Hi Vermark,
A Password Sync Filter is used to reverse synchronize the password changes in AD into EIC (and then on to the configured endpoints in the property files).
The way it works is it "intercepts" the password change in AD and then relays that back in EIC creating the change password tasks for the configured endpoints.
1. Will it sync the AD password of exiting users in the target endpoints (mentioned in the SavPwFilter.json) ?
No it will not automatically sync the passwords for all the existing users. If one or more users changes password in AD, then it will sync the password to the configured endpoints.
2. We are provisioning AD and SAP as birthright. SAP is also mentioned as the target application in endpoints in SavPwFilter.json. Provisioning task for both apps(AD, SAP) will be created at the same time with some random password(mentioned in create account json). Will the AD password be synced to SAP in this scenario? If yes then approximately how much time it will take to sync?
At the time of creation it might not but when the user logs using the AD password, and AD prompts to change password on first login, it will send the password change request back to EIC for the configured endpoints.
3. We have one user which already exist in AD. For this same user we are going to raise a request for a requestable application (Oracle) this application is configured as target application for password sync in endpoints in SavPwFilter.json. There will be no change in AD account password. Will the exiting AD password be synced to oracle in the scenario or not?
No, it doesnt. The changes will only be triggered if they change passwords in AD thereby creating a task to synchronize the password for all configured endpoints.
I'm sure you've already gone through the Password Sync documentation but here's the link:
https://saviynt.freshdesk.com/a/solutions/articles/43000580937
Regards,
Avinash Chhetri
Regards,
Avinash Chhetri
