Attribute Synchronization

Attribute synchronization ensures that identity attributes in target systems remain up to date with the corresponding attributes in the source of truth. Veza Lifecycle Management provides configuration at two levels to control how and when attributes are synchronized.

Action Level

At the action level, there are two distinct options to govern provisioning and user update processes:

• Create new users - When enabled, the action will create new user accounts that don't exist in the target system

• Update active users - When enabled, the action can update existing user accounts with attribute changes from the source of truth

Attribute Level

At the attribute level, there are two explicit choices that define how and when attribute values are applied to user accounts:

• Set for new users only - The attribute value is set only when creating new user accounts

• Set for new and existing users - The attribute value is set for new accounts and updated for existing accounts when changes are detected

Both levels must be properly configured for an attribute to be continuously synchronized. For example, to keep an employee's department updated:

1. Enable Update active users on the Sync Identity action

2. Select Set for new and existing users for the department attribute

Recommended Settings

Set for new and existing users (continuously sync attributes that change during employment):

• First Name, Surname

• Department

• Title

• Manager

• Cost Center

• AD Distinguished Name (DN)

• AD User Principal Name (UPN)

• AD Email

Set for new users only (preserve stable identifiers):

• Active Directory sAMAccountName

• Email Addresses (for Email Write-Back action)

This configuration ensures that dynamic attributes remain up to date while preserving stable identifiers.