Page tree

Versions Compared


  • This line was added.
  • This line was removed.
  • Formatting was changed.


Table of Contents

Managed systems


Not all the agents have all the configuration implemented, some agent only have some features available.


Image Modified

Generic parameters

Image Modified

Each agent will have the following parameters:

Task engine mode

This is a info alert to show you the current "Task engine" configuration . For more information: Task engine

CodeName of the agent
DescriptionDescription of the agent
TypeImplementation of the server plugins included in the connectors installed

The server where to run the agent:

  • If “Each main synchronization server” is selected, the agent will be run by every sync server
  • If you select a single sync-server, the agent only will be run in that server
  • If you leave the list in blank, the agent will be disabled
Shared ThreadTo share the same thread to several synchronization servers
Task timeout (ms)To add a timeout to the synchronization server tasks (query, insert, update, delete, update password, etc). If you add a timeout, when the connection get this timeout, the synchronization server will stop the request and add it to the queue for a new retry later.
Long task timeout (ms)To add a timeout to the reconciliation server tasks (user, group, role, account, grants, etc). If you add a timeout, when the connection get this timeout, the synchronization server will stop the request (no retry is added).
Trust password

Check it if you can trust on it to propagate their passwords to Soffid. Trusted password agents differ from the non-trusted in:

  • Temporary passwords generated from the console only propagate to agents that have trusted password checked. In the other case, the agents only receive definitive passwords.

  • When a password has reached its expiry date it will automatically be disabled on agents where trusted password is not checked, so the user can no longer access it.

  • When the managed system detects a change in the user request password, the password will be propagated to Soffid only if in the agent associated trusted password is checked.

Authoritative identity sourceCheck this box if the agent will be used as the source for users information. Optionally, you can select a custom workflow to process incoming changes. User automatic task management page to schedule import tasks
Read onlyIf this box is checked, no change will be applied to the managed system. Only read operations will be allowed
Manual accounts creationCheck it if you don't want Soffid to create automatically new accounts for the user
Role basedCheck it if only users with any role on this agent should be created. Uncheck to allow users with no role on it
GroupsIf any is specified, only users belonging to such organization unit will be created. Other users will be deleted or disabled
User and password domainSelects the way accounts and password will be managed. See Agents account management page
User typesOnly users of this type will be created. Any change made in this field involves all accounts to be recalculated. New ones will be added to the repository and managed systems. Some accounts will get disabled if the owner user does not longer belong to any authorized user type

Custom attributes

Image Modified

The other attributes depend on the used plugin. See Agents Guide to get details about specific plugin parameters.

Synchronization buttons

Image Modified

At the upper right side of the page, you will find three icons. This icons allows administrator to enforce synchronization of users, , roles,  and groups, . If you press on them, a set of tasks will be scheduled to synchronize all of them.


When the mapping is bidirectional, both sides of the mapping must be naming a single account, but when the mapping is one way, the source attribute can be replaced with a bean Shell expression. 

Image Modified


Some agents require to configure some custom attributes in this properties section.



Accounts are default objects in Soffid but, depending on the system they link to, they can not be treated as an identity, group, role, mailing list or application, so custom objects to add additional data to the accounts should be created specifically for each agent using the account metadata tab.

Image Modified

To proceed to it, click on to set a new metadata.


It can also be checked on the "user" screen, by selecting a user and accessing the "Accounts" tab

Image Modified

Then, click on  located to the right of the account pointed to by the agent in which the metadata were defined.