Last date modified: 2026-Jul-08
Working with User and Group Synchronization
After setting up the User and Group Synchronization application in your environments, you can:
- Synchronize users from your primary instance to a duplicate instance
- Access detailed user and group synchronization information
- Monitor job statuses processed by the User Group Sync agent during synchronization
Special considerations
Special considerations include:
-
The user and group synchronization copies OpenID Connect login methods, along with groups, users, and clients. It does NOT transfer SAML, passwords, System Administrator Group information, authentication providers, or permissions to the duplicate instance.
- Use the Invite Users mass operation to send password reset invitations. After the migration is complete, manually assign security permissions to the copied groups in your duplicate instance.
- This functionality is only available for customers running at least one RelativityOne instance, as well as a second instance running either RelativityOne or Relativity 9.5.224.9 and above.
-
Changing the duplicate instance — update the duplicate instance URL in the User Group Sync application settings. Also review related instance settings that reference the previous duplicate instance. If the optional single sign-on configuration (OpenIDLoginMethodsMatch) is enabled, confirm its target. It must reference the correct duplicate instance. If it still references a previous duplicate instance, correct it before running synchronization. Remove the old connection or update the instance setting.
Specifying which users to sync with your duplicate instance
In your primary instance, add the users that you want to sync with your duplicate instance to the Synced Users group. See Step 3 - Configure your primary instance.
- Before you can synchronize users and groups from the primary instance to the duplicate instance, ensure that all configuration steps for both instances have been completed successfully.
- You can only synchronize groups between a Relativity Server instance and a RelativityOne instance if both groups have users in them. If a group does not have users in it, add a dummy user to the group.
After adding new users to the Synced Users group or updating groups linked to Synced Users in the primary instance, allow the agent to run and then confirm that the changes appear in your duplicate instance.
- The agent runs a sync every 5 minutes after first time users are synced. Keep in mind that it may take some time for the users to be reflected in the duplicate instance, depending on how many users and groups are being synced.
- While the users are being synced to the duplicate instance, ensure that updates are not being made to users in the primary instance.
To view the users and groups that are synced, see Viewing User and Group Synchronization information
To exclude certain groups of users or clients (and their associated groups of users) from being synced, see Excluding groups and clients from synchronization.
User sync data flow
When users are added to the Synced Users group in the primary instance, the application synchronizes their information, any related groups, and any associated clients to the duplicate instance. The Group Sync Mode setting determines how users are synced to the duplicate instance. See Step 3 - Configure your primary instance.
Special considerations
Consider the following additional information:
- Users and groups are updated depending the user or group's Last Modified On property in the primary instance.
- Users are pushed to the duplicate instance in batches of 100.
- This application synchronizes Login Methods of type OpenID Connect when you configure it for that purpose, but does not sync Passwords, Authentication Providers or permissions.
- Clients and choices are automatically created in the duplicate instance.
- Choices that are part of the synchronization form the following fields: User - User Type, User - DefaultSelectedFileType, User - DocumentSkip, and Client - Status.
The User and Group Synchronization application only adds data; it does not remove it. If users, groups, or clients are removed from the primary instance, they will remain in the duplicate instance. If they are removed from the duplicate instance, they will be recreated during the next sync. Similarly, deleting them from the primary instance does not delete them from the duplicate instance when the agent runs.
Object fields that are synced to the duplicate instance
Object fields that are synced to the duplicate instance include:
| User object | Group object | Client object | Choice object |
|---|---|---|---|
|
|
|
|
Viewing User and Group Synchronization information
You can view user and group synchronization information on the User Sync Information tab in both your primary and duplicate instances.
The User Sync Information tab displays the Instance Relationship at the top, indicating the primary and duplicate instances. Below this, two sections list the users, groups, and clients that are being synchronized.
- Click View Details for each user to view more detailed information.
- In the primary instance, the Sync Status column for users and groups indicates whether each item was successfully synchronized. If a syncing issue occurs, an Error link will appear in the Sync Status column. Click this link to open a pop-up modal with detailed error information.
- Click the link in the # of Users column in the Groups section to view the list of users that are being synced from the selected group.
- Use the JobID for a record to locate the status of any given synchronization job in the Users and Group Sync Job Queue. See Working with User and Group Synchronization.
Excluding groups and clients from synchronization
To exclude groups and clients from synchronization:
- On the User Sync Information tab, navigate to one of the following sections and expand it:
- Groups
- Clients
- Select the checkbox in the Exclude column for the groups or clients to exclude from syncing.

A warning notification displays.- For excluded groups, selecting the checkbox will delete the group on the duplicate instance if it was previously created. Any users who belong to both the excluded group and the Synced Users group will be left without a group on the duplicate instance unless they belong to another synced group on the primary instance.
- For excluded clients, selecting the checkbox will move all the users and groups associated with the excluded client to the "Default UGS Client" on the duplicate instance.
- Click Exclude to confirm your changes.
A green confirmation message appears letting you know the changes have been made.To include the group or client that has been excluded, simply uncheck the checkbox in the Exclude column.
On this page