Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revision Previous revision
Next revision 		Previous revision
Last revision Both sides next revision
devel:documentation:synchronization [2018/03/22 12:36]
stloukalp [Devel tutorials] 		devel:documentation:synchronization [2020/01/14 12:47]
svandav [Admin guide]
Line 1: Line 1:
 +<- .:accounts | Accounts ^ .:start | Documentation ^ .:provisioning | Provisioning ->
  
 +====== Synchronization ======
 +
 +Synchronization represents data flow from source systems (e.g. SAP, HR systems...) to IdM. Usually CzechIdM synchronize employees and organizational structure from HR systems. Other objects like groups can be imported e.g. from AD.
 +
 +{{ :devel:documentation:synchronization.png | Synchronization from multiple systems}}
 +
 +===== Supported entities =====
 +In CzechIdM you can synchronize following types of entities:
 +  * **[[.:Ídentities|Identities (users)]]** - we fully support identity synchronization with their **Contracts**
 +  * **[[.:Roles|Roles]]** - automatic synchronization of roles is a must have if the role set vary in time - e.g. AD/LDAP groups
 +  * **[[.:tree_structures|TreeNodes (organizational structure)]]** - we support tree structure synchronization to be able to represent organizational divisions and place users to their working positions.
 +
 +Synchronization is fully audited and supports multiple synchronization for every entity and system. Synchronization can be started on demand or as planned [[.:scheduled_task|scheduled task]].
 +
 +===== Reconciliation =====
 +
 +Synchronization is used for acquiring data from the connected system to CzechIdM. There are two modes of synchronization:
 +
 +  * **Reconciliation** - Synchronization of all available objects of the specified type.
 +  * **Synchronization** - If the token is specified, e.g. timestamp, only objects that has changed since the last synchronization are synchronized.
 +
 +The **Reconciliation** mode is useful in the case that you connect an existing system, where you want to start managing accounts by CzechIdM, e.g. LDAP. As an initial action, you will need to link existing system accounts to their corresponding identities in CzechIdM. The reconciliation is the right tool for this initial linking of accounts.
 +====== Read more ======
 +
 +===== Admin tutorials =====
 +  * [[tutorial:adm:manage_ldap| LDAP - how to connect and sync]]
 +  * [[tutorial:adm:connect_a_db_system| Database - how to connect and sync]]
 +  * [[tutorial:adm:systems| Generic System - how to connect and sync]]
 +  * [[tutorial:adm:how_to_identity_sync | CSV - identities synchronization]]
 +  * [[tutorial:adm:how_to_contract_sync | CSV - users contracts synchronization]]
 +  * [[tutorial:adm:synchronization | Synchronization - configuration options]]
 +
 +===== Admin guide =====
 +|**Name**                                                |**More details**  |
 +| Identity                 |[[devel:documentation:synchronization:dev:synchronization|]]                            |
 +| Contractual relationship                  |[[devel:documentation:synchronization:dev:relation-sync|]]                          |
 +| Time slices of contractual relationship                  |[[devel:documentation:synchronization:dev:contract-slice-sync|]]                          |
 +| Tree                  |[[devel:documentation:synchronization:dev:tree-sync|]]                         |
 +| Role                  |[[devel:documentation:synchronization:dev:role-sync|]]                          |
 +| |
 +
 +
 +===== Devel tutorials =====
 +  * [[.synchronization:dev:synchronization |Synchronization extras]]
 +  * [[.synchronization:dev:tree-sync |TreeNodes synchronization config]]
 +  * [[.synchronization:dev:relation-sync |Contracts synchronization extras]]
 +  * [[.synchronization:dev:role-sync |Roles synchronization extras]]   (to be deleted)
  • by doischert