The main purpose of reconcile process is to provide a mechanism to pull the existing accounts, roles and permissions from a managed system, in order to do a fast deployment of Soffid-IAM solution, or to detect unauthorized changes to salves repositories.
Not every system connector has the capabilities needed to execute the reconcile process.
Reconcile process steps
- Start a new reconcile process.
- Select the agent to reconcile (dispatcher handler field) and the date (execution date/time field) to start. Click on “Schedule” button, and the reconcile task will be planned to execute at defined date. Until the execution time arrives the task appears in 'Authomatic tasks' view.
- At this point, a tasks for every account and role will be lanch at synchronization server. You can be able to see this tasks in Monitoring screen. Their names were ReconcileUser and ReconcileRole.
Once all this tasks have been done, a business task will be assigned to the requester user. That user will be able to open the reconcile task. Three tabs will be shown, in order to reconcile accounts, roles and assignments.
After that user must select what to do with each reconciled item, he should press the button to proceed, and the accounts, roles and assignments will be get into Soffid.
In the three cases (accounts, roles and assignments) it is possible to select several rows and apply the same action.