To reduce the time necessary to complete a sync for your directory,
you can now configure a filter for on-premise
directory groups and objects. Using the filter to sync only the objects that you use in your
Security policy also helps to ensure least-privilege access.
For an Active Directory or OpenLDAP directory, you can select or
deselect directory objects such as computers, containers, and
OUs.
For an Active Directory, you can also filter the directory groups
based on the domain name and group name or Common-Name. This ensures
that the Cloud Identity Engine retrieves only the groups that you
use in your Security policy rules.
By reducing the amount of data the Cloud Identity Engine retrieves
from your directory, you can significantly reduce the amount of time
necessary for the sync to complete and ensure compliance with
security and data storage policy requirements.
Configuring a filter is also a simple and easy alternative to
configuring SCIM for your directory if your regulatory requirements
or directory configuration does not support SCIM.
| 
