Soffid Sync Server installation


First of all, open your favorite browser and surf on the internet to Soffid Download Manager.

Click on Synchronization server and download the latest version for your OS.

As soon as Soffid Synchronization server file ( is stored in your computer, copy it in a folder of your server with execution rights.


Red Hat servers

Please download rpm installer version and execute:

rpm -i SoffidIAMSync_linux-1.3.0.rpm

Linux Hosts 64 bits

32 bits libraries installation will be needed: ia32-libs.

Windows Servers

If you want to install AD agent, please check if SSL access to active directory LDAP is enabled before the installatopm. If it is not enabled, please read the document named HOWTO SSL access to Active Directory

Please execute:

SoffidIAMSync_windows-1.3.0.exe -c

System will ask for optional components to install:

SAP connector must be installed on the host responsible for the synchronisation of accounts and passwords to the SAP system. It is not necessary to install it on the synchronisation servers when synchronisation is done by a proxy server.

Active Directory synchronisation passwords should be installed on all domain controllers without exception. This module allows the immediate propagation of all password changes on the active directory to Soffid IAM.

To configure password synchronisation, please specify the server synchronisation URL during the installation process, as well as the synchronisation agent code used on the configuration (see 4.2 Configuring agents).

To install or uninstall the synchronisation server a restart of the host is needed.

Boot service configuration

Execute these commands as root to start Soffid Sync Server service on boot

ln -fs /opt/soffid/iam-sync/jboss/bin/soffid-sync /etc/init.d/soffid-sync
ln -fs /etc/init.d/soffid-sync /etc/rc1.d/K01soffid-sync
ln -fs /etc/init.d/soffid-sync /etc/rc2.d/S06soffid-sync
ln -fs /etc/init.d/soffid-sync /etc/rc3.d/S06soffid-sync
ln -fs /etc/init.d/soffid-sync /etc/rc4.d/S06soffid-sync
ln -fs /etc/init.d/soffid-sync /etc/rc5.d/S06soffid-sync
ln -fs /etc/init.d/soffid-sync /etc/rc6.d/K01soffid-sync

Note that if you are running Centos, Redhat7 o version higher than Ubuntu 16.04, you should enable the service in systemctl

sudo systemctl enable soffid-sync

Once you have installed and configured Soffid Sync Server as a service, you could manage it with the following operations

service soffid-sync status
service soffid-sync restart
service soffid-sync start
service soffid-sync stop


First synchronisation server configuration

It is not recommended to install the first sync server on the same host where the database is installed.

To configure the server, please execute the following commands:

On Linux:

/opt/soffid/iam-sync/bin/configure -main -hostname hostname -port 760 -dbuser soffid -dbpass pass -dburl jdbc:mysql://localhost:3306/soffid

On Windows:

%ProgramFiles%\soffid\iam-sync\bin\configure -main -hostname hostname -port 760 -dbuser soffid -dbpass pass -dburl jdbc:mysql://localhost:3306/soffid

User and password must be the ones created during the installation process.

The hostname must be included on the seycon.server.list configuration parameter. The Soffid installation process adds the console host name to that list. The list can be modified through the Configuration-Parameters menu. To modify the attribute seycon server list, edit the parameter value, and insert all the master synchronisation server URLs separated by comma.

The hostname value must be a FQDN (fully qualified domain name), for example ""  or in a test environment "syncserver.soffid.lab"

The url connection parameter depends on the database system:

If the synchronisation server is installed onto the active directory server, please configure the notifier for password updates. To configure it, please ensure that the synchronisation server is running. Then, please execute:

On 32 bits systems:

../IAM-Sync/eris/eris-ad-service.exe CONFIGURE https://[HOSTNAME]:760/ [agent_name] | more

On 64 bits systems:

../IAM-Sync/eris64/eris-ad-service.exe CONFIGURE https://[HOSTNAME]:760/ [agent_name] | more

Next servers configuration

In order to configure the next server syncservers, a two step process is required: first, a normal user installs and configure the sync server softwar; next, a Soffid administrator allows the sync server to join the sync servers network.

To perform the next step, you do not need to enter the database credentials. Instead, the primary sync server URL and a Soffid console user name and password are required.

For instance, you can execute:

On Linux:

/opt/soffid/iam-sync/bin/configure -hostname hostname -user usuario -pass pass -server https://<yourserver>:760 -tenant master

On Windows:

%ProgramFiles%\soffid\iam-sync\bin\configure -hostname hostname -user usuario -pass pass -server https://<yourserver>:760 -tenant master

After executing the command, an approval task will appear in Soffid console. The administrator can take ownership of the task and approve or reject it. After approving the server creation, the server will be configured as a proxy sync server (without database access).

The administrator can open the sync servers configuration page to change the sync server role at any time.

Configure a synchronization server proxy without approval in UI

First of all, you have to install version 2.6.0 of Soffid synchronization server (expected deployment date: March 15, 2019). Once installed, proceed with the following protocol:

Thus, you can bypass the standard workflow needed for a sinchronization server to join the synchronization servers security network. Otherwise, the standard approval  workflow will be required.

Renaming a sync server

You can rename any sync server at any time by removing the conf directory and executing the configure process again, but the main sync server is a special case. If you remove the conf directory, the certification authority managed by the main sync server will be lost, and every single sync server will be thrown out of the security domain.

Instead, to reconfigure the main sync server you can execute

On Linux:

/opt/soffid/iam-sync/bin/configure -main -force -hostname hostname -dbuser soffid -dbpass pass -dburl jdbc:mysql://localhost:3306/soffid

On Windows:

%ProgramFiles%\soffid\iam-sync\bin\configure -main -force -hostname hostname -dbuser soffid -dbpass pass -dburl jdbc:mysql://localhost:3306/soffid

User and password must be the ones created during the installation process.

The Soffid installation process changes console setup to reflect the new sync server name

The url connection parameter depends on the database system: