Working with User and Group Synchronization

After installing and configuring the User and Group Synchronization application in your environments, you can sync users from your primary instance to your duplicate instance, view user and group synchronization information, and monitor the status of jobs that the User Group Sync agent processes during a sync.

Special considerations

Special considerations include:

  • The user and group synchronization copies OpenID Connect login methods, along with groups, users, and clients.

  • Note: It does NOT transfer SAML, passwords, System Administrator Group information, authentication providers, or permissions to the duplicate instance.

  • Use the Invite users mass operation to invite users to reset their passwords. Next, manually assign security permissions for the copied groups in your duplicate instance after migration is finished.

  • This functionality is only available for customers running at least one RelativityOne instance, as well as a second instance running either RelativityOne or Relativity 9.5.224.9 and above.

Specifying which users to sync with your duplicate instance

In your primary instance, add the users that you want to sync with your duplicate instance to the Synced Users group. See Step 3 - Configure your primary instance.

    Notes:
  • To successfully synchronize users and groups from the primary instance to the duplicate instance, you must have successfully completed all steps to configure the primary and duplicate instances.
  • You can only synchronize groups between a Relativity Server instance and a RelativityOne instance if both groups have users in them. If a group does not have users in it, add a dummy user to the group.

When you add new users to the Synced Users group or modify groups linked to Synced Users in the primary instance, let the agent run, and then validate that the new users and modified groups appear in your duplicate instance.

    Notes:
  • The agent runs a sync every 5 minutes after first time users are synced. Keep in mind that it may take some time for the users to be reflected in the duplicate instance, depending on how many users and groups are being synced.
  • While the users are being synced to the duplicate instance, ensure that updates are not being made to users in the primary instance.

To view the users and groups that are synced, see Viewing User and Group Synchronization information

To exclude certain groups of users or clients (and their associated groups of users) from being synced, see Excluding groups and clients from synchronization.

User sync data flow

When users are added to the Synced Users group that you created in the primary instance, the application will sync the users' information, any groups related to the users, and any clients related to the users or groups to the duplicate instance. The way users are synced to the duplicate instance is controlled by the Group Sync Mode setting. See Step 3 - Configure your primary instance.

Special considerations

Consider the following additional information:

  • Users and groups are updated depending the user or group's Last Modified On property in the primary instance.
  • Users are pushed to the duplicate instance in batches of 100.
  • This application synchronizes Login Methods of type OpenID Connect when you configure it for that purpose, but does not sync Passwords, Authentication Providers or permissions.
  • Clients and choices are automatically created in the duplicate instance.
  • Choices that are part of the synchronization form the following fields: User - User Type, User - DefaultSelectedFileType, User - DocumentSkip, and Client - Status.

Note: If any of the synced users, groups, or clients are removed on the duplicate instance, the primary instance will recreate them when the agent syncs the instances again. When any of the synced users, groups, or clients are deleted from primary, they won't be deleted on the duplicate instance when the agent syncs with the duplicate instance.

Object fields that are synced to the duplicate instance

Object fields that are synced to the duplicate instance include:

User object Group object Client object Choice object
  • First Name
  • Last Name
  • Email Address
  • Type
  • Client
  • Relativity Access
  • Document Skip
  • Change Settings
  • Change Document Viewer
  • Keyboard Shortcuts
  • Item List Page Length
  • Default Selected File Type
  • Skip Default Preference
  • Default Saved Search Owner
  • Document Viewer
  • Name
  • Client
  • Users
  • Name
  • Number
  • Status
  • Name
  • Order

Viewing User and Group Synchronization information

You can view user and group synchronization information on the User Sync Information tab in both your primary and duplicate instances.

The User Sync Information tab displays the Instance Relationship at the top, which shows the primary-duplicate relationship. It also contains two sections below that list the users, groups, and clients being synchronized.

  • Click View Details for each user to view more detailed information for each user.
  • The Sync Status column for both users and groups describes whether or not the user or group was synchronized (only displayed for the primary instance). If problems syncing occur for a user or group in the list, the Error link will display in the Sync Status column. You can then click on the Error hyperlink to view a pop-up modal with details of the error.
  • Click the link in the # of Users column in the Groups section to view the list of users that are being synced from the selected group.
  • Use the JobID for a record to locate the status of any given synchronization job in the Users and Group Sync Job Queue. See Working with User and Group Synchronization.

Excluding groups and clients from synchronization

To exclude groups and clients from synchronization:

  1. On the User Sync Information tab, navigate to one of the following sections and expand it:
    • Groups
    • Clients
  2. Select the checkbox in the Exclude column for the groups or clients to exclude from syncing.

    3. A warning notification displays.

    • For excluded groups, selecting the checkbox will delete the group on the duplicate instance if it was previously created. Every user belonging to the excluded group and the Synced Users group will be orphaned without a group on the duplicate instance if It doesn’t belong to another group on primary that is synced.
    • For excluded clients, selecting the checkbox will move all the users and groups associated with the excluded client to the "Default UGS Client" on the duplicate instance.
  3. Click Exclude to confirm your changes.

A green confirmation message appears letting you know the changes have been made.

Note: To include the group or client that has been excluded, simply uncheck the checkbox in the Exclude column.