# Sync Identities Synchronizes identity attributes between systems, with options to: * Create new identities if they don't exist * Update attributes of existing identities * Enable continuous sync to keep attributes aligned with the source of truth **Example Use Cases:** * Create new user accounts in target systems when employees join * Update user attributes when information changes in HR systems * Ensure consistent user information across multiple platforms | Setting | Description | | ------------------------ | -------------------------------------------------------------------------------------------------------------------------------------------------------------------- | | Entity Type | The data source and type of identity to sync (e.g., Okta User, Azure AD User) | | Create Allowed | Whether new identities can be created if not found | | Attribute Sync | Keep attributes in sync even after initial creation | | Common Synced Attributes | Shared transformation rules across multiple sync actions | | Action Synced Attributes | Create, format, and modify the specified target attributes. See [Transformers](/4yItIzMvkpAvMVFAamTf/features/lifecycle-management/transformers.md) for more details | | Unique Identifier | The attribute Veza uses to locate an existing user when syncing. Defaults to the integration's primary identifier (for SCIM integrations, `userName`) | **Password output (Early Access)** When password output is enabled, the password generated during identity creation is available to subsequent workflow actions via transformer expressions. Use `{EntityType.password}` syntax to reference it, such as `{OktaUser.password}` in a Send REST Request payload. This is useful in joiner workflows where Veza provisions a new account and needs to pass the generated password to a downstream system such as an HR portal or ticketing API. {% hint style="warning" %} Passwords are passed as plaintext to downstream actions. Use this only when the workflow requires it, and ensure receiving endpoints use HTTPS. Passwords are never written to the Veza database. They are available in memory during workflow execution only and are redacted from stored job payloads before persistence. {% endhint %} {% hint style="info" %} **Early Access:** Password output requires the `LCM_INCLUDE_PASSWORD_IN_OUTPUT_ENTITIES` feature flag. Contact Veza support to enable it for your tenant. {% endhint %} --- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://docs.veza.com/4yItIzMvkpAvMVFAamTf/features/lifecycle-management/policies-workflows/actions/sync-identities.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.