Synchronize data in two directions and use the two-way data synchronization feature - Identity as a Service

This topic describes how to use Identity as a Service (IDaaS) to synchronize data and integrate upstream and downstream data.

IDaaS can be used as a downstream system or an upstream system. You can synchronize upstream accounts such as DingTalk and Active Directory (AD) accounts to IDaaS. You can also synchronize accounts from IDaaS to applications such as Alibaba Cloud-related and self-developed applications.

IDaaS allows you to synchronize data in two directions:

Inbound: Data is synchronized from stakeholders to IDaaS.
Outbound: Data is synchronized from IDaaS to stakeholders.

The two-way data synchronization feature of IDaaS allows you to distribute changed data in AD or DingTalk to all stakeholders by using IDaaS.

Inbound synchronization

The following table describes the inbound synchronization methods that are supported by IDaaS.

Inbound synchronization method	Source	Description
Synchronization from identity providers (IdPs)	IdPs	IDaaS supports data synchronization from DingTalk, WeCom, Lark, AD, and OpenLDAP. If you want to synchronize data from non-standard IdPs, such as self-developed Identity and Access Management (IAM) and HR systems, to IDaaS, contact the IDaaS team to learn how to synchronize data by using the connector service.
Synchronization by using lazy loading	Multiple types	If lazy loading or Just-in-Time (JIT) Provisioning is used, each account is synchronized to IDaaS the first time the account is used to log on to IDaaS. IDaaS supports data synchronization from OIDC IdPs. Standard IdPs are supported, such as Okta and Azure AD.
File-based import	Unlimited	Accounts can be imported to IDaaS by using a CSV file. For more information, see Use a file to import or export data.
Synchronization by using Developer API operations	Applications	IDaaS provides Developer API operations to facilitate the integration with custom applications. For more information, see List of operations by function.
Synchronization by using API operations	Multiple types	IDaaS provides OpenAPI operations that can be used by developers to import multiple accounts at a time. For more information, see List of operations by function.
Synchronization based on the System for Cross-domain Identity Management (SCIM) protocol (not supported)	Applications	Some international applications support the SCIM protocol.

Outbound synchronization

The following table describes the outbound synchronization methods that are supported by IDaaS.

Outbound synchronization method	Destination	Description
Synchronization to IdPs	IdPs	IDaaS supports data synchronization to DingTalk, including Standard DingTalk and Dedicated DingTalk. IDaaS does not support data synchronization to other IdPs such as AD, OpenLDAP, WeCom, and Lark.
File-based export	Unlimited	Accounts can be exported to a CSV file. For more information, see Use a file to import or export data.
Data push to applications by IDaaS	Applications	IDaaS can push data to applications in a fixed format. IDaaS can push data to applications by using event callbacks. For more information, see Provision Accounts - IDaaS Event Callback. IDaaS can push data to applications over the SCIM protocol. For more information, see Account Provisioning using SCIM. Some applications in the marketplace provide fixed API operations for synchronization. The API operations can be pre-integrated with IDaaS for quick configuration and easy use.
Data fetch from IDaaS	Applications	Applications can call developer API operations to obtain information of multiple accounts and organizations at a time for synchronization. For more information, see List of operations by function.