UserSync¶
UserSync is a user provisioning service that synchronizes user-related data between external systems and Privacera. Users and groups provisioned by UserSync are for the purpose of access policy authoring and enforcement.
The following are the general types of UserSync:
Pull Based Sync¶
Synchronization by pulling user data from external systems into Privacera. UserSync pulls an initial set of defined identities from these systems and keeps the set of identities updated with refresh queries, approximately once an hour.
When configured for Data Plane mode, pull based UserSync connectors are typically deployed in the Data Plane.
The following are the general types of pull based UserSync:
- LDAP/AD Connector - LDAP(S) - Active Directory (AD) or OpenLDAP
- Entra ID (AAD) Connector - Microsoft Entra ID formerly Azure Active Directory (AAD) via Microsoft Graph API
- SCIM Connector - SCIM - Systems that expose System for Cross-domain Identity Management (SCIM) endpoints
- Okta Connector - Okta via Okta User REST APIs
Push Based Sync¶
Synchronization by pushing user data from external systems to Privacera.
SCIM Server Connector - UserSync provides SCIM endpoints allowing external applications to push user and group information to Privacera.
Data Plane
When configured for Data Plane mode, SCIM Server UserSync is recommended to be deployed in PrivaceraCloud.
The following are some examples of SCIM Server UserSync integrations:
- Okta
- Microsoft Entra ID (AAD)
- OneLogin
- Most other systems using System for Cross-domain Identity Management (SCIM).