Tips for finding Knowledge Articles

  • - Enter just a few key words related to your question or problem
  • - Add Key words to refine your search as necessary
  • - Do not use punctuation
  • - Search is not case sensitive
  • - Avoid non-descriptive filler words like "how", "the", "what", etc.
  • - If you do not find what you are looking for the first time,reduce the number of key words you enter and try searching again.
  • - Minimum supported Internet Explorer version is IE9
Home  >
article

KB-5750: How to configure the Centrify Cloud Connector to monitor additional AD attributes

Centrify Identity Service, App Edition ,  

12 April,16 at 10:57 AM

Applies to: Centrify Identity Service

Question:

When a web app with a custom script needs to reference an attribute from an AD user, it uses the LoginUser object.

For example, to read a user's employeeID attribute, a script may contain the following line:

var userID = LoginUser.Get('employeeID'); 

It has been noticed that for newly added or modified users in Active Directory, the target attribute may take up to twelve hours before it is detected in the cloud.
Some attributes appear to be immediately updated when modified (such as the userPrincipalName), while other attributes take much longer. 

Why does this happen and is there a way to ensure desired attribute changes are immediately detected?


Answer:

The Centrify Cloud Connector is optimised to constantly monitor a default set of attributes for immediate syncing into the Cloud - when attributes inside this "watch list" are created or modified, the change is immediately picked up and pushed into the cloud.

Attributes outside of this default set are monitored on a more periodic basis and changes are pushed approximately every twelve hours. 

There are two methods to enable the cloud to immediately see any new or updated attribute changes:

(A) To do an immediate sync of all AD attributes for a specific user:
  1. Log into the Cloud Manager > Users
  2. Search out the newly added/modified users
  3. Right-click on their name and select "Reload"


(B) To configure the Cloud Connector to constantly monitor additional attributes outside of the default list:
  1. Log into the Cloud Connector host machine(s) and open regedit.exe
  2. Navigate to the following key:
    • HKEY_LOCAL_MACHINE\SOFTWARE\Centrify\Cloud
  3. In this folder, right-click and add a new "Multi-String Value" name:
    • userMonitorAttribute
  4. Edit the newly added string and enter the desired attribute(s) to be monitored.
    • ​If adding more than one attribute, make sure to place each attribute name on a new line in the Value Data box.
       
    • User-added image
  5. Save the changes
  6. Restart the Connector service(s)
Once the services are started back up, the additional attributes will be monitored and updated along with the default set.



Note: 
  • To see the default list of monitored attributes, view the userMonitorAttributeFromCloud key.
  • This key is dynamically configured from the Cloud side, manually modifying the userMonitorAttributeFromCloud key will have no effect as any manual changes will be periodically overwritten.

Still have questions? Click here to log a technical support case, or collaborate with your peers in Centrify's Online Community.