Synchronizing users and groups
IBM® Business Process Manager implicitly synchronizes external users and groups between the WebSphere Application Server user registry and the IBM BPM database in response to certain triggers. You can trigger synchronization explicitly by using administrative scripts or the Process Admin Console.
IBM Business Process Manager implicitly
synchronizes external users and groups based on the following triggers:
- Upon startup of a cluster member or server, all available groups (without members) are synchronized, so that all external groups are available for IBM BPM modeling and execution.
- When a user logs in to a IBM BPM web application, such as Process Portal, for the first time, that user is created in the IBM Business Process Manager database.
- When a new or existing user logs in to a IBM BPM web application, such as Process Portal, that user's full name and group memberships are updated. The groups the user belongs to are queried from the external user registry, and the IBM Business Process Manager database content is updated to reflect the current state.
- When a REST call is triggered because a user that was newly registered in a federated repository (using an LDAP server) is not yet known to IBM Business Process Manager, synchronization of external users and groups with IBM Business Process Manager takes place. This synchronization is done only once.
You can use the administrative scripts listed below to trigger the synchronization of user availability between the WebSphere Application Server user registry and theIBM BPM database explicitly and to trigger the synchronization of group membership between the user registry and the IBM BPM database.
Synchronization of user availability can be triggered also from an administrative graphical user interface (GUI), by using the Process Admin Console.