Product: OneSync
Audience: ClassLink Administrator
Overview
All Destinations
Username Generation
Certain destination mappings, marked as Unique, must be unique for each individual user. These include the following fields:
- Active Directory: sAMAccountName, userPrincipalName
- GSuite: primaryEmail
- Azure: userPrincipalName
If multiple users might have identical mappings for these fields, you can provide username generation rules that will map alternate values for those fields in case of conflicts. You can navigate to this module by clicking the button next to the desired mapping. To change the priority of any alternate mapping, you can click on the six dots on the left side of the mapping and then drag and drop it into a priority slot. The Base mapping is highest priority. The 1st alternate is next highest priority, etc.
Configure Username Resolutions
Settings to handle username conflicts have now be added to a separate slideover tab in Advanced Settings. This new tab now has four settings for each username-type per destination:
- Auto-resolve non-unique username conflicts?: Enabling this setting will auto-resolve non-unique username conflicts.
- Resolve username conflicts with (at minimum) how many digits?: The minimum number of digits to resolve usernames to (i.e. 2 digits will resolve usernames like so: example01, example02, as opposed to example1, example2).
- Start auto-resolve from which number?: The starting number for auto-incrementation on the username.
- Increment all users' usernames?: Enabling this setting will auto-increment every username starting with the specified number.
- Cross-Domain Uniqueness: This setting can help prevent duplicate usernames across different domains and destinations. For each username type in a destination, you can set uniqueness checks in the Username Settings menu in the Cross-Domain Uniqueness tab. For example, in a GSuite destination, you can check that the primaryEmail for each user does not match any usernames in an Active Directory destination. You can check against sAMAccountName, userPrincipalName, or both. If a match is found between the two destinations, the export will fail to prevent duplicate usernames between the two destinations. If no match is found, the export will succeed. If multiple checks are added, the export will fail if a duplicate is found for at least one check.
To navigate these tabs click on the buttons with three dots and three lines within your destination's Default Mappings.
Every field marked as unique will have a Configure Username Settings button which contains three tabs at the top: Alternatives, Incrementation, and Cross-Domain Check. These tabs will contain the settings for the username configurations above. If you're using an Active Directory destination there will be an extra tab called Additional Options which contains:
- Truncate sAMAccountNames longer than 20 characters?: When enabled, this option will allow you to truncate or trim sAMAccountNames to 20 characters or less. Otherwise, sAMAccountNames can have up to 64 characters. This option's default setting is disabled. If the truncated sAMAccountName already exists inside of your destination, OneSync will attempt to increment the truncated string if the "Auto-resolve non-unique sAMAccountName conflicts?" option is enabled. The incremented sAMAccountName will also be 20 characters or less.
Mapping Overrides
To prevent subsequent syncs from overwriting previously exported data of a specific mapping, you can click the arrows between OneSync and destination mappings to set override settings for that specific mapping. Current settings include: always map and only map when adding user. These settings can be applied to default mappings and custom mappings. In addition, toggles with the same functionality are available for enabling or disabling overrides for user account controls in Active Directory destinations.
Custom Attributes
To map to a custom attribute or property in a destination, you can first set your own attribute with the Default Mappings tab of a destination, above the destination fields. This attribute will then appear in mappings in the Default Mappings and Custom Mappings dropdowns.
For more information on GSuite custom attributes. click here.
Nightly Sync
Nightly sync is a new toggle setting in all destinations. Enabling this setting will instruct OneSync to re-evaluate collection memberships for the desired destination at midnight every night. In other words, it will double-check that a destination's collections contain the correct set of users based on the collection's conditions. After re-evaulating, Nightly Sync will queue any applicable users that meet the collections' conditions at midnight or were missed by previous exports.
This new setting can be used in conjunction with the Current_Date function to perform delayed actions based on a specific date. If you have a user property defined as a date, you can set a date-based condition using a "greater than" or "less than" relation, and the Current_Date as a value. If Nightly Sync is enabled for a destination, then any destinations using conditions with Current_Date will be re-evaluated based on the new current date at midnight.
Note: To enable this setting, navigate to the desired destination. The toggle is located in the first tab, Destination Details.
Advanced Settings for all Destination Types
- On disable action, disable users in destination?: Enabling this setting will disable users in this destination when they are disabled in OneSync. Otherwise, the user's status will remain enabled.
- On disable action, remove a user from all groups in this destination?: Enabling this setting will remove a user from all groups in this destination when they are disabled in OneSync. Otherwise, the user will remain in the group once disabled.
- Re-create Users with broken OneSync links?: If a user was previously created but currently does not exist in the destination, this setting will tell the export functionality to automatically break the user-destination link (without using correlation) and re-create the user.
- Enable Auto-Correlation: This setting will allow OneSync to correlate newly added users if a unique match is found in the destination. When toggled on there will be a prompt asking to Select properties to match on, which will be used in the comparison of the users being exported.
- There is also an additional option called Do not create link if a match is found with auto-correlation? This option will prevent auto-correlation from creating a link between the newly added OneSync user and their corresponding unique destination user match.
Active Directory
-
Advanced AD Fields: You can choose to display or hide more obscure, advanced AD fields in Default and Custom Mappings. Simply click the toggle in the upper right corner of both tabs.
- Advanced Settings for Active Directory Destinations
- Set passwords before adding users to groups?: Since the order of account creation matters if you are using advanced password policies associated with specific groups, you can now select "set passwords before adding users to groups" if your default domain policy is more lenient than that which is applied to the user's groups and you'd like to assign a lenient password to the accounts.
- Create OUs if they don't exist?: Enabling this setting will allow OneSync to create OUs that don't exist in the destination. If this setting is not toggled on and the OU does not exist, the export will fail.
GSuite
- Create OUs if they don't exist?: Enabling this setting will allow OneSync to create OUs that don't exist in the destination. If this setting is not toggled on and the OU does not exist, the export will fail.
- Active Directory/GSuite Password Synchronization: OneSync does not currently offer the ability to sync passwords from Active Directory to GSuite. However, Google offers a tool to sync passwords which can be found here.
- Google Cloud Directory Sync (GCDS): Google offers a tool to sync your Active Directory and GSuite accounts. Click here for more information.
CSV Destinations
- Column Order: You can reorder a CSV destination's Default Mappings via drag and drop. The order of these mappings will dictate the order of the columns in the exported CSV file. The topmost mapping represents the first, or leftmost column, in the CSV file. To reorder the columns, click the indicator next to the desired default mapping, and drag it to the desired position.
Updated: Oct 2019