Starting User Synchronization

After the Eko Active Directory Connector (EkoADC) container is installed and configured to connect securely with the Eko Identity Management API (EkoIDMAPI), the user synchronization process can be initiated.

1. Accessing the Synchronization Controls

The user synchronization process can be started manually or scheduled directly from the EkoADC Console.

  1. Access the Console Menu: Log in to the EkoADC web console.

  2. Initiate Sync: On the Console Menu, the sync process can be started using two main options:

    1. "Update Now": Starts the user synchronization process immediately.

    2. "Start update schedule": Schedules the synchronization process to run automatically at defined intervals.

2. The Synchronization Flow Overview

When synchronization is triggered (either manually or by schedule), EkoADC fetches user data in batches and sends it to the Eko for processing.

  1. Batch Processing: EkoADC sends users in chunks (batches, often 5,000 users per batch) to the IDMAPI via the API endpoint.

  2. Temporary Storage: The Eko receives the data, maps it, and saves the user data into a temporary storage in the Eko Database. This ensures all data is collected before final processing begins.

  3. Job Creation: When the EkoADC indicates that it is the last batch, Eko creates a job. This job is responsible for processing the users from the temporary table.

3. Processing Actions within Eko

The sync job then runs the core provisioning logic, which handles various synchronization actions based on comparing temporary user data against existing user data in the Eko DB:

  • Create (Insert): If a temporary user's username does not exist in the Eko DB, a new user is created.

  • Update: If the user exists, the system compares the domain priority. If the priority of the temporary user is greater than or equal to the priority of the user in the DB, the update proceeds. If the domain priority is lower, the update is ignored/rejected.

  • Disable: If a temporary user is found and marked as unlicensed, the system disables the user in the Eko DB.

  • Delete: If auto-delete synchronization is enabled and no fatal upsert errors occurred, the system triggers a delete job. This job finds and deletes users that existed in the Eko DB but were not present in the incoming temporary user data.

4. Synchronization Reporting

Throughout the process, the system tracks and reports the results of the synchronization:

  • The system increases success and failure counts for actions like create, update, disable, and delete.

  • It also tracks update:rejected counts, which occur when a synchronization attempt is ignored due to a lower domain priority.

  • The EkoIDMAPI uses the data to create a report that is sent back to the EkoADC.

If synchronization fails, administrators can check the ADC Logs and IDMAPI Logs for warnings, errors, and duplicate data.

PreviousConnecting ADC to IDMAPI (Configuration)NextMaintenance and Troubleshooting

Last updated