Skip to content

UserSync: Data Access Users#

This topic describes how to connect USERSYNC to PrivaceraCloud to connect to external resource (such as LDAP, AD, AAD, SCIM, OKTA, and SCIM-SERVER) for the purpose of connecting, pulling, or serving as data access users.

Connect Application#

You can connect your application using existing system or add new one.

  1. On your system dialog, click the three dots menu and click Add Application.

  2. In the Application List, click USERSYNC.

  3. In the Service Type list, select any of the following connection protocol/service you wish to connect:

    • LDAP
    • AD
    • AAD
    • SCIM (System for Cross Identity Management - Client)
    • Okta
    • SCIM-SERVER (System for Cross Identity Management - Server Endpoint)
  4. Enter the Connector Name and click NEXT.

LDAP, AD, or AAD Connection#

If you wish to connect LDAP, AD, or ADD, do the following:

  1. In the BASIC tab, enter the values. See below table.

    Property Example
    Service URL "ldap://dir.privacera.us:389"
    Bind DN "CN=Bind User,OU=privacera,DC=ad,DC=privacera,DC=us"
    Bind Password as needed
    Search Base "DC=ad,DC=privacera,DC=us"
  2. In the ADVANCED tab, the value in the Authentication Type field must be simple.

    To enable paging for UserSync via LDAP:

    1. select the Incremental Search check box.

    2. In the Add Custom Properties text box, set the following properties:

      usersync.connector.results.paged.enabled=true
      usersync.connector.results.paged size=<Results_Per_Page>
      
      3. Click Next.

    The configuration wizard will advance you through the configuration pages. Complete and step through each of the pages.

  3. Complete all BASIC values, then review and update ADVANCED values as required.

  4. Click FINISH.

SCIM, OKTA, and SCIM SERVER#

If you wish to connect SCIM, OKTA, and SCIM SERVER, do the following steps:

Prerequisites#

  • OKTA: Pull data access users and groups from Okta. PrivaceraCloud will use Okta protocols in client-mode to connect to an Okta enabled SCIM-Server. It will synchronize with the targeted server to obtain data access users and groups.

  • SCIM: Pull data access users and groups from the generic SCIM 2.0 compliant server.

  • SCIM-SERVER: Configure to allow data access users and groups to be provided (pushed) to your PrivaceraCloud account from a SCIM 2.0 client, including push integration with an Okta Identity Provider. See SCIM Server User-Provisioning for detailed setup instructions.

Steps#

  1. In the BACIS tab, enter Endpoint URL and Bearer Token.

  2. Click Next

    The configuration wizard will advance you through the configuration pages. Complete and step through each of the pages.

  3. Complete all BASIC values, then review and update ADVANCED values as required.

  4. Click FINISH.

Customize User Details on Sync#

You can use advanced settings to perform a variety of transformations on user-related data from your Identity Provider (IdP).

  1. In the Base User Attributes page, go to the ADVANCED tab.

    In the Customize Base LDAP Source Attribute Keys dropdown, do the following:

    • Apply to Attribute(s): Specify the names of LDAP attributes to which these customizations apply.

    • Extract from email: Extract the username portion of an email address value from the username attribute field. The username then becomes the value to the left of the @-sign of the email address.

      Duplicate usernames map to a single username.

      Usernames in email addresses (the left-hand side of the @-sign) that are identical even if they are different domains (the right-hand side of the @-sign) are considered the same user on import. The following example email addresses with different domains result in the same user on PrivaceraCloud:

      • BillSmith@Division1.BigCo.com
      • BillSmith@Division2.BigCo.com
    • No Conversion: If you select any of the following conversions, this radio button is unselected.

    • Convert attribute values to lowercase. Allowable values: true or false.

    • Convert attribute values to uppercase. Allowable values: true or false.

    • Prefix to Prepend. Allowable values: String to prepend.

    • Postfix to Append. Allowable values: String to append.

    • Regex Replace Expression. Allowable values: Substitute any string represented by a regular expression with another string. Requires Linux-editor-style s command, with optional g for global replacement. Examples:

      • Regexp s/ch/AAA/g: ch (a simple string) is globally replaced with AAA.
      • Regexp s/[123]//: The first occurrence of the number 1 or 2 or 3 is removed.
      • Regexp s/a[bc]/z/: The first occurence of the letter a optionally followed by either b or c is replaced by z.

Last update: February 22, 2022