Directory Sync Settings

To synchronize objects between the directory services and Identity360 and to update the statuses of users verified through domain verification, the directories need to be synced with Identity360. For example, during synchronization, any deleted user account in Azure AD or Google Workspace will automatically be removed in Identity360.

The options under Directory Sync Settings grant you control over the object synchronization process, which will affect how Identity360 fetches and imports objects from other directories into Universal Directory.

You can modify the following settings using the options provided:

Object synchronization settings

Use the following options to change how frequently objects are synchronized from a certain directory's tenant or domain:

Primary Source Settings

A primary source is a directory where all management actions, like Create, Modify, Delete, and Access Management, will be executed. If the actions are successful in this directory, then the object is updated in the other directories.

Note: A primary source can be set only for directories. For applications, Universal Directory will be set as the primary source due to limitations of the Application Management API.

You can access the primary source settings by clicking icon-setting Primary Source Settings in the top-right corner of the Directory Sync Settings page.

A primary source can be set in two ways:

Set by order

You can set a directory as a primary source by dragging it to the top of the list of directories or by setting its priority to 1 in the field adjacent to the directory's name.

Set by rule

You can also set rules to use different directories as a primary source for various conditions. If the object falls under any configured rule, the object available in the selected primary source will be changed, and the object in the other directories will be changed later.

Note: Rules take higher priority than the defined order.

To configure a rule:

  1. Click Create New Rule.
  2. Add a name and description for the rule.
  3. Click Add Conditions to fill in the conditions to be checked when creating an object.
    • Select the attribute that will act as the parameter based on which the condition is satisfied.
    • Select the matching condition for the attribute.
    • Provide the value for the parameter.
    • Click the icon-add-green icon to add more conditions.
    • For the successive conditions, use the leftmost drop-down list to decide the logical operator to be used.
    • You can add a new condition group to group multiple conditions together by clicking +Add group. The created groups will be processed first, and their results will be compared against each other to get the final result.
    • The Criteria Pattern option displays the order in which the created conditions and condition groups will be applied.
  4. Set the directory to be assigned the role of the primary source for the objects that satisfy these conditions using the Set Primary Source drop-down list.
  5. Click Save.

You can add more rules by clicking + Add Rule and delete a rule by clicking X Remove Rule.

Review

After successful execution of the sync schedules, you have to review the user and group objects that are to be synced to Identity360. Decide whether or not they can be synced, make changes to a different object, or review them later.

There are four categories of object reviews that can be executed for user and group objects:

Under the Pending Review section, you can view the objects that await a decision on their synchronization or creation in Identity360. Click the number of objects under the Pending users for review or Pending groups for review column to review objects individually. When clicked, this opens up a pop-up window with the list of objects, which can be selected by checking them.

The Choose action drop-down list allows you to choose which action to carry out on the individual object. Once the objects and the actions are selected, click Execute Action. If you choose to run the same action for all objects, then you can select the action from the Choose action drop-down list under the Choose action to perform in bulk column and click Execute Action.

Under the Sync Failed section, you can view the objects that failed to synchronize, the category of the object review, and the reason for each failure. You can select a different action to be executed on them using the drop-down list under the Choose action to perform column. Select the objects on which you want to run the synchronization process again and click Execute Again.

Under the Ignored Users section, you can view the objects that you have marked to be reviewed later. You can select a different action to be executed on them using the drop-down list under the Choose action to perform column. Select the objects on which you want to run the process and click Execute Action.

The Account Linking option shows the uniquely identifiable attribute by which an object from one of the directories can be linked to an object in Universal Directory. The attribute to the right is from Universal Directory, and the one to the left is from the directory service.

Advanced

Advanced settings grant you granular control over the synchronization process of a tenant or domain of a directory service. You can configure the frequency of the synchronization cycle, the conditions based on which certain actions should take place automatically, how objects can be identified in Universal Directory, and what attributes from the directory service are linked to the attributes in Universal Directory.

Access the Advanced page by clicking the icon-advance-setting icon under the Advanced column. These are the settings available on the Advanced page:

Copyright © 2024, ZOHO Corp. All Rights Reserved.