User and group synchronization from IBM Cloud to IBM OpenPages
Users and groups that you create in IBM Cloud are synchronized to IBM OpenPages. Users are synchronized to IBM OpenPages after they accept an invitation to join your account.
A cron job synchronizes the users and groups from IBM Cloud® to IBM OpenPages. This synchronization process is a one-way operation.
When a user logs in to IBM OpenPages for the first time, the user is added to the user and group registry in IBM OpenPages. They do not need to wait for the synchronization job to run.
All the groups that are created in IBM Cloud are created in IBM OpenPages with the prefix Cloud IAM -
added to the name of the group.
Users are assigned the profiles that are associated with their group. Administrators can associate groups to one or more profiles in IBM OpenPages. If a user has no enabled profiles available, the fallback profile is used. The fallback profile allows a user who is either not associated with any profile, or whose profile is disabled or deleted, to log in to IBM OpenPages.
In IBM Cloud, if a user is assigned a role of IBM OpenPages User, View, Operator, or Editor, either directly or indirectly through a group, the user can log in to IBM OpenPages and has permission to access GRC data.
In IBM Cloud, if a user is assigned a role of Administrator, either directly or indirectly through a group, the user logs in to IBM OpenPages as an administrator. IBM OpenPages administrators are able to change locale, profiles, and roles directly from within IBM OpenPages. These settings take precedence over settings in IBM Cloud and are not overridden when a synchronization job runs.
If you create users in IBM OpenPages directly, they are set to Inactive.
Properties that are overwritten in IBM OpenPages by the user synchronization job
Because users and groups are synchronized from IBM Cloud, if you change the following properties in IBM OpenPages, your changes are overwritten when the synchronization job runs.
User properties
- User Name
- First Name
- Last Name
- Description
- All fields in Password and Security Group properties
Group properties
- Description
If you add users to a group in IBM OpenPages, and the group has a name that begins with Cloud IAM –
, the synchronization job will remove those users from the group so that the list of users in the group matches the list of users
for the group in IBM Cloud.