# Directory Sync Directory Sync keeps your AccessIQ users and groups in sync with your external directory -- such as Azure Entra ID, Okta, or Google Workspace -- without manual intervention. ## How It Works Directory Sync connects to your identity provider's directory and periodically pulls user and group data into AccessIQ. Unlike SCIM (which relies on push notifications from the IdP), Directory Sync actively fetches changes on a schedule. | Feature | Directory Sync | SCIM | | ------------------------- | ----------------------- | ---------------- | | Direction | Pull (AccessIQ fetches) | Push (IdP sends) | | Real-time updates | No (scheduled) | Yes | | Requires IdP SCIM support | No | Yes | | Setup complexity | Lower | Moderate | ## Setting Up Directory Sync ### Step 1: Connect Your Directory 1. Go to **Identity > Directory Sync**. 2. Click **Add Directory**. 3. Select your directory provider. 4. Authenticate with your directory admin credentials. ### Step 2: Configure Sync Settings | Setting | Description | | --------------------- | --------------------------------------------------------------------------------------------------------------------------------------------------------------------- | | Sync frequency | How often AccessIQ fetches updates (e.g., every 15 minutes, hourly, daily) | | User filter | Limit sync to specific groups or organizational units | | Attribute mapping | Map directory fields to AccessIQ user attributes | | Default role | The role automatically assigned to newly synced users (defaults to "Member"). This ensures all directory-synced users have a baseline role without manual assignment. | | Deactivation behavior | Choose whether removed users are deactivated or ignored | ### Step 3: Map Groups Map your directory groups to AccessIQ organizations and roles: 1. Under **Group Mapping**, click **Add Mapping**. 2. Select a source group from your directory. 3. Choose the target AccessIQ organization and role. 4. Repeat for additional groups. ### Step 4: Run Initial Sync 1. Click **Sync Now** to perform the first sync. 2. Review the sync results to confirm users and groups were imported correctly. 3. Once satisfied, enable the automatic sync schedule. ## Monitoring Sync Status The Directory Sync dashboard shows: * **Last sync time** -- when the most recent sync completed * **Users synced** -- number of users created, updated, or deactivated * **Groups synced** -- number of groups processed * **Errors** -- any issues encountered during sync ## Best Practices * Start with a narrow user filter and expand once you confirm sync works as expected. * Review the sync log after the initial import to catch any mapping issues. * Use group-based mapping to automatically assign users to the correct organizations and roles. --- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://accessiq.gitbook.io/accessiq-docs/identity-and-single-sign-on/directory-sync.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.