Set up and run User Sync
User Sync is a service in the Admin Center. User Sync enables you to set up rules to automatically update product entitlements and roles for your SCIM-based* users in response to updates in your Active Directory.
Users synced with entitlements receive an enrollment email. The email directs them to log in, where they will change their password, and then have access to a product account. They can log in on their Windows desktop, through a browser, or on a mobile device. They can also access their accounts through extensions for applications such as Outlook, Salesforce and Google Calendar.
For small changes of one to several users, the sync can occur in a matter of minutes. If you are syncing hundreds or thousands of users, a general rule of thumb for an average system is 1000 entitlement requests per hour.
Users are never deleted. They are suspended which retains their account and product-related data such as upcoming meetings, stored recordings, etc.
The groups referenced in User Sync are replicated from groups in the Active Directory and are called Organization Groups. You cannot add, update or delete organization groups from User Sync or the Admin Center. Organization groups have no relation to the Admin Center groups. You can assign SCIM users to Admin Center groups if you choose.
IMPORTANT: The capability to work with users manually remains available in the Admin Center. This allows companies to maintain users who are not in the company Active Directory. Avoid manually modifying any users who have been updated through User Sync. The changes in the Admin Center will apply, but only until a change to that user in the Active Directory occurs. The AD information overwrites the information in the Admin Center.
In this article:
- Corporate account with at least 1 admin who has both Organization and GoTo admin roles
- Validated Organization domain
- Active Directory Connector v2 must be installed, and users and groups must be updated from the company's Active Directory
User Sync is designed to be set up based on the groups defined in the Active Directory (and updated via the Active Directory Connector) , enabled, and then left to run in the background as user updates are captured from the Active Directory.
User Sync rules allow you to select an Active Directory group and add a rule about what products users in this group will receive entitlements for, and what administrative privileges they will have. You may have multiple rules for a given group, and a user may belong to more than one group in the Active Directory. If you have multiple rules, you can manage the priority of the rules.
IMPORTANT: You must create a rule for at least 1 group that enables Full Admin privileges.
1. Click on Create your first rule to add a rule. If the rule exists, click on any value in the rule - organization group name, products, or admin privileges.
2. Select the AD group and click Apply.
3. Select the product(s) to assign for these users and click Apply.
4. If this group will receive admin privileges, select Administrator for this Account and set the users up with either Full access or as Managers with limited privileges. Click the list of privileges to open it and select specific privileges for these users. Click Apply.
5. Click Save to create the rule.
6. Click Add Rule to add another rule.
7. Set the priority for the rules by clicking the up or down arrow in the priority column.
If you have multiple rules, you can click the up or down arrow next to the priority number on the rule to raise or lower the priority. The lowest priority rule number (e.g., 1) takes precedence over subsequent rules. If, for example, you maintain separate rules for GoToTraining and GoToMeeting users, you might have rules that look like the following:
|$1||EMEA Analysts||GoToTraining||Full Admin|
User Sync does not run until you have saved one or more rules and you click the Enable option.
1. Click Enable Sync Control to start the service.
2. Click on Activity History in the left hand menu to review the sync tasks. The Administrator for sync tasks is named Sync user.
3. If the sync fails, if a product is fully licensed for instance, Activity History displays the failure and allows you to fix the problem once you have cleared the obstacle.