13.4 How Does Synchronization Work?

After the Metadirectory engine determines that an object is to be synchronized, the following processes occur:

  1. Each system (the Identity Vault and the connected system) is queried for all attribute values in the appropriate filters.

    • eDirectory is queried for all values in the Subscriber filter, and for values that are marked for synchronization in Identity Manager 2.x and Identity Manager 3.x.

    • The connected system is queried for all values in the Publisher filter, and for values that are marked for synchronization in Identity Manager 2.x and Identity Manager 3.x.

  2. The returned attribute values are compared and modification lists are prepared for the Identity Vault and the connected system according to Table 13-1, Table 13-2, and Table 13-3.

    In the tables the following pseudo-equations are used:

    • Left = Right indicates that the left side receives all values from the right side.

    • Left = Right[1] indicates that the left side receives one value from the right side. If there is more than one value, it is indeterminate.

    • Left += Right indicates that the left side adds the right side values to the left side’s existing values.

    • Left = Left + Right indicates that the left sides receives the union of the values of the left and right sides.

There are three different combinations of selected items in the filter, and each one creates a different output.

13.4.1 Scenario One

The attribute is set to Synchronize on the Publisher and Subscriber channels, and the merge authority is set to Default.

Figure 13-1 Scenario One

The following table contains the values that the Metadirectory engine synchronizes when the attribute is sent through a filter that is set to the configuration for Scenario One. The table shows different outputs depending upon whether the attribute comes from the Identity Vault or the Application, if the attribute is single-valued or multi-valued, and if the attribute is empty or non-empty.

Table 13-1 Output of Scenario One

Identity Vault single-valued empty

Identity Vault single-valued non-empty

Identity Vault multi-valued empty

Identity Vault multi-valued non-empty

Application single-valued empty

No change

App = Identity Vault

No change

App = Identity Vault[1]

Application single-valued non-empty

Identity Vault = App

App = Identity Vault

Identity Vault = App

Identity Vault + = App

Application multi-valued empty

No change

App = Identity Vault

No change

App = Identity Vault

Application multi-valued non-empty

Identity Vault = App[1]

App + = Identity Vault

Identity Vault = App

App = App + Identity Vault

Identity Vault = App + Identity Vault

13.4.2 Scenario Two

The attribute is set to Synchronize only on the Subscriber channel, or it is set to Synchronize on both the Subscriber and Publisher channels. The merge authority is set to Identity Vault.

Figure 13-2 Scenario Two

The following table contains the values that the Metadirectory engine synchronizes when the attribute is sent through a filter that is set to the configuration for Scenario Two. The table shows different outputs depending upon whether the attribute comes from the Identity Vault or the Application, if the attribute is single-valued or multi-valued, and if the attribute is empty or non-empty.

Table 13-2 Output of Scenario Two

Identity Vault single-valued empty

Identity Vault single-valued non-empty

Identity Vault multi-valued empty

Identity Vault multi-valued non-empty

Application single-valued empty

No change

App = Identity Vault

No change

App = Identity Vault[1]

Application single-valued non-empty

App = empty

App = Identity Vault

Identity Vault = App

App = Identity Vault

Application multi-valued empty

No change

App = Identity Vault

No change

App = Identity Vault

Application multi-valued non-empty

App = empty

App = Identity Vault

App = empty

App = Identity Vault

13.4.3 Scenario Three

The attribute is set to Synchronize on the Publisher channel or the merge authority is set to Application.

Figure 13-3 Scenario Three

The following table contains the values that the Metadirectory engine synchronizes when the attribute is sent through a filter that is set to the configuration for Scenario Three. The table shows different outputs depending upon whether the attribute comes from the Identity Vault or the Application, if the attribute is single-valued or multi-valued, and if the attribute is empty or non-empty.

Table 13-3 Output of Scenario Three

Identity Vault single-valued empty

Identity Vault single-valued non-empty

Identity Vault multi-valued empty

Identity Vault multi-valued non-empty

Application single-valued empty

No change

Identity Vault = empty

No change

Identity Vault = empty

Application single-valued non-empty

Identity Vault = App

Identity Vault = App

Identity Vault = App

Identity Vault = App

Application multi-valued empty

No change

Identity Vault = empty

No change

Identity Vault = empty

Application multi-valued non-empty

Identity Vault = App[1]

Identity Vault = App[1]

Identity Vault = App

Identity Vault = App