Skip to content

About Privacera UserSync

Privacera UserSync is a feature that allows you to synchronize users and groups from external identity providers into Privacera. This is particularly useful for organizations that manage their user identities in a centralized system like Active Directory or LDAP, Okta, Entra. UserSync ensures that the user and group information in Privacera is always up-to-date with the external identity provider.

Please refer to UserSync documentation for more details on how to set up and configure UserSync.

SCIM (Push) Support

Privacera supports SCIM (System for Cross-domain Identity Management) for user and group synchronization. This is the recommended method for syncing users and groups from external identity providers. SCIM allows filtering of users and groups that need to be synced. This is particularly useful for organizations that have a large number of users and groups, as it allows you to sync only the relevant users and groups.

There are few advantages of using SCIM for user and group synchronization:

  1. Real-time & Selective Sync: SCIM provides real-time updates and filtering capabilities, allowing you to sync only relevant users and groups—ideal for large organizations.
  2. Standardized Protocol: SCIM is a standardized protocol for user and group synchronization. This means that it is widely supported by many identity providers, making it easier to integrate with existing systems.
  3. Security: SCIM uses OAuth 2.0 for authentication and authorization, ensuring that the synchronization process is secure.

SCIM Limitations

There are some limitations to SCIM support:

  1. Public Access to SCIM Endpoint: The SCIM endpoint must be publicly accessible for the synchronization to work. This limitation does not apply to PrivaceraCloud.

Pull Support

As an alternative to SCIM, Privacera also supports pulling users and groups from external identity providers. In this method, Privacera's UserSync service periodically queries the external identity provider for user and group information. Any changes made in the external identity provider are reflected in Privacera during the next sync cycle.

Here are the advantages of using Pull for user and group synchronization:

  1. No Public Access Required: The external identity provider does not need to be publicly accessible. This is particularly useful for organizations that have strict security policies and do not want to expose their identity provider to the internet.
  2. Less Configuration: Pull does not require any additional configuration in the external identity provider. This makes it easier to set up and manage.

Pull Limitations

There are some limitations to Pull support:

  1. Latency: Pull synchronization is not real-time. Changes made in the external identity provider may not reflect immediately, depending on the sync interval.

Comments