Synchronization

To specify what this authentication source does:

1. Under General Info, choose whether you want to use this authentication source to authenticate user credentials, import users and groups, or both:

• To import users and groups and authenticate user credentials, choose Authentication and Synchronization. You must also specify what you want to synchronize (step 3).

• To authenticate user credentials, but not import users and groups, choose Authentication Only.

• To import users and groups, but use an authentication partner to authenticate user credentials, choose Synchronization with Authentication Partner. You must also specify the authentication partner (step 2), and what you want to synchronize (step 3).

2. If you chose Synchronization with Authentication Partner, in the Authentication Partners drop-down list, choose the authentication source you want to use for authentication (SSO or another authentication source). If the authentication partner is unavailable, this authentication source will attempt to authenticate users.

Choose SSO Authentication Source to use SSO as specified in the portal configuration file .

3. If you chose Authentication and Synchronization or Synchronization with Authentication Partner, you must also specify what you want to synchronize:

• To import all users and groups from the source domain, choose Full Synchronization. The membership of each imported group matches the membership of the corresponding source group.
  
  If a group or user is removed from the source domain, the imported group or user is removed from the portal the next time you run the job associated with this authentication source.

• To import the users found in some groups, but not all of the users found on the source domain, choose Partial Users Synchronization.
  
  After you run the job associated with this authentication source, all of the groups on the source domain are imported into the portal, but no users are imported. You can then choose which of these groups you want to fully synchronize on the Fully Synchronized Groups page of this editor. On consecutive synchronizations, all new groups are imported, but the only users that are imported are the ones that are members of the fully synchronized groups.

• To import all users, but only selected groups, choose Partial Groups Synchronization. To choose this mode:

1. Synchronize at least once in Full Synchronization or Partial Users Synchronization mode.

2. Delete all unwanted groups.

3. Return to this page of the editor and choose Partial Groups Synchronization. On successive runs of the job associated with this authentication source, no new groups are imported, but all new users are imported.

• To import selected users and selected groups, choose Partial Users and Partial Group Synchronization. To choose this mode:

1. Synchronize at least once in Partial Users Synchronization mode.

2. Delete all unwanted groups.

3. Return to this editor and, on the Fully Synchronized Groups page, choose the groups from which you want to import users.

4. On this page of the editor, choose Partial Users and Partial Group Synchronization. On successive runs of the job associated with this authentication source, no new groups are imported, and the only users that are imported are the ones that are members of the fully synchronized groups.

• To not import any users or groups, choose No Synchronization.

4. If you have users and groups distributed among different authentication sources, you can allow groups in this authentication source to include users from another authentication source. To do this, select Import user and group memberships from other authentication sources.

5. In the Import batches of text box, type the number of users you want to import at a time.
   
   The default batch setting is 1000 users. Some databases cannot support a batch of 1000; the most common reason is that the database runs out of space in the rollback segment because it attempts to add all 1000 users within one transaction. This situation terminates the transaction, and no users are imported.
   
   Note: Raising the import batch number can improve the time it takes to synchronize.

• To display the page associated with this help topic:

1. Click Administration.
2. Open the Authentication Source Editor:
• To create a new remote authentication source:
1. Open an administrative folder.
2. In the Create Object menu, click Authentication Source - Remote.
3. In the Choose Web Service dialog box, select the appropriate Web service and click OK.
• To edit an existing remote authentication source:
1. Navigate to the remote authentication source you want to edit.
2. Click the remote authentication source name.
3. On the left, under Edit Object Settings, click Synchronization.