Synchronization in Identity Broker Plus

Synchronization is the process of transferring entity data between adapter and locker following the rules defined by the link. Synchronization can only occur in a single direction at a time, moving entity data from the source entity space to the target entity space. When the source is an adapter and the target is a locker, it is considered an inbound sync. Conversely, from a source locker to a target adapter is considered an outbound sync.

Modes

A synchronization process can be executed in one of two different modes:

Sync Type
Description
Best Use
BaselineA synchronization between all adapter entities and all locker entities. Useful to realign adapter and locker entity spaces.Run either manually or on a schedule at long intervals. eg weekly
Change PollingA synchronization between adapter and locker entities which have been modified, added or removed since the last time a synchronization was run.Run on a schedule at a small interval. Links are create by default with a change polling sync schedule to run every 30 seconds.

Execution

Synchronization can be executed either by setting a link schedule or manually. For more information on setting a synchronization schedule see the links documentation page on Synchronization Schedules.

The manual triggering of a synchronization can be done from Link, and will synchronize between the adapter and locker associated with that link. Additionally, baseline synchronizations can also be started from a Locker to synchronize on all associated links.

Process

The synchronziation process is a complex series of events comprised of many individual steps, but can be simplified to the following chain of events:

  1. Change collection - the collation of changes requiring synchronization
  2. Filtering - the appropriate link filter is applied, removing changes not matching the defined filter rules
  3. Joining - the links join rules are applied to find connections between source entities to sync and existing target entities
    1. A source entity without a joined target entity has a target entity provisioned, if configured
    2. A deleted source entity with a previously joined target entity has that target entity deprovisioned, if configured
  4. Mapping - the links mapping rules are applied and changed source entity values are transferred to the new or existing target entity

Provisioning and Deprovisioning

Provisioning

Provisioning occurs as part of a synchronization when the join rules defined by the link are applied to a source entity, but do not result in a matched target entity. In such cases, the provisioning process generates a new entity in the target entity space for which to synchronize to.

A provision only occurs when the sync direction specific link provisioning configuration option is selected. See the link configuration documentation for more information.

Alongside provisioning custom, user-defined actions can be run. See the provisioning task documentation for more information.

Deprovisioning

Deprovisioning occurs as part of a synchronization when a source entity has been deleted but had previously been joined with a target entity. In such cases, the deprovisioning process removes the target entity from the target entity space.

A deprovision only occurs when the sync direction specific link deprovisioning configuration option is selected. See the link configuration documentation for more information.

Alongside deprovisioning custom, user-defined actions can be run. See the provisioning task documentation for more information.

Is this article helpful for you?