To synchronize objects between the directory services and Identity360 and to update the statuses of users verified through domain verification, the directories need to be synced with Identity360. For example, during synchronization, any deleted user account in Azure AD or Google Workspace will automatically be removed in Identity360.
The options under Directory Sync Settings grant you control over the object synchronization process, which will affect how Identity360 fetches and imports objects from other directories into Universal Directory.
You can modify the following settings using the options provided:
Use the following options to change how frequently objects are synchronized from a certain directory's tenant or domain:
Note: The icon is green when the scheduler is enabled and gray when disabled.
A primary source is a directory where all management actions, like Create, Modify, Delete, and Access Management, will be executed. If the actions are successful in this directory, then the object is updated in the other directories.
Note: A primary source can be set only for directories. For applications, Universal Directory will be set as the primary source due to limitations of the Application Management API.
You can access the primary source settings by clicking Primary Source Settings in the top-right corner of the Directory Sync Settings page.
A primary source can be set in two ways:
You can set a directory as a primary source by dragging it to the top of the list of directories or by setting its priority to 1 in the field adjacent to the directory's name.
You can also set rules to use different directories as a primary source for various conditions. If the object falls under any configured rule, the object available in the selected primary source will be changed, and the object in the other directories will be changed later.
Note: Rules take higher priority than the defined order.
To configure a rule:
You can add more rules by clicking + Add Rule and delete a rule by clicking X Remove Rule.
After successful execution of the sync schedules, you have to review the user and group objects that are to be synced to Identity360. Decide whether or not they can be synced, make changes to a different object, or review them later.
There are four categories of object reviews that can be executed for user and group objects:
Under the Pending Review section, you can view the objects that await a decision on their synchronization or creation in Identity360. Click the number of objects under the Pending users for review or Pending groups for review column to review objects individually. When clicked, this opens up a pop-up window with the list of objects, which can be selected by checking them.
The Choose action drop-down list allows you to choose which action to carry out on the individual object. Once the objects and the actions are selected, click Execute Action. If you choose to run the same action for all objects, then you can select the action from the Choose action drop-down list under the Choose action to perform in bulk column and click Execute Action.
Under the Sync Failed section, you can view the objects that failed to synchronize, the category of the object review, and the reason for each failure. You can select a different action to be executed on them using the drop-down list under the Choose action to perform column. Select the objects on which you want to run the synchronization process again and click Execute Again.
Under the Ignored Users section, you can view the objects that you have marked to be reviewed later. You can select a different action to be executed on them using the drop-down list under the Choose action to perform column. Select the objects on which you want to run the process and click Execute Action.
The Account Linking option shows the uniquely identifiable attribute by which an object from one of the directories can be linked to an object in Universal Directory. The attribute to the right is from Universal Directory, and the one to the left is from the directory service.
Advanced settings grant you granular control over the synchronization process of a tenant or domain of a directory service. You can configure the frequency of the synchronization cycle, the conditions based on which certain actions should take place automatically, how objects can be identified in Universal Directory, and what attributes from the directory service are linked to the attributes in Universal Directory.
Access the Advanced page by clicking the icon under the Advanced column. These are the settings available on the Advanced page:
Copyright © 2024, ZOHO Corp. All Rights Reserved.