Follow the advice in this guide to effectively manage your sync (LDAP or User sync module) over time.
- Creating new accounts
- Editing account information (incl username changes)
- Resetting passwords
- Deleting accounts
We strongly recommend that the team responsible for managing your sync and the external repository e.g. Azure, Okta, etc (usually IT) are made sysadmins and people application administrators in the Intranet so they can oversee the user changes as required.
If they are not, management responsibility falls to the current sysadmins and People administrators to communicate with that team to ensure changes are made and confirmed in the Intranet as needed.
Creating new accounts
Advice for the type of sync in use on your site can be found here
Editing account information
Mapped fields will update on every sync to reflect the information in your external repository, e.g. Azure, Okta, etc
Entries for users in mapped fields cannot be edited locally, and if they are, changes will be reverted on the next sync.
If you need to update the data in a mapped field for a user, do so in your external repository first, then trigger a manual sync in Admin > People > Synchronise > Click 'reset' to push this through.
The changes made should appear in the mapped fields for the syncing users in the Intranet.
For LDAP - Mapped fields can be managed in section 3 of the tool.
For the user sync module - Mapped fields can be edited in the 'Provider' tab.
Username changes
Username is the unique identifier in claromentis, so no two accounts can have the same username.
Follow the appropriate advice below for your sync to change the username of an account already synced.
If you encounter any issues in changing the username for a sync account, please raise a support ticket so we can assist further.
- LDAP
To prevent a new Intranet account from being created for the new username being pushed in the sync:
- Locate the account in Admin > People, then change its 'directory' field to 'local'
- Scroll down and click 'update' to save this
- Now you can edit the username field to reflect the new one
- Once done, click 'update' to save again
- Now edit the 'directory' field again and select the appropriate directory, and save one more time.
- Now trigger a manual sync from Admin > People > Synchornise > Click 'Reset'
- Check the account username has been updated rather than a new profile being created
- User sync module
If you need to change a synced account's username, this will need to take place in the external repository first.
As long as the external ID of the user remains unchanged, the current profile in the Intranet will be updated to match, instead of a new user profile being created with the updated username.
Resetting passwords
Log in credentials (username & password) are both controlled in the chosen external repository that the sync has been set up with.
If a user needs a password reset, this needs to be carried out by the team responsible for managing your sync and/or external repository.
Deleting accounts
Accounts cannot be deleted in the Intranet using the sync; instead, if an account meets the following criteria, it will be blocked in the Intranet:
- Is in blocked status in your external repository and is still included in the syncing group
- Has been removed from the syncing group (but was in this previously)
Blocked accounts can be reactivated or deleted permanently by People administrators.
Please note: Once deleted, data cannot be retrieved, so only carry out deletions when you are sure the data is no longer needed
As blocked accounts do not contribute to user licenses, we recommend leaving them as blocked until it is confirmed that they need to be deleted.
