You are viewing the documentation for an outdated or unreleased devel version.
This page is also available in versions: 7.6, 7.7, 7.8, 8.0, 8.1, 9.0, 9.1, 9.2, 9.3, 9.4, 9.5 (current), devel

Synchronization

Synchronization represents data flow from source systems (e.g. SAP, HR systems…) to IdM. Usually CzechIdM synchronize employees and organizational structure from HR systems. Other objects like groups can be imported e.g. from AD.

 Synchronization from multiple systems

In CzechIdM you can synchronize following types of entities:

  • Identities (users) - we fully support identity synchronization with their Contracts
  • Roles - automatic synchronization of roles is a must have if the role set vary in time - e.g. AD/LDAP groups
  • TreeNodes (organizational structure) - we support tree structure synchronization to be able to represent organizational divisions and place users to their working positions.

Synchronization is fully audited and supports multiple synchronization for every entity and system. Synchronization can be started on demand or as planned scheduled task.

Synchronization is used for acquiring data from the connected system to CzechIdM. There are two modes of synchronization:

  • Reconciliation - Synchronization of all available objects of the specified type.
  • Synchronization - If the token is specified, e.g. timestamp, only objects that has changed since the last synchronization are synchronized.

The Reconciliation mode is useful in the case that you connect an existing system, where you want to start managing accounts by CzechIdM, e.g. LDAP. As an initial action, you will need to link existing system accounts to their corresponding identities in CzechIdM. The reconciliation is the right tool for this initial linking of accounts.

Read more