Knowledge Base

How to create new synced accounts

There are two possible methods of user sync in Claromentis - the LDAP tool and the user sync module.

Read more about each below and how you can create new accounts using these methods.

LDAP


The LDAP tool is a free solution and can only be set up with Azure Active Directory.

The username and password users log in with are controlled in your Active Directory.

Review our set-up guides here & here


New accounts will be created in the intranet when the sync runs, if all the following criteria are fulfilled:

  1. Has a unique DistinguishedName (DN)
  2. Is in active status in your Active Directory
  3. Is a 'memberof' the chosen syncing group(s) in Active Directory:

 

If the license limit on your site has been reached:

  • Any new accounts included will still be created by the sync, but these will be put into a blocked state
  • The audit log can be used to get an overview of what happened during the sync to each account that was included using the System > User filters:


     
  • See our guide on how to block users or purchase more licenses here for the next steps in this situation.
  • Once licenses are available, as long as the accounts created as blocked are still in the syncing group, they will be made active by the sync when the next scheduled one runs or an administrator triggers a manual sync from Admin > People > Synchronise > Click 'Reset':

 

Based on the above the team members responsible for managing your Active Directory and the LDAP tool should:

  1. Each have a local profile on your Intranet (separate from their synced profile) so they can log into this if any issues block LDAP profile login.
  2. Be made a sysadmin of your Intranet - so they can access the LDAP tool and make edits to it as required
  3. Be made an application administrator of People by a sysadmin - so they can trigger a manual sync from Admin > People if required, and also be able to check that user profiles have updated correctly.

 

User sync module


This module is a paid solution and can be set up with Azure Active Directory, Okta Universal Directory or using a CSV file update from a predefined location.

The username and password users log in with are controlled in your chosen external repository.

Review our detailed set-up guide here.
 

New accounts will be created in the intranet when the sync runs, if all the following criteria for each type are fulfilled:

Azure

  1. Has a unique DistinguishedName (DN)
  2. Is in active status in your Active Directory
  3. Is included in the syncing group(s) in Azure that have been chosen in the User Sync module 'security groups' field (found under 'directory settings') 

Okta

  1. Has a unique 'preferred_username'
  2. Is in active status in Okta
  3. Is included in the syncing group(s) in Okta that have been chosen in the User Sync module 'security groups' field (found under 'directory settings')

CSV

  1. Has a unique 'User match field' entry
  2. Is included in the CSV file being used at the next sync

     

If the license limit on your site has been reached:

Azure, Okta or CSV

  • The sync will still create any new accounts included, but these will be in a blocked state
  • The audit log can be used to get an overview of what happened during the sync to each account that was included under the System > Users filters

     
  • See our guide on how to block users to free up license spaces or purchase more to resolve the situation
  • Once licenses are available, as long as the accounts are still in the syncing group (or CSV file if this method), they will be made active by the sync when it next runs (or an administrator triggers a manual sync from Admin > People > synchronise > Click 'Reset')

 

Based on the above the team members responsible for managing your external repository and the User sync module should:

  1. Each have a local profile on your Intranet (alongside their synced profile) so they can log into this if any issues block synced profile log in
  2. Be made an application administrator of People by a sysadmin - so they can trigger a manual sync if required, and also check that user profiles have updated correctly.
  3. Be made an application administrator of the user sync module by a sysadmin - so they can edit the configuration and update details as necessary

 

Created on 4 December 2025 by Hannah Door. Last modified on 9 December 2025
create, user, sync

6 Views   

Share
Search Knowledge Base
Recent Articles