9.3:documentation:synchronization

Synchronization

Synchronization represents data flow from source systems (e.g. SAP, HR systems…) to IdM. Usually CzechIdM synchronize employees and organizational structure from HR systems. Other objects like groups can be imported e.g. from AD.

 Synchronization from multiple systems

In CzechIdM you can synchronize the following types of entities:

  • Identities (users) - we fully support identity synchronization with their Contracts
  • Roles - automatic synchronization of roles is a must have if the role set vary in time - e.g. AD/LDAP groups
  • TreeNodes (organizational structure) - we support tree structure synchronization to be able to represent organizational divisions and place users to their working positions.

Synchronization is fully audited and supports multiple synchronization for every entity and system. Synchronization can be started on demand or planned as a scheduled task.

Synchronization is used for getting data from a system connected to CzechIdM. There are two modes of synchronization:

  • Reconciliation - Synchronization of all the available objects of a specified type.
  • Synchronization - Once a token is specified, e.g. timestamp, only objects that have changed since the last synchronization are synchronized.

The Reconciliation mode is useful in a situation when you want to connect an existing system and start managing accounts via CzechIdM, e.g. LDAP. As an initial action, you will need to link the existing system accounts to their corresponding identities in CzechIdM. The reconciliation is the right tool for this initial linking of accounts.

Read more