Learner Sync Documentation

Learner Sync Documentation

This article will describe how to manage the Infosec IQ end of learner synchronization.

Introduction

Many of our different sync methods are processed the same way once received by Infosec IQ, and so are managed and configured from the Sync Tools page. This applies to the following learner sync tools:

  • Active Directory Synchronizer Utility (On-Prem AD)
  • Azure Active Directory Synchronizer Tool
  • CSV Sync Utility (desktop version only; not the web tool)
  • All SCIM configurations

Everything related to the receiving end of the sync can be managed by (from any page in Infosec IQ) clicking Learners and selecting Sync Tools.

How the Sync Works

For each of the sync methods above, when a sync a occurs, a list of users is sent to Infosec IQ. This pool of users should ideally represent all learners that you expect to be in the app. Infosec IQ will process each of these users, and based on the user email address (which serves as the primary identifier for learners), will resolve in one of the following ways-
  1. The user is ONLY present in the sync: A new learner will be created.
  2. The user is ONLY present in the app: The learner will either be flagged for deletion or be ignored, depending on your settings (For more info on the Flagged for Deletion status, see the section titled Managing Learners Who are “Flagged for Deletion”).
  3. The user is present in BOTH the sync and the app: The learner will either have their info updated or be ignored, depending on your settings.

The Log of Changes

To view a log of past syncs, click the Log of Changes button in the top right corner of the Sync Tools menu in Infosec IQ.

Here you can see the last 10 syncs that have occurred. Note: if there are no significant changes in a sync, the tool will ignore the sync request and it will not be reflected here.

To view a list of changes that occurred in the sync, you can download a report of it by clicking on Download CSV in the Changes column in the row of the sync you’re interested in.

If a sync has failed, you’ll see an i icon at the left end of the row of failed sync. Clicking on this will tell more about why the sync has failed. Syncs that have failed due to the safety switch will be represented in this way. For more info about the safety switch, see the Learner Sync Settings section of this article.

Learner Sync Settings

This section will detail each of the available configuration options for how you'd like Infosec IQ to process synced users.

Only Add New Learners vs Update Existing Learners.

Under the Learner Info section, you’ll have the option between Only Add New Learners and Update Existing Learners.

  • Only Add New Learners: With this option selected, when a user is present in both the sync and the app, the sync will simply ignore this entry and not make any changes.
  • Update Existing Learners: With this option selected, when a user is present in both the sync and the app, the sync will update the learner with whatever information is present in the sync, including erasing existing information. Note: because the email address serves as the primary identifier of a learner, this field will not be updated.

With Update Existing Learners selected, this will reveal another option–

  • Flag Learners for Deletion: With this box checked, when a user is ONLY present in the app (and not in the sync), the learner will be Flagged for Deletion. This stages the learner to be deleted, but until deleted finally, will not have any affect on the learner within the app in any way.

Safety Switch

The safety switch is a feature to prevent major changes from happening to your learner pool accidentally. With the Enable safety switch box checked, if changes will be made to more than 10% of your learner pool in a single sync, the sync will fail. It’s best practice to leave this box checked.

Managing Learners Who are "Flagged for Deletion"

If in your sync settings, you have Update Existing Learners selected, the Flag Learners for Deletion box checked, and you run a sync, if a user is ONLY present in the app (and not in the sync) the learner will be flagged for deletion. This status is a staging status that will not have any affect on the learner until deliberate action is taken.

The only change that occurs, is that these learners will show up in the Learners to Delete menu. This is in the top right corner of the Sync Tools menu.

Here you’ll see all of the learners who have been flagged for deletion. You can page through these learners with the arrow buttons in the top right corner, or search for a particular learner by using the search icon, also in the top right corner.

By hovering over a particular learner, you have two options-

  • Learner Profile: This will take you to the learners Infosec IQ profile.
  • Delete: Delete the user permanently (note: this cannot be undone)

You also have the option to permanently delete all flagged learners by selecting the Delete All button in the top right corner. Note: as with the individual delete button, this action cannot be undone.