Sync conflicts that can occur when setting the primary service identities
When the primary authentication service is set (SetPAS), a synchronization is run on identities. This sync analyzes identities between the current primary service (source) and the new primary service (target) and then moves all identities from the target to the source.
An identity conflict during synchronization occurs when an actor contains an identity on both the source and target services.
Available actions for primary service change identities conflicts:
-
Override: Choose this action if you want to "Override the Identity in the New PAS" (Primary Authentication Service). This means you want to continue to use the identity for the "Current PAS".
-
Retain: Choose this action if you want to retain the identity in the New PAS. This means you want to use the identity in the "New PAS".
When you run an additional SetPAS procedure (after you have already performed SetPAS at least one time), you normally will not get any conflicts unless you change the identity or identity assignment on either local or remote system.
Example:
Current Primary Service: SSOPV2
New Primary Service: SSOP
All identities under SSOPV2 will be moved to SSOP. Moving of identities will be done in both Local and Remote Systems. Conflicts will be identified if an actor contains an identity in both SSOPV2 and SSOP service.
| Before Sync | ||
|---|---|---|
| Local System | Remote System | Action |
| Actor "adoe" does not have an identity for SSOPV2 |
Service: SSOP Identity User: anna Actor: adoe |
No action required. This will not show up in the conflict resolution page since this is not a conflict. |
|
Service: SSOPV2 Identity User: bert Actor: bdoe |
Actor "bdoe" does not have an identity for SSOP | No action required. This will not show up in the conflict resolution page since this is not a conflict. |
|
Service: SSOPV2 Identity User: cathy Actor: cdoe |
Service: SSOP Identity User: catherine Actor: cdoe |
Override identity in new primary service. Choosing this action means you want the actor "cdoe" to override the identity in the new primary service (SSOP) and use the identity in the current primary service (SSOPV2) which is "cathy".The actor "cdoe" has different identities in both SSOPV2 and SSOP. |
|
Service: SSOPV2 Identity User: dan Actor: ddoe |
Service: SSOP Identity User: dan Actor: ddoe |
Retain identity in new primary service. The actor "cdoe" has different identities in both SSOPV2 andThe actor "ddoe" has different identities in both SSOPV2 and SSOP. Choosing this action means you want the actor "ddoe" to use the identity in the new primary service (SSOP) which is "danny". |