New Features - Cloud Identity Engine - August 2025

To reduce the amount of time necessary to complete a complete sync for your directory, you can now configure a filter for on-premises directory groups and objects.

Using the filter to sync only the objects that you use in your Security policy also helps to ensure least-privilege access.

For an Active Directory or OpenLDAP directory, you can select or deselect directory objects such as computers, containers, and OUs.

For an Active Directory, you can also filter the directory groups based on the domain name and group name or Common-Name. This ensures that the Cloud Identity Engine® retrieves only the groups that you use in your Security policy rules.

By reducing the amount of data the Cloud Identity Engine retrieves from your directory, you can significantly decrease the amount of time necessary for the sync to complete and ensure compliance with security and data storage policy requirements for least-privilege access.

Configuring a filter is also a simple and easy alternative to configuring SCIM for your directory if your regulatory requirements or directory configuration does not support SCIM.