Cloud Identity Engine Getting Started
    : Synchronize Cloud Identity Engine Tenants
    Focus
    Download PDF
    Focus
    1. Home
    2. Cloud Identity
    3. Cloud Identity Engine Getting Started
    4. Manage the Cloud Identity Engine App
    5. Cloud Identity Engine Tenants
    6. Synchronize Cloud Identity Engine Tenants
    Download PDF

    Cloud Identity Engine Getting Started

    Synchronize Cloud Identity Engine Tenants

    Table of Contents

    Synchronize Cloud Identity Engine Tenants

    Learn how to synchronize changes to your directory attributes in your Cloud Identity Engine tenants.
    There are two ways that the Cloud Identity Engine synchronizes changes to your directory attributes:
    • A full sync, which is a complete sync of the entire directory.
    • A sync of just the changes to the directory since the last successful sync, which takes much less time to complete (
      Not supported with Google Directory
      ).
    By default, the Cloud Identity Engine app synchronizes the directory attributes:
    • Every five minutes with the changes since the last successful sync (
      Not supported with Google Directory
      ) unless a sync is already in progress.
    • Weekly with a complete sync of all configured directories (
      Not supported with Google Directory
      ).
    • Based on the schedule you select (
      Google Directory only
      ).
    The time to synchronize data depends significantly on the number of changes, the size of the directory, and the amount of group nesting.
    To refresh your Cloud Identity Engine tenant with any recent changes in your directory before that time, you can select how you want to synchronize changes to the attributes for your configured domains.

    Synchronize All Attributes

    Synchronizing all attributes (a full sync) is recommended if you are experiencing issues or lose connectivity.
    For on-premises directories, all agents and domains for the tenant must be active for the sync to complete successfully.
    1. Log in to the hub and select the
      Cloud Identity Engine
       app.
    2. Select the directory you want to synchronize, then select
      Directories
      .
    3. Select
      Actions
      Full Sync
       to initialize the synchronization for the directory type you want to synchronize instantly.
      For an on-premises Active Directory, click
      Full Sync
      .
      The synchronization starts immediately and a confirmation message (
      Sync started
      ) displays. The sync may take some time to complete, so make sure you click
      Full Sync
       only once. If a synchronization is currently in progress when you try to synchronize, a warning message (
      Sync in progress
      ) displays at the top of the screen.
    4. To confirm the synchronization is complete, verify the
      Sync Status
       is
      Success
      .

    Synchronize Directory Changes

    You can sync just the changes to your directory, which is much faster than a full sync of your directory. By default, the Cloud Identity Engine syncs changes for most attributes every five minutes unless a sync is already in progress.
    For Azure Active Directory (Azure AD) and Okta, the Cloud Identity Engine syncs attributes for users and groups every five minutes; for Azure AD, a sync for devices occurs daily if the previous device sync required less than 24 hours to complete. If completing the device sync required more than 24 hours, the next sync occurs at the interval of the duration for the previous device sync (for example, if the previous device sync required 26 hours, then the next sync would occur 26 hours from the previous successful sync).
    1. If you have not already done so, configure a directory.
    2. After making changes to your directory, select
      Actions
      Sync Changes
       to sync the changes for your directory.
      For an on-premises Active Directory, click
      Sync Changes
      .
      The sync may take some time to complete, so make sure you click
      Sync Changes
       only once. We recommend a full sync of your directory if you lose connectivity or are experiencing issues. To sync the entire directory, Synchronize All Attributes in a full sync. If a full sync is in progress, you cannot sync changes. After a full sync completes in the Cloud Identity Engine app, the firewall must also complete a full sync.

    Set Synchronization Interval

    This sync option is available for Google Directory only.
    1. Log in to the hub and select the
      Cloud Identity Engine
       app.
    2. Select the tenant you want to synchronize, then select
      Directories
      .
    3. Click
      Sync Every:
       for the directory type interval that you want to change and select the interval.
      • 6 Hours
      • 12 Hours
      • 24 Hours
         (Default)
      After you select an interval, a confirmation message displays at the top of the screen.

    Synchronize Attributes Instantly

    This sync option is available for Google Directory only.
    1. Log in to the hub and select the
      Cloud Identity Engine
       app.
    2. Select the tenant you want to synchronize, then select
      Directories
      .
    3. Sync Now
       to initialize the synchronization for the directory type you want to synchronize instantly.
      The synchronization starts immediately and a confirmation message (
      Sync started
      ) displays. If a synchronization is currently in progress when you try to synchronize, a warning message (
      Sync in progress
      ) displays at the top of the screen.
    4. To confirm the synchronization is complete, verify the
      Sync Status
       is
      Success
      .

    Recommended For You

    © 2024 Palo Alto Networks, Inc. All rights reserved.