How Incydr User Directory Sync works

Overview

Connecting your directory service to your environment is an important step in making sure the right users have access to the correct Incydr functionality. When you integrate Incydr User Directory Sync with your environment, Incydr periodically syncs with your LDAP infrastructure. This article describes the syncing process in detail. 

What is the Incydr User Directory Sync

Incydr User Directory Sync is a provisioning tool that you install on a dedicated computer. Once configured it connects your directory service to your environment and automatically creates users, updates their organization and role assignments, and deactivates users in Incydr based on changes made within your directory service. Incydr User Directory Sync is built using the LDAP version 3 standard, and it integrates with Microsoft Active Directory. 

How to configure

Contact your Customer Success Manager (CSM) to engage the Professional Services team for a link to download the User Directory Sync tool installation file.

To configure User Directory Sync, install the User Directory Sync tool to a dedicated server within your organization's environment and configure User Directory Sync in the Incydr console. For complete instructions, see Configure Incydr User Directory Sync.

What it does

When Incydr synchronizes with a directory service, Incydr User Directory Sync performs the following actions:

• Authenticates (binds) with the directory service
• After the initial sync, User Directory Sync only processes a user if a change is made to user attributes in the directory
• Operates in read-only mode on the directory service
• Receives the user information from your directory service via LDAP, translates it, and uses SCIM protocol to send the user information to Incydr 
• Creates users to match users in your directory data:
  • Creates new users in your environment
  • Activates or deactivates users based on the active script
  • Moves users to appropriate organizations based on the org script
  • Applies roles to users based on the role script and role mapping
  • Uses configuration properties to adjust user attributes in your environment to match user data in your directory service:
    • Common name (First Name)
    • Country code
    • Department
    • Direct reports
    • Division
    • Employee type
    • Given name
    • Last name
    • Locality (City)
    • Manager
    • Region (State)
    • Search UID
    • Title
    • Username (Email)

For instructions on synchronization, see Run synchronization for Incydr User Directory Sync.

What it does not do

• Initiate communication with the directory service
  To initiate communication, run the User Directory Sync using a scheduling service, which is not included. 
• Create new entries in the directory service
• Modify the directory service

History

You can view the results of past LDAP syncs in your Incydr console at Administration > Settings > Identity Management in the Sync Log tab. For more details, refer to the Identity management reference.

Logs

Activity appears in the  ldapConnector.log file in the location where the Incydr User Directory Sync tool is installed.

To view the log files:

1. Sign in to the device where Incydr User Directory Sync is located. 
2. Go to /C42UserDirectorySync-<version>/logs
3. Select one of the ldapConnector.log files.  

External resources

• ZYTRAX: LDAP for Rocket Scientists
• Microsoft: Active Directory Domain Services 

Related topics

• Incydr User Directory Sync resources 
• Configure Incydr User Directory Sync
• Identity management reference
• User management with Incydr User Directory Sync
• Incydr User Directory Sync server hardening
• Identity management