About global keys - Card Synchronization 3.2

Card Synchronization Plugin Guide 3.2

Product
Card Synchronization
Content type
Guides > Plugin and extension guides
Version
3.2
Language
English
Last updated
2023-04-17

Global keys are values exported from data sources, and are used to represent entities. Each global key represents one entity, but an entity can be represented by multiple global keys. Using global keys, the Card Synchronization plugin can merge entities and resolve relationships between entities.

Global key fields

For each entity type in each data source you add to Security Center, you can set fields to be used as global key fields. The plugin looks for global keys in these fields.

You can choose from the global key fields already listed in the configuration window, such as unique ID, email, full name, and so on. You can also add other global key fields by creating custom fields in Security Center.
NOTE: All custom fields are listed as global key fields in the configuration window.

Global keys used for merging entities

A merge can occur between two or more entities of the same type, within one data source, or across multiple data sources. All entities that have the same global key are considered the same entity, no matter which global key fields the matching global keys are found in. The entities are merged during synchronization.

If no global keys are selected for any data source, no merge can occur.

NOTE: Changing the global keys of a data source after entities are imported can cause the entities to behave unexpectedly when merged. For a proper merge, make sure the global keys are set correctly before importing entities from a data source. For this reason, we suggest turning off automatic synchronization to avoid accidentally synchronizing the wrong global key configuration. To disable synchronization: on the Properties page of the plugin role, turn off Automatic synchronization.

Global keys used for resolving relationships

You can resolve relationships between different entity types, within the same data source, or across multiple data sources, using the Resolve data source relationships using global keys option.

For a relationship to be resolved, it must already be defined in the data source, such as in the credential or the cardholder group membership files or tables.

When this option is selected, the plugin looks in the data source for which the option is enabled to find values. These values must not be linked to unique IDs within the data source, and must match global keys defined in any data source.

If no global keys are selected for any data source, no relationships can be resolved using the Resolve data source relationships using global keys option.

In the following example, Data source A contains information defining relationships between cardholder groups and cardholders. Two of the relationships are unresolved.

Global keys for Data source A are configured to resolve the unresolved relationships.

Global key configuration for Data source A

  • Resolve data source relationships using global keys is selected.
  • Custom field is selected as a global key field for cardholders.

Cardholder data in Data source A

Unique ID Custom field
ACH1 111
ACH2 222
ACH3 333

Cardholder group membership data in Data source A

Group ID Member ID
AG1 111
AG2 ACH2
AG3 222
AG3 ACH3
NOTE: The relationships between group AG1 and 111 and between group AG3 and 222 are unresolved because the values 111 and 222 are not defined in Data source A as a cardholder unique IDs.

Result

  • The relationship between group AG1 and 111 is resolved.
    • Resolve data source relationships using global keys is selected for Data source A, so the plugin looks through all defined cardholder global keys to find a global key matching the value that breaks the relationship.
    • 111 is a global key representing ACH1 in Data source A. The global key resolves the relationship between group AG1 and group member 111.
    • ACH1 is now a member of group AG1.
  • The relationship between group AG3 and 222 is resolved the same way that the relationship between group AG1 and 111 is resolved.
Group ID Member ID
AG1 ACH1
AG2 ACH2
AG3 ACH2, ACH3
If Resolve data source relationships using global keys was not selected, you would get the following result.
Group ID Member ID
AG1 No cardholder
AG2 ACH2
AG3 ACH3