Page History
...
There are two main approaches to user synchronization, the difference between the approaches relates to when the user synchronization takes place:.
- Linked with an existing user synchronization process
In this approach, a user is created at the same time as a user is created in the external system. This means the user is created before the user attempts to login to Yellowfin for the first time. Updates to the user in the external system would also be propagated to Yellowfin via services immediately. - On-Demand (or Lazy) synchronization
The on-demand approach will only create a user in Yellowfin as they are about to login for the first time. This can be done in conjunction with an SSO login process. A common pattern is to have the SSO code perform the following process when the user first attempts to log in: -
- Check whether the user attempting to log in to Yellowfin exists
- If the user does not exist in Yellowfin, create the user
- If the user does exist in Yellowfin, update the user if any details have changed
- Check that the user has the correct security access
- If the user access differs from the external system, then adjust the user's group membership so that it is correct.
- Perform SSO, and direct the user into Yellowfin.
One issue with on-demand synchronization is that group membership will only be updated when a user logs in. If the user is a recipient of broadcasts via group membership, then they may continue to receive broadcasts after they have been removed from the group in an external system until they login. However an administrator can remove a user from a group manually within Yellowfin.
...