Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revision Previous revision
Next revision 		Previous revision
tutorial:adm:synchronization [2018/11/15 11:24]
svandav [Specific synchronization options] 		tutorial:adm:synchronization [2022/04/29 07:13] (current)
stekld [Synchronization states and actions]
Line 22: Line 22:
 ==== Synchronization states and actions ==== ==== Synchronization states and actions ====
  
-{{ :devel:adm:synchronization_details_part2.png?400 | Synchronization operations}}+{{.:synchronizationstates.png?nolink&1353x772}}
  
 During the process of synchronization, objects on connected system and entities in CzechIdM are compared and the state for every object is computed: During the process of synchronization, objects on connected system and entities in CzechIdM are compared and the state for every object is computed:
-  * **Linked** - Object and Entity has been previously (by synchronization or manually) linked. The following actions can be performed on object and entity in this situation: + 
-    * **Update entity**: This updates the CzechIdM entity linked to the connected system object. The update is done on the basis of synchronization attribute mapping. After saving the entity, the standard provisioning is called. +  * **Linked**  - Object and Entity has been previously (by synchronization or manually) linked. The following actions can be performed on object and entity in this situation: 
-    * **Update account**: This calls the standard provisioning. Synchronization only calls the event, it does not perform provisioning itself. So if the provisioning is asynchronous, the synchronization does not wait for the provisioning to finish. +      * **Update entity**: This updates the CzechIdM entity linked to the connected system object. The update is done on the basis of synchronization attribute mapping. After saving the entity, the standard provisioning is called. 
-    * **Remove link**: This deletes the link between the CzechIdM entity and connected system object. It does not perform editing of the CzechIdM entity itself, it does not call provisioning. +      * **Update account**: This calls the standard provisioning. Synchronization only calls the event, it does not perform provisioning itself. So if the provisioning is asynchronous, the synchronization does not wait for the provisioning to finish. 
-    * **Remove link and appropriate roles**: This removes the links, as in the previous case. In case of CzechIdM identity it also removes roles that are linked with this account. +      * **Remove link**: This deletes the link between the CzechIdM entity and connected system object. It does not perform editing of the CzechIdM entity itself, it does not call provisioning. 
-    * **Ignore**: This action does not perform any active operation. +      * **Remove link and appropriate roles**: This removes the links, as in the previous case. In case of CzechIdM identity it also removes roles that are linked with this account. 
-  * **Not Linked** - This is a situation when there is no link between the entity in CzechIdM and object in connected system. Since the link does not exist yet, the identity has been found using a **correlation attribute**. The following actions can be performed in Not Linked situation: +      * **Ignore**: This action does not perform any active operation
-    * **Create link**: This creates a link between CzechIdM entity and object. Editing of the identity itself is not done, provisioning is not called. +      * **Ignore and do not log**: This action does not perform any active operation. Additionally, it does not create a log entry in the synchronization log
-    * **Create link and update entity** (since 8.0): A link is created in the same way as in the previous case. In addition, the linked entity is updated on the basis of synchronization attribute mapping. After saving the entity, the standard provisioning is called. +  * **Not Linked**  - This is a situation when there is no link between the entity in CzechIdM and object in connected system. Since the link does not exist yet, the identity has been found using a **correlation attribute**. The following actions can be performed in Not Linked situation: 
-    * **Create link and update account**: A link is created in the same way as in the previous case. In addition, the account on the end system is updated - an event for running provisioning is called. +      * **Create link**: This creates a link between CzechIdM entity and object. Editing of the identity itself is not done, provisioning is not called. 
-    * **Ignore**: This action does not perform any active operation. +      * **Create link and update entity**  (since 8.0): A link is created in the same way as in the previous case. In addition, the linked entity is updated on the basis of synchronization attribute mapping. After saving the entity, the standard provisioning is called. 
-  * **Missing Entity** - This is a situation when there is no entity in CzechIdM matching object in the connected system. The following actions can be performed in this situation: +      * **Create link and update account**: A link is created in the same way as in the previous case. In addition, the account on the end system is updated - an event for running provisioning is called. 
-    * **Create entity**: creates an entity in CzechIdM and a link it to object in connected system. The creation is done based on the attribute mapping chosen in synchronization configuration. The creation of entity calls provisioning. +      * **Ignore**: This action does not perform any active operation
-    * **Ignore**: This action does not perform any active operation. +      * **Ignore and do not log**: This action does not perform any active operation. Additionally, it does not create a log entry in the synchronization log
-  * **Missing Account** - This is a situation when there is no object on the end system matching the entity in CzechIdM. The following actions can be performed in this situation: +  * **Missing Entity**  - This is a situation when there is no entity in CzechIdM matching object in the connected system. The following actions can be performed in this situation: 
-    * **Create account**: Synchronization calls entity provisioning, which leads to creation of an object on the connected system. +      * **Create entity**: creates an entity in CzechIdM and a link it to object in connected system. The creation is done based on the attribute mapping chosen in synchronization configuration. The creation of entity calls provisioning. 
-    * **Remove entity**: This deletes the entity in CzechIdM and the link to object in connected system. +      * **Ignore**: This action does not perform any active operation
-    * **Remove link**: This deletes the link between the entity in CzechIdM and object in connected system. Editing of the entity itself is not done, provisioning is not called. +      * **Ignore and do not log**: This action does not perform any active operation. Additionally, it does not create a log entry in the synchronization log
-    * **Remove link and appropriate roles**: This removes the links, as in the previous case, however, it also removes the linked identity roles. In other words, it removes the roles which were assigned to the identity by the account. +  * **Missing Account**  - This is a situation when there is no object on the end system matching the entity in CzechIdM. The following actions can be performed in this situation: 
-    * **Ignore**: This action does not perform any active operation.+      * **Create account**: Synchronization calls entity provisioning, which leads to creation of an object on the connected system. 
 +      * **Remove entity**: This deletes the entity in CzechIdM and the link to object in connected system. 
 +      * **Remove link**: This deletes the link between the entity in CzechIdM and object in connected system. Editing of the entity itself is not done, provisioning is not called. 
 +      * **Remove link and appropriate roles**: This removes the links, as in the previous case, however, it also removes the linked identity roles. In other words, it removes the roles which were assigned to the identity by the account. 
 +      * **Ignore**: This action does not perform any active operation. 
 +      * **Ignore and do not log**: This action does not perform any active operation. Additionally, it does not create a log entry in the synchronization log. 
  
 ==== Specific synchronization options ==== ==== Specific synchronization options ====
  • by svandav