PingOne Advanced Identity Cloud

Define advanced sync situation rules

Situation rules control what Advanced Identity Cloud does for each record during reconciliation, based on how the source object relates to the corresponding target object.

For every advanced sync mapping, Advanced Identity Cloud:

  • Evaluates the correlation query for each source object.

  • Classifies the result into a situation (for example, Found, Ambiguous, Absent).

  • Performs the action you’ve configured for that situation (for example, Create, Update, Link, Delete, Ignore) on the target system.

All situation rules default to the Async action until you change them.

View and edit situation rules

To configure situation rules for a mapping:

  1. In the Advanced Identity Cloud admin console, open the Advanced Sync editor.

  2. In the Advanced Sync editor, open the mapping you want to configure.

  3. Click the Situation Rules tab to display the Situation and Action that define rules for various sync situations.

  4. Click the Situation rule to edit or click the ellipsis icon () adjacent to the Situation and Action, then click Edit.

  5. In the Situation Rule modal, in the When situation occurs list, select Perform Action (default) or Execute Script:

    • For Execute Script, enter your script in the commented code block:

      // Script has access to the following variables:
// source, target, sourceAction, linkQualifier, context, recon
// the recon.actionParam object contains information about the current recon operation.

      Learn more about the available variables and action scripting patterns in Script triggers defined in mappings and Synchronization actions.

  6. In the second list for When situation occurs, select an action as described in Advanced sync rule action types.

  7. For advanced settings, click Show advanced settings to display the following options:

    • Restrict situation lets you specify query filters or add a script to restrict policy actions to a subset of records where situation is applicable.

    • Execute script on action complete lets you set up a script to execute after your action is complete.

  8. Click Save.

Advanced sync situation rules

Situation Description

Ambiguous

Source object correlates to multiple target objects, without a link.

Source Missing

Valid target found, link found.

Missing

The source links to a missing target object.

Found Already Linked

Correlation from source points to a target object already linked to a different source.

Unqualified

Source object not qualified, but target objects found.

Unassigned

Valid target found, no link.

Link Only

Link found, target object not found.

Target Ignored

Doesn’t pass validTarget script.

Source Ignored

Doesn’t pass validSource script.

All Gone

Source object removed, link not found, correlation not possible.

Confirmed

Valid source and target objects linked.

Found

Correlation query from source points to one target object.

Absent

Source object has no matching target.

Advanced sync rule action types

When a reconciliation determines the situation of a record, you must specify the action to be taken.

Async is the default action state.
Action Description

Async (default)

An asynchronous process has been started, so do not perform any action or generate any report

Create

Create and link a target object

Delete

Delete and unlink the target object

Unlink

Unlink the linked target object

Exception

Flag the link situation as an exception

Update

Link and update a target object

Ignore

Don’t change the link or target object state

Report

Don’t perform any action but report what would happen if the default action were performed

No Report

Don’t perform any action or generate any report