> For the complete documentation index, see [llms.txt](https://docs.veza.com/4yItIzMvkpAvMVFAamTf/llms.txt). Markdown versions of documentation pages are available by appending `.md` to page URLs; this page is available as [Markdown](https://docs.veza.com/4yItIzMvkpAvMVFAamTf/features/lifecycle-management/transformers/attribute-sync.md).

# Attribute Synchronization

Attribute synchronization ensures that identity attributes in target systems remain up to date with the corresponding attributes in the source of truth. Veza Lifecycle Management provides configuration at two levels to control how and when attributes are synchronized.

## **Action Level**

At the action level, there are two distinct options to govern provisioning and user update processes:

* **Create new users** - When enabled, the action will create new user accounts that don't exist in the target system
* **Update active users** - When enabled, the action can update existing user accounts with attribute changes from the source of truth

## **Attribute Level**

At the attribute level, there are two explicit choices that define how and when attribute values are applied to user accounts:

* **Set for new users only** - The attribute value is set only when creating new user accounts
* **Set for new and existing users** - The attribute value is set for new accounts and updated for existing accounts when changes are detected

  <div data-gb-custom-block data-tag="hint" data-style="warning" class="hint hint-warning"><p>You may not want to enable "Set for new and existing users" for attributes like user principal name, which may change due to marital status or legal name corrections but shouldn't be automatically updated in all systems.</p></div>

Both levels must be properly configured for an attribute to be continuously synchronized. For example, to keep an employee's department updated:

1. Enable **Update active users** on the Sync Identity action
2. Select **Set for new and existing users** for the department attribute

## **Recommended Settings**

**Set for new and existing users** (continuously sync attributes that change during employment):

* First Name, Surname
* Department
* Title
* Manager
* Cost Center
* AD Distinguished Name (DN)
* AD User Principal Name (UPN)
* AD Email

**Set for new users only** (preserve stable identifiers):

* Active Directory sAMAccountName
* Email Addresses (for Email Write-Back action)

This configuration ensures that dynamic attributes remain up to date while preserving stable identifiers.


---

# Agent Instructions
This documentation is published with GitBook. GitBook is the documentation platform designed so that both humans and AI agents can read, navigate, and reason over technical content effectively. Learn more at gitbook.com.

## Querying This Documentation
If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://docs.veza.com/4yItIzMvkpAvMVFAamTf/features/lifecycle-management/transformers/attribute-sync.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.