Syncing users based on their access rights
When you map a user directory to an application in Crowd, you can choose which users are synced with the application based on their access rights to it. It might be useful to limit the synced users to only those who can actually access the application, as syncing anyone else is redundant in most cases.
To choose which users will be synced with your application:
Log in to the Crowd Administration Console.
In the top navigation bar, click Applications, and choose your application.
Select the Directories & groups tab.
Scroll down to Access-based synchronization, and choose one of the options.
考慮事項
Here’s some additional details:
Your settings will apply to all Crowd APIs used by your applications
Membership aggregation and nested groups are supported.
If a user exists in multiple directories, their access rights in the first one will decide whether they’re synced or not.
You can only use full synchronization, the incremental one isn’t supported.
- When All groups, but only users with access rights is enabled, applications will not be able to create users in Crowd.
- When Only users and groups with access rights is enabled, applications will not be able to create users and groups in Crowd.
How syncing works with aggregated group memberships
You might encounter some confusing cases if you’re using aggregated group memberships. If something isn’t synced the way you expect it, have a look at the use cases we’ve described below.
Sample scenario
You have two directories mapped to an application. In Directory 1, the user john belongs to group A, while in Directory 2 — group B. You also have the Determine the users' group memberships using all directories option enabled.
トラブルシューティング
Having problems? Check the details below: