Product: OneSync
Audience: ClassLink Administrator
Destinations are directories or services to which OneSync can export user accounts and data. Valid destinations include Microsoft Active Directory, Microsoft Azure, CSV files, and Google GSuite. Each destination type requires credentials or authorization in order to properly access the destination. To learn more about authorization, click here.
Overview
- Add a Destination
- Select Users
- Default Mappings
- Custom Mappings
- Groups
- Events and Actions
- Destination Chaining
- Advanced Settings and Additional Tools
- Authorization and Running Exports
Add a Destination
The following table details the steps required to add a destination to OneSync.
Step | Required | Description |
Destination Details | Yes | Define and edit this destination’s basic details. |
Select Users | Yes | Select the collection of users that will be exported to this destination. |
Default Mappings | Yes | Define the mappings between OneSync fields and this Destination’s fields. These mappings will be applied to all users in this destination. For example, you can set the default password for all users in a destination. |
Custom Mappings | No | For specific sets of users, define the custom mappings between OneSync fields and this Destination’s fields, which will override the default mappings. These users are a subset of the previously selected collection of users. |
Groups | No | Define which destination group a user will be provisioned to, given a certain set of conditions. |
Events & Actions | No | Define what event will occur when a user triggers a certain set of conditions |
Advanced Options | No | Set miscellaneous settings. |
Save Destination | Yes | You must click the “Save Destination” button in the lower right-hand corner in order for changes to take effect |
Note: During the destination creation process, it is possible to skip through all the tabs after the Destination Details tab by hitting the Next button. This will automatically generate a collection and set formatted default mappings based on the destination type.
Note: Additional tools are included in the destination creation and management process. To learn more about them, click here.
Select Users
To start creating a destination, you must first select the users that will be exported to this destination. You will form collections of users via conditions. You can click the eye icon which is located on the right side of a collection to preview that specific group of users. Click here to read more about the selection process and the logic used to achieve it.
Default Mappings
Destination Mappings, including default, custom, and groups, are used to set the values for properties in a destination. To assist in this process, OneSync offers Text Transformations that can be used to create custom alphanumeric strings based on an individual user’s properties. Selected fields from sources will be formatted with green text in Destination Mappings since unmapped fields will return an error. You can preview Default Mappings by pressing the eye icon next to the Save Destination button.
To prevent subsequent syncs from overwriting previously exported data of a specific mapping, you can click the arrows between OneSync and destination mappings to set override settings for that specific mapping. Current settings include: always map and only map when adding user.
Custom Mappings
Custom Mappings define mappings that override the default mappings for users based on defined conditions. Multiple custom mappings are organized by priority, with the greatest priority labeled as 1. If you make no custom mappings, then selected users will inherit the default mappings. You can use custom mappings in conjunction with the override settings for each mapping. You can also preview custom mappings by pressing the eye icon on the right side of a mapping.
Groups
In Groups, you can select users based on one or more conditions to add to a destination group. If users no longer satisfy the conditions for a group or that group's name is changed, they will be removed from that group.
Depending on the destination, you must enter a group path in a specific format:
- Active Directory: “CN=[insert group name here, OU=[insert OU Path here]”, without the quotes or brackets. An OU is not required if the group will be inserted into the base path. If multiple OU’s are used, they should be listed from most specific to least specific.
- GSuite: “ExampleGroupMapping@domain.com”, without the quotes. The group is an email address with a domain registered in GSuite.
-
Google group assignments also have the option to set users as a member, manager, or owner. To set these values when creating or editing a group navigate to the action tab of the group mapping slide-over and click on the blue cog next to your group name:
After clicking the blue cog you will be navigated to a page where you can chose the membership type for the users being mapped to this group.
-
- Microsoft Azure: A group name can be entered in plain text with no special formatting.
Events & Actions
Events & Actions are events that occur when a user triggers a preset condition.
The events include:
- Field & Value: a user is assigned a value for the specified property
- From Source: for all users imported from a particular source
- User Is Added: a user is successfully added to a destination, not edited
- User Is Disabled: a user is disabled in OneSync by removing it from its original source, if deselected in a collection, or if manually disabled in from the user's list.
- User Is Enabled: a user is re-enabled in OneSync
The actions include:
- Assign Property and Value: A user is assigned a value for the specific property.
- Email: Message the designated email address. Both the email address and the email body can be templated. You must enter email credentials in the Advanced Options tab for this action.
- Execute PowerShell Script: Run a PowerShell file of your own design, located in C:\ClassLink OneSync\Scripts.
- Move to OU: A user is moved to the specified organizational unit, formatted specifically for the destination type (e.g. “/OU name” for GSuite, “OU=[OU name]” for Active Directory, OU’s do not exist in Azure)
For more information about actions and configuring OneSync for specific actions, click here.
Destination Chaining
Destination chaining allows a user to chain destinations together, which means that destinations can have parent destinations that they inherit fields from.
A destination chain can be as long as a user would like for example: Destination 1 -> Destination 2 - > Destination 3 -> Destination 4 -> etc.
This means that fields that are inherited from a parent can also be used in that destination child - in the example just mentioned, Destination 4 can use fields from Destination 1, 2, and 3 because those fields are passed down to every child destination within that chain.
When creating or editing a destination as shown in the photo above the Parent Destination can be set under the Parent Destination dropdown.
In the photo above an Active Directory, the destination has an Azure destination set as its Parent Destination which allows the Active Directory destination to use mappings that are within the Azure destination. These particular mappings are highlighted in blue above and have an "Example Azure Destination" tag next to them.
Note: A destination can have multiple child destinations but not multiple parent destinations. Also, a child destination cannot be run without the parent destination running - this is why the Sync All button would be grayed out if a destination has a parent destination.
To run an export on a destination that has a parent destination you will need to run an export on their parent destination which will run an export on the child destination at the same time.
Advanced Settings and Additional Tools
Each destination type also has a final tab where you can set miscellaneous settings. These settings include:
- On disable an action, remove a user from all groups in this destination?
- Create OUs if they do not exist
- Enable Auto-Correlation
- This setting will allow OneSync to correlate newly added users if a unique match is found in the destination. When toggled on there will be a prompt asking to Select properties to match on, which will be used in the comparison of the users being exported.
Depending on the destination type, additional tools may be available. Click here for more details about advanced settings and tools.
Authorization and Running Exports
Before you can export to a destination, you must first authorize the connection to the destination. For more details about authorizing for different destination types, click here.
In order to trigger an export, the destination must be mapped with a collection of users from one or more sources. Users will be exported to destinations automatically once exports are enabled on the Destination page. You can also trigger an export manually by clicking the three-dot button next to the desired destination and then clicking the Sync All button in the drop-down menu.
Updated: Nov 2019