Connector GuidesConnectors GuideConnecting to EndpointsCA Top Secret ConnectorBest PracticesUnderstanding Account Templates › Understanding Synchronization

Previous Topic: Understanding Account Templates

Next Topic: Capability Attributes

Understanding Synchronization

Synchronization can be either weak or strong. You can set the type of synchronization you want on the account template. For the CA Top Secret Connector, the default action is set to strong synchronization. When you use Provisioning Manager to modify an account template, strong synchronization automatically enforces the attributes on the account template to the account. Any attributes that are enabled at the account level and disabled at the account template level are disabled at the account level after synchronization completes. For more information, see Synchronization in Provisioning Manager in the Administrator Guide.

When weak synchronization is performed, the attribute in the account and the attribute in the account template are compared. For example, for Boolean attributes, if an attribute is turned on in the account template and off in the account, it is turned on at the account level. If the attribute is turned off (a value of 0) at the account template level and on (a value of 1) at the account level, the attribute remains on after synchronization occurs. Consequently, the greater value of the attributes, whether in the account template or in the account, takes precedence and is applied.

This same rule applies for string values. For example, if the value for TSOPROC is equal to PROC111 in the account template, and the value that an account has is equal to PROC999, when synchronization occurs, the value on the account remains the same because PROC111 is less than PROC999.

Assigning multiple policies to a role increases the complexity of the merging algorithm, even when using strong synchronization. If multiple policies are assigned to a role, the same logic is used to determine the value applied to the account. For example, if account template1 has a value of CAPROC with strong synchronization selected, account template2 has a value of DAPROC with strong synchronization selected, and the account already has ACPROC, when synchronization completes, the account is updated to DAPROC (the greatest of the three values). This algorithm also applies when a global user is assigned to multiple provisioning roles and each provisioning role has an assigned account template.