> For the complete documentation index, see [llms.txt](https://docs.veza.com/4yItIzMvkpAvMVFAamTf/llms.txt). Markdown versions of documentation pages are available by appending `.md` to page URLs; this page is available as [Markdown](https://docs.veza.com/4yItIzMvkpAvMVFAamTf/features/lifecycle-management/policies-workflows/actions/sync-identities.md).

# Sync Identities

Synchronizes identity attributes between systems, with options to:

* Create new identities if they don't exist
* Update attributes of existing identities
* Enable continuous sync to keep attributes aligned with the source of truth

**Example Use Cases:**

* Create new user accounts in target systems when employees join
* Update user attributes when information changes in HR systems
* Ensure consistent user information across multiple platforms

| Setting                  | Description                                                                                                                                                          |
| ------------------------ | -------------------------------------------------------------------------------------------------------------------------------------------------------------------- |
| Entity Type              | The data source and type of identity to sync (e.g., Okta User, Azure AD User)                                                                                        |
| Create Allowed           | Whether new identities can be created if not found                                                                                                                   |
| Attribute Sync           | Keep attributes in sync even after initial creation                                                                                                                  |
| Common Synced Attributes | Shared transformation rules across multiple sync actions                                                                                                             |
| Action Synced Attributes | Create, format, and modify the specified target attributes. See [Transformers](/4yItIzMvkpAvMVFAamTf/features/lifecycle-management/transformers.md) for more details |
| Unique Identifier        | The attribute Veza uses to locate an existing user when syncing. Defaults to the integration's primary identifier (for SCIM integrations, `userName`)                |

**Password output (Early Access)**

When password output is enabled, the password generated during identity creation is available to subsequent workflow actions via transformer expressions. Use `{EntityType.password}` syntax to reference it, such as `{OktaUser.password}` in a Send REST Request payload.

This is useful in joiner workflows where Veza provisions a new account and needs to pass the generated password to a downstream system such as an HR portal or ticketing API.

{% hint style="warning" %}
Passwords are passed as plaintext to downstream actions. Use this only when the workflow requires it, and ensure receiving endpoints use HTTPS. Passwords are never written to the Veza database. They are available in memory during workflow execution only and are redacted from stored job payloads before persistence.
{% endhint %}

{% hint style="info" %}
**Early Access:** Password output requires the `LCM_INCLUDE_PASSWORD_IN_OUTPUT_ENTITIES` feature flag. Contact Veza support to enable it for your tenant.
{% endhint %}


---

# Agent Instructions
This documentation is published with GitBook. GitBook is the documentation platform designed so that both humans and AI agents can read, navigate, and reason over technical content effectively. Learn more at gitbook.com.

## Querying This Documentation
If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter, and the optional `goal` query parameter:

```
GET https://docs.veza.com/4yItIzMvkpAvMVFAamTf/features/lifecycle-management/policies-workflows/actions/sync-identities.md?ask=<question>&goal=<endgoal>
```

`ask` is the immediate question: it should be specific, self-contained, and written in natural language.
`goal` is optional and describes the broader end goal you are ultimately trying to accomplish on behalf of the user. GitBook uses it to tailor the answer towards what is most useful for that goal.

The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.
