Synchronize an Identity Source for the Cloud Authentication Service

Synchronizing identity sources ensures that the Cloud Authentication Service reflects any updates made to your LDAP directory server. During synchronization, new users are added to the Cloud Authentication Service. Values in existing records for users who are within the specified scope are overwritten. Attribute values are copied to the Cloud Authentication Service. User passwords are not synchronized. See Identity Sources for the Cloud Authentication Service for details on synchronization.

Synchronization can occur in the following ways.

Method Description
Just-in-time synchronization

Just-in-time synchronization ensures that the identity source in the Cloud Authentication Service is updated every time a user attempts to perform one of the following actions:

  • Register a device using the RSA SecurID Authenticate app.

  • Access a protected resource using additional authentication after the LDAP password is validated.

  • Sign in to My Page.

This is the preferred and most convenient method for synchronizing users because it ensures that the Cloud Authentication Service always stays current with the directory server.

Manually Synchronize an Identity Source

When you manually synchronize data between the Cloud Authentication Service and the LDAP directory server, the Cloud Authentication Service is updated immediately.

Schedule Identity Source Synchronization

Create a schedule that synchronizes data between an identity source in the Cloud Authentication Service and an LDAP directory server on selected days, weeks, or months. This feature ensures that an identity source is updated automatically, on a regular basis. Each identity source can have its own schedule. You can edit, enable, or disable the schedule as needed. Enter the schedule in accordance with your local time zone.

Note: The Cloud Authentication Service synchronizes a limited number of users during manual and scheduled synchronization operations. Any users who exceed this limit are not synchronized. Therefore, RSA recommends that you enable just -in-time synchronization to ensure that the Cloud Authentication Service is always up-to-date and every user who needs to be added to the identity source gets added. See Configure Company Information and Certificates for enablement instructions.

Before you begin

You must be a Super Admin for the Cloud Administration Console to perform this task. Confirm the following:
  • At least one identity router is configured.
  • The identity source settings for the Root and Object Class are configured to select users from the correct subtree(s) and published using the Cloud Administration Console.

Manually Synchronize an Identity Source

Procedure

  1. In the Cloud Administration Console, click Users > Identity Sources.
  2. Next to the name of the identity source you want to synchronize, select Synchronize from the drop-down menu.
  3. In the Identity Source Details section, click Synchronize Now. To stop a synchronization that is in progress, click Stop Sync. You cannot roll back user records that have already been synchronized.
    The Synchronization Status section displays the status of the synchronization job, including the number of users added, users updated, and users not synchronized. If some users could not be synchronized, click the Show Details button to display a list of these users. Up to 400 users can be displayed in each category. The list is refreshed when you resynchronize.

Schedule Identity Source Synchronization

Procedure

  1. In the Cloud Administration Console, click Users > Identity Sources.
  2. Next to the name of the identity source you want to synchronize, select Synchronization from the drop-down menu.
  3. In the Synchronization Schedule section, under Automatic Synchronization select On. You can select Off to disable the schedule. Once a schedule is configured, you can turn it on and off as needed.
  4. In the Frequency field, select Daily, Weekly, or Monthly.
  5. Select the days, weeks, or months when you want to synchronize. For example, if you want to synchronize every Thursday, select Specific Days and Thu. If you want to synchronize once every two weeks, select Weekly and Every two weeks.
  6. In the Start Time field, select the time when the synchronization will start, in hours and minutes, according to your local time zone. For example, if you want to start the job at 3:30 am, select 3 hours 30 minutes am. The synchronization job runs within ten minutes of the time you configure. For example, if you schedule a job to run at 3:30 am, the job will run between 3:20 and 3:40 am.
  7. Click Save.
  8. (Optional) Click Publish Changes to activate the settings immediately