Synchronize data from external authentication systems
Hipchat Data Center stores a cache of directory information in the application database to ensure fast access to user data. For LDAP and Crowd directories, a synchronization task runs periodically to update the internal Hipchat cache. For SAML directories, user information is only updated on login attempt, and only if you have synchronization enabled.
The cache is stored in the Hipchat application database; however, all authentication (login) calls are made to the external directory. The Hipchat user cache does not store user passwords. All non-authentication queries (such as profile lookups) run against the internal cache.
Synchronization with SAML
If you are using an SAML authentication system, Hipchat does not do periodic synchronization to update cached users. The SAML user detail cache is only updated on login attempt, and only if SAML is configured with Synchronize profiles enabled. If you are using SAML, you probably also want to enable Just-in-time provisioning (JIT) so that you do not need to manually create each user in the Hipchat directory first.
Directory synchronization and updates
When you connect a new external user directory to Hipchat, a background synchronization task starts and copies all the required users, groups, and membership information from the external directory to the application database. This task may take a while to complete, depending on the size and complexity of the directory. Users cannot log in until their user records have been copied to the Hipchat cache.
Once connected, Hipchat runs a periodic synchronization task, which updates the database with any changes from the external directory. By default, this task runs every 60 minutes; however, administrators can change the synchronization interval from the directory configuration screen. You can also manually synchronize the cache.
Removed, deleted, and deactivated users
If users were deleted from the external directory, they will still exist in Hipchat Data Center, even after synchronization. Hipchat Data Center keeps the deleted users so that their chat history is not lost. Deleted or deactivated users do not count against the number of users allowed by your license. To view the deleted users, log in to the admin UI, click User management and click Show deactivated.
If you disconnect the external directory (in User management > External directory), users will no longer be able to log in.
Change how often a directory synchronizes
By default, Hipchat runs the directory synchronization task every 60 minutes. The length you choose for your synchronization interval depends on how long you can tolerate stale data, how much load you can put on the directory server, and the size of your user directory. If you synchronize more frequently, your data will be more up to date. However, synchronizing more frequently can slow down your server with requests.
To change how often Hipchat updates its directory cache:
- Log in to the Hipchat Data Center admin UI.
- Click User management, and click the External directory tab.
- Locate the directory that you want to change, and click Edit.
- Open the Advanced Settings section, and find the Synchronization Interval field.
- Enter the new interval in minutes, and click Save and Test.
Manually synchronize the cache
You can manually synchronize the cache by clicking Synchronize on the User Directories screen. You can only run one synchronization task at a time, so you may need to wait if one is already in progress.
Find the time taken to synchronize
The External directory screen in the User management section includes information about the last directory sync, including how long the sync job took.
Flush the cache
In the unlikely event that the cache is corrupted, the only way to flush it is by clicking Disable then Enable. This step will briefly prevent users from logging in while the sync is running, but will not disconnect any users that are online already.