TrueIdentity Sync Client User Guide
TrueIdentity Sync Client v.1.4.0
This guide provides information about the TrueIdentity Sync Client and how to use the tool to import identity information into your deployment.
If you have installed a previous version of the TrueIdentity Sync Client, you must uninstall the previous version before installing version 1.4.0.
The TrueIdentity Sync Client queries Identity and Access Management (IAM) platforms, such as Active Directory, to create and update TrueIdentities in your LogRhythm deployment. The TrueIdentity Sync Client can be scheduled to run on a continuous basis, automatically creating and updating new TrueIdentities as they appear in your IAM.
If using a remote TrueIdentity Sync Client, your network, Active Directory LDAP server, and the host running the TrueIdentity Sync Client must support TLS 1.2.
Active Directory is the only IAM supported in this release. If you are using a different IAM, you can get identity data using LogRhythm's REST-based Admin API.
Syncing multiple Active Directory domains with overlapping users could cause conflicts. Conflicts occur when multiple TrueIdentities have the same Identifiers, and LogRhythm is unable to assign a TrueIdentity. The following is recommended:
- If you have 100% overlap between AD Domains, consider only syncing one domain.
- If you have partial overlap between AD Domains, leverage the Sync Client Filter to remove the overlapping accounts.
- Disable Identifiers from TrueIdentity Administration in the Web Console.
- Remove the overlapping Identifiers field from one of the Sync Jobs.
- Sync TrueIdentities into specific entities.
- Merge overlapping TrueIdentities or disable conflicting Identifiers via the LogRhythm Admin API. For more information on the LogRhythm Admin API, see the Admin API documentation.