Synchronizing users and groups

IBM® Business Process Manager implicitly synchronizes external users and groups between the WebSphere® Application Server user registry and the IBM BPM database in response to certain triggers. You can trigger synchronization explicitly by using administrative scripts or the Process Admin Console.

IBM BPM implicitly synchronizes external users and groups based on the following triggers:
  • When a cluster member or server starts, all available groups (without members) are synchronized, so that all external groups are available for IBM BPM modeling and execution.
  • When a user is searched in the Process Admin Console to add the user to a group or in Process Designer to add the user to a team, that user is created in the IBM BPM database.
  • When a user logs in to a IBM BPM web application, such as Process Portal, for the first time, that user is created in the IBM BPM database.
  • When an existing user logs in to an IBM BPM web application, such as Process Portal, the user information in the IBM BPM database is synchronized with the user registry information. The groups the user belongs to are also synchronized to ensure that the IBM BPM database content reflects the current state of the user registry. If a user was previously deactivated, the login reactivates the user in the IBM BPM database.
  • When a REST call is triggered because a user that was newly registered in a federated repository (using an LDAP server) is not yet known to IBM BPM, external users and groups are synchronized with IBM BPM. This synchronization occurs only once.
Parent topic: Administering users and groups