Directory Sync
Directory Sync is the process of synchronizing external directory data from your identity provider into the Enterprise Console. This document discusses how directory sync works in Pomerium and its use cases.
Pomerium Enterprise
Directory Sync is a Pomerium Enterprise feature. Contact us to upgrade today.
Directory Sync integrations in the Enterprise Console are only available for certain identity providers. See IdP Options below for more information.
Directory sync in the Enterprise Console
To start a directory sync in the Enterprise Console:
- Go to the Identity Providers tab
- Select your Identity Provider
- Next to IDP Options, fill out the required fields (see IdP Options below for more information)
- In the Polling Min Delay and Polling Max Delay fields, keep the default durations
- Select SAVE SETTINGS
Once you save your settings, it may take awhile for the sync to complete. Go to Monitor directory sync for more information.
Monitor directory sync
The Enterprise Console polls the identity provider data source based on the durations defined in the Polling Min Delay and Polling Max Delay fields.
See Identity Provider Min/Max Delay for more information on how to monitor directory sync.
IdP Options
The requirements and instructions for directory sync vary depending on the identity provider. You can view the IDP Options for an identity provider in the Enterprise Console, or refer to the relevant identity provider guide for vendor-specific steps:
How to use directory sync
Directory data as policy criteria
After a successful sync, directory data sourced from your identity provider will be available in the Enterprise Console. You can use this data as context in your authorization policies to control which users and groups can access upstream applications and services:
Device enrollment
Administrators can generate custom device registration links for users within their directory:
Pomerium Enterprise
See Device Identity for more information on how to enroll and manage devices in the Enterprise Console.