Enterprises typically manage a substantial number of employees, and user information changes constantly due to staff turnover. Manually adding or modifying user information each time is highly inefficient.
The synchronizing user dataset function can achieve dynamic update of user information within the platform, keeping it synchronized with changes in the database.
You (the admin) can create a server dataset and configure it to periodically synchronize user information from the dataset to keep user information up to date.
1. If you have started user synchronization, do not cancel the process or modify the data source. This will result in the irreversible loss of user-role relationships, as the data will be hard-deleted and cannot be restored.
2. For details about the precautions and error messages during user synchronization, see User Sync/Import FAQs.
The user data for synchronization, which is sourced from server datasets, can be in either a hierarchical or a flat department structure.
You can select a proper data preparation method based on the user structure.
For details, see Preparing Data for User Import/ Synchronization.
1. The update rule setting in this section appears when you click the Synchronize Users button, which is available when you first synchronize users or after you clear synchronized data.
If you have synchronized users before, the pop-up window in this section will not appear, and you can skip this section.
2. The synchronized users can coexist with manually added or imported users.
Log in to the FineDataLink system as the admin and choose System Management > User Management > All Users, and click Synchronize Users.
A prompt box displaying "Sure to retain existing non-synchronized data, including imported/added users, departments, positions, and roles?" pops up, as shown in the following figure.
The following table describes the update logic for different options.
If an existing username is not in the server dataset for synchronization, the user's information and permissions will be retained and remain unchanged.
If an existing username is in the server dataset:
The user's username and permission will remain unchanged.
The user's name, password, mobile number, and mailbox will be updated.
If the user's current department, position, and role exist in the server dataset, all the above information will be updated.
If the user's current department, position, and role are not in the server dataset, all the above information will remain unchanged.
Based on the selected update logic, some user information is updated after the initial synchronization.
The information of only users whose type is Synchronized User can be automatically updated in the later synchronization.
The built-in data will not be overwritten or updated with dataset data in the later synchronization; otherwise, errors will be reported.
Configure information of the synchronization dataset, as shown in the following figure.
You (the admin) can set Sync Frequency to Fixed Interval or Expression Setting.
If you select Fixed Interval, the fixed interval of automatic user synchronization from the server dataset is 43,200 seconds by default.
After you set the synchronization frequency for user synchronization, multiple synchronizations can be automatically performed when the set frequency is reached, continuously updating the platform with any changes from the server dataset.
If you select Expression Setting, you can schedule synchronization using Cron expressions, where schedule combinations, such as daily, every-other-day, and one-time execution, are supported.
For details about the Cron expression, see Cron Expression.
User Info Editable in Sync Status is deselected by default. If it is selected, user information is editable when user synchronization is enabled.
Users can edit their names, passwords, mobile numbers, and mailboxes. The Forgot Password function is available. For existing users, the above fields will no longer be updated during automatic/manual synchronization. The following table shows the specific function.
1. Password policy settings take effect for synchronized users.
2. If you use the Forgot Password function when you deselect User Info Editable in Sync Status, a prompt displaying "Your password cannot be changed. Contact the administrator." will pop up when you modify the password.
1. During resynchronization, the Name, Password, Mobile, and Mailbox fields of existing users on the platform will no longer be updated.
2. The super admin can edit the names, mobile numbers, mailboxes, and passwords of existing users on the platform, but cannot edit the synchronized roles.
3. The super admin can edit the name, password, mobile number, and mailbox in Account Setting.
4. The super admin can use the Forgot Password function on the login page.
1. The subordinate admin can modify the names, mobile numbers, mailboxes, and passwords of users within the permission scope, but cannot edit the roles of these users.
2. The super admin can use the Forgot Password function on the login page.
3. The subordinate admin can edit the name, password, mobile number, and mailbox in Account Setting.
1. Synchronized users can edit the name, password, mobile number, and mailbox in Account Setting.
2. The ordinary user can use the Forgot Password function on the login page.
Select the corresponding source of the user information.
1. Synchronization from the Server Dataset
The source of synchronized users can be the current server dataset being synchronized. Simultaneous synchronization from multiple server datasets is not supported. When you switch the server dataset, the previously synchronized information will be cleared.
After successful synchronization, the department, position, and role of synchronized users cannot be modified on the platform. You can modify them in the server dataset for resynchronization.
2. Synchronization from the LDAP Server
If you select LDAP Authentication as Authentication Method for Synchronized User, you can directly select Synchronize from LDAP Server during user synchronization after you have installed the Synchronizing Users from the LDAP Domain plugin.
For details, see LDAP Domain User Synchronization.
3. Synchronization from WeCom
After configuring Member Management under System Management > WeChat Management, you can select Sync from WeCom as User Source. Select the WeChat App to be synchronized, and click OK.
4. Synchronization from DingTalk
After configuring Member Management under System Management > DingTalk Management, you can select Sync from DingTalk as User Source. Select the DingTalk App to be synchronized, and click OK.
To prevent the occurrence of duplicated job titles across departments or duplicated usernames, FineDataLink provides the User Duplicate Verification Field function.
Two verification methods are available, namely User ID and Username.
1. Storage Location of User Information
2. Description
User ID
Department ID
Job ID
Role ID
If the username corresponding to a certain ID in the dataset is modified, the username on the platform will also be modified, and the permission will be inherited. The same applies to the department, position, and role.
In a non-tree dataset, if the ID field is selected for duplicate validation, the position's ID and name must maintain a strict one-to-one and unique relationship. Neither of the following scenarios is permitted: a single ID mapping to multiple names, or a single name mapping to multiple IDs. The same logic applies to the user ID, department ID, and role ID.
In a tree dataset, the names and IDs of users, positions, and roles must maintain a strict one-to-one and unique relationship
Username
Department Name
Position Name
Role Name
If you select Position Name as the duplicate verification field, the positions with the same name but different IDs in the data source will be treated as one position. For example, if two different positions coexist with the name Finance in the same department, the positions will be displayed as a single position and the users of them will be merged together.
If the two Finance positions belong to different departments, the positions will still be treated as a single position. However, due to different department-position relationships, the users of them will not be merged. The same logic applies to the username, department name, and role name.
Values of Username, Name, Password, Dept., Position, Role, Mobile, and Mailbox are the field names in the corresponding server dataset.
1. The email address can contain number signs (#) and ampersands (&).
2. You can configure departments, but cannot configure positions.
You can select Built-in SHA Encryption or Custom Password Encryption from the drop-down list of Encryption Method.
1. Built-in SHA Encryption
Application scenario: This encryption method is suitable when the password in the synchronization server dataset is in plaintext.
Encryption description: The system applies the SHA256 encryption to ensure password security. After you customize a password through an API, the password will be automatically encrypted using SHA256.
Login password: The login password is the password in the above downloaded user Information table, and not the encrypted password in the FINE_USER table.
2. Custom Password Encryption
Application scenarios: Custom Password Encryption must be used when the password in the synchronization server dataset is a custom encrypted ciphertext.
Encryption description: You need to customize a password encryption class.
The encryption method (described in a class) should be saved in the path FineDataLink installation directory \webapps\webroot\WEB-INF\classes.
FineDataLink will perform a second SHA256 encryption based on the user's custom encryption algorithm to ensure password security.
Login password: The login password refers to the plaintext obtained after the ciphertext in the server dataset is decrypted.
1. For details about custom encryption examples, see Password Encryption Settings for Synchronized Users.
2. Custom encryption algorithms need to inherit the AbstractPasswordValidator class.
3. If you select User Info Editable in Sync Status, set an encryption method, and click OK, the ciphertext in FineDB cannot be updated, and users will be unable to log in when you change the encryption method.
4. After modifying the encryption method for user synchronization, you do not need to restart the project since the changes will take effect immediately.
The Disable User setting facilitates administrators in managing user status through user data synchronization. This field is optional.
If you need to use this setting, add a field in the data source in the section "User Data Preparation" with the value of 0 or 1.
0: disables the user
1: enables the user
1. If this setting is unconfigured, you can click Enable User or Disable User on the platform.
2. If this setting is configured, the user enabling status is entirely dependent on the data source. Manual configuration on the platform is not supported.
After synchronization, four drop-down options will be added to the Manage User Sync button.
Click Sync Now to immediately synchronize the user dataset.
Click Edit to enter the Synchronize User dialog box. You can modify the configuration of the synchronization user dataset.
If User Info Editable in Sync Status in User Editability is not ticked, you (the admin) can disable users, add/delete/modify non-synchronized department, position, and role information in the Edit User setting box, but cannot delete users.
If User Info Editable in Sync Status in User Editability is ticked, you (the admin) can edit and disable users, but cannot delete users.
You can click the Clear Sync Data button to cancel user synchronization.
Clearing synchronization data will delete all synchronized users, departments, positions, roles, and related permission settings, and discontinue synchronization. The user synchronization will be restored to the disabled status.
User synchronization is highly dependent on the data source. If the data source is faulty (for example, malicious clearance of database tables), the users synchronized to the system will be cleared, which cannot be restored.
Therefore, FineDataLink provides a synchronization circuit breaker strategy by introducing the Discontinue Sync Upon Data Exception function.
After you (the admin) enable Discontinue Sync Upon Data Exception, you can set the percentage (X%) of reduced users. If this threshold is reached, synchronization will be stopped. X is a positive integer ranging from 1 to 100.
For example, if there are originally 100 synchronized users in the system (excluding manually added/imported users), and you set the percentage to 30%, synchronization will be stopped if 30 or more users are reduced during synchronization.
If the synchronization fails, a prompt will be displayed, as shown in the following figure.
Failure Reason: 21300031 - Synced users will be reduced by XX% (X), reaching the set value XX% for triggering synchronization interruption. Check whether the data from the data source is normal, or temporarily disable Discontinue Sync Upon Data Exception.
The system will remind admins of the next automatic synchronization time based on Sync Frequency set in the "Synchronization Frequency" section.
During user synchronization, errors may occur due to conflicts, resulting in partial or complete failure to synchronize user, department, position, and role data, which can lead to outdated permissions.
To solve the above issues, FineDataLink provides a synchronization failure reminder function for prompt notification to the corresponding admins.
Log in to the FineDataLink system as the admin and choose System Management > User Management > Global Setting, configure the recipient of the synchronization failure reminder, and click Save, as shown in the following figure.
1. To remind users by SMS, click Enable SMS Function to enable the SMS service first. For details, see SMS.
2. To remind users by email, click Email Notification and configure email settings first. For details, see Mailbox.
After the first manual or automatic synchronization failure, the system will send an SMS, email, or platform reminder to the admin. A subsequent reminder will be triggered only after a successful synchronization, followed by another failure.
If multiple consecutive synchronization failures occur, the reminder message will only be sent for the first failure.
The reminder monitoring status will be reset only when the synchronization is successfully performed, the system is restarted, or user synchronization is disabled.
After that, if a synchronization failure occurs, reminders will be sent again.
1. SMS Reminder
2. Platform Message
3. Email Notification
滑鼠選中內容,快速回饋問題
滑鼠選中存在疑惑的內容,即可快速回饋問題,我們將會跟進處理。
不再提示
10s後關閉
Submitted successfully
Network busy