud-based accounts and recreates them with new User ID values, rather than renaming them.

  7. Click OK.