This guide outlines the process behind the management action that facilitates synchronized user creation within our system. It details each step and demonstrates how it promotes efficient user account management across both on-premises and cloud environments.
Introduction
The “Create synchronized user” management and workflow action is a pivotal feature of our system. It enables smooth management of user identities across various platforms, ensuring that accounts created on-premises are accurately mirrored in the cloud. This harmonization provides unified access and control.
Process overview
Synchronized user creation unfolds in two primary phases:
1. On-premises account creation
In this initial phase, a user account is established within the on-premises environment.
Immutable ID calculation: a unique Immutable ID is generated for each user, derived from the ObjectID field. This ID is crucial for later linking on-premises and cloud accounts.
2. Cloud user creation
Following the on-premises setup, a corresponding cloud user account is created.
Setting the Immutable ID: The cloud user is assigned the same Immutable ID calculated during the on-premises account creation. Despite sharing this ID, the cloud and on-premises users are treated as separate entities at this stage.
Synchronization mechanism
The integration of these two user entities into a single synchronized user is achieved through Directory Sync:
- Linking accounts: Microsoft Entra Connect matches Immutable IDs across both environments, merging the respective user accounts. This process is essential for various operations and features, ensuring consistent user profile information across cloud and on-premises settings.
- Separation during initial setup: prior to synchronization, on-premises and cloud users are managed separately. This separation permits individual management, including the potential for cloud account deletion without impacting the on-premises counterpart.
Considerations and benefits
- Reduced sync time: establishing the cloud user immediately after creating the on-premises account significantly shortens the overall sync duration. This efficiency leads to faster provisioning and management.
- Visibility in CoreView: from the beginning, users are marked as synchronized in the CoreView portal, which aids administrators in managing and provisioning without waiting for the full sync process.
This synchronized user creation process is designed to streamline identity management across different environments. By understanding this process, administrators can enhance user account management, minimize delays, and ensure a cohesive user experience.