Synchronizing users and groups
IBM® Business Automation Workflow implicitly synchronizes external users and groups between the WebSphere® Application Server user registry and the Business Automation Workflow database in response to certain triggers. You can trigger synchronization explicitly by using administrative scripts or the Process Admin Console.
Business Automation Workflow implicitly synchronizes external
users and groups based on the following triggers:
- When a cluster member or server starts, all available groups (without members) are synchronized, so that all external groups are available for Business Automation Workflow modeling and execution.
- When a user is searched in the Process Admin Console to add the user to a group or in Process Designer to add the user to a team, that user is created in the Business Automation Workflow database.
- When a user logs in to a Business Automation Workflow web application, such as Process Portal, for the first time, that user is created in the Business Automation Workflow database.
- When an existing user logs in to an Business Automation Workflow web application, such as Process Portal, the user information in the Business Automation Workflow database is synchronized with the user registry information. The groups the user belongs to are also synchronized to ensure that the Business Automation Workflow database content reflects the current state of the user registry. If a user was previously deactivated, the login reactivates the user in the Business Automation Workflow database.
- When a REST call is triggered because a user that was newly registered in a federated repository (using an LDAP server) is not yet known to Business Automation Workflow, external users and groups are synchronized with Business Automation Workflow. This synchronization occurs only once.