User Sync Tool v2.11.0

New Features

This release introduces support for the Users In Multiple Groups (UMG) feature for Sign Sync. This feature allows Sign Sync to target Sign accounts with UMG enabled to fully utilize the User Sync Tool.

UMG sync can be enabled in the user_sync config setting:

user_sync:
  sign_only_limit: 100
  sign_only_user_action: reset
  # default is False
  umg: True

With UMG enabled, the sign_group setting in a group mapping can be a list of Sign groups to target:

- directory_group: Sign Users
  sign_group:
    - Group 1
    - Group 2

Group admin status is assigned differently. If group_admin is set to True, then groups for the user to admin must be specified in their own list.

- directory_group: Sign Users
  sign_group:
    - Group 1
    - Group 2
  # groups specified in "group_admin" list must be present in
  # sign_group list
  group_admin: True
  admin_groups:
    - Group 1

(note: group_admin is actually deprecated and can be omitted. admin_groups is sufficient for managing group admin status)

Account admin status is also handled differently in this release. The account_admin field inside a group mapping rule is still permitted for now, but is deprecated. Instead, directory groups that grant account admin status should be set using account_admin_groups.

account_admin_groups:
  - Sign Admins 1
  - Sign Admins 2

Finally, since a user's primary group impacts several key aspects of user experience, if UMG is enabled, then rules must be specified to designate primary groups for all users. primary_group_rules is a new config construct that specifies rules to designate a primary group given different sets of Sign groups.

NOTE: Primary group rules are evaluated after group management rules are resolved. sign_groups may contain groups that aren't specified in group mappings.

primary_group_rules:
  # sign_groups list can specify groups that aren't necessarily assigned
  # the user in the sync tool
  - sign_groups:
      - Sign Group 1
      - Sign Group 2
    # assign the primary group only if the user is a member of all groups
    # specified in sign_groups
    primary_group: Sign Group 2

Notes

• Sign Sync: Cache funtionality is disabled for the time being

User Sync Tool v2.11.0rc1

New Features

This is the first release candidate for the Users In Multiple Groups (UMG) feature. This feature allows Sign Sync to target Sign accounts with UMG enabled to fully utilize the User Sync Tool.

UMG sync can be enabled in the user_sync config setting:

user_sync:
  sign_only_limit: 100
  sign_only_user_action: reset
  # default is False
  umg: True

With UMG enabled, the sign_group setting in a group mapping can be a list of Sign groups to target:

- directory_group: Sign Users
  sign_group:
    - Group 1
    - Group 2

Group admin status is assigned differently. If group_admin is set to True, then groups for the user to admin must be specified in their own list.

- directory_group: Sign Users
  sign_group:
    - Group 1
    - Group 2
  # groups specified in "group_admin" list must be present in
  # sign_group list
  group_admin: True
  admin_groups:
    - Group 1

(note: group_admin is actually deprecated and can be omitted. admin_groups is sufficient for managing group admin status)

Finally, since a user's primary group impacts several key aspects of user experience, if UMG is enabled, then rules must be specified to designate primary groups for all users. primary_group_rules is a new config construct that specifies rules to designate a primary group given different sets of Sign groups.

NOTE: Primary group rules are evaluated after group management rules are resolved. sign_groups may contain groups that aren't specified in group mappings.

primary_group_rules:
  # sign_groups list can specify groups that aren't necessarily assigned
  # the user in the sync tool
  - sign_groups:
      - Sign Group 1
      - Sign Group 2
    # assign the primary group only if the user is a member of all groups
    # specified in sign_groups
    primary_group: Sign Group 2

Notes

• Sign Sync: Cache funtionality is disabled for the time being

User Sync Tool v2.10.0

Fixes

• #825 send start_sync() signal when querying groups for auto-create purposes
• #834 make TimeoutException a child of AssertionException so we don't show a stack trace
• #837 fix typo in sign engine log message
• #840 push strategy fails with unhandled exception
• e61ec81 Fix issue with all users setting

New Features

• 5e9e01b Ability to exclude Sign users in Sign Sync
• d761c5e Introduce option to limit scope of Adobe-only users to just those that have groups to remove in the current sync. See the manual for more information

User Sync Tool v2.10.0rc4

Fixes

• #825 send start_sync() signal when querying groups for auto-create purposes
• #834 make TimeoutException a child of AssertionException so we don't show a stack trace
• #837 fix typo in sign engine log message
• #840 push strategy fails with unhandled exception
• e61ec81 Fix issue with all users setting

New Features

• 5e9e01b Ability to exclude Sign users in Sign Sync
• d761c5e Introduce option to limit scope of Adobe-only users to just those that have groups to remove in the current sync. See the manual for more information

User Sync Tool v2.10.0rc3

Fixes

• #825 send start_sync() signal when querying groups for auto-create purposes
• #834 make TimeoutException a child of AssertionException so we don't show a stack trace
• #837 fix typo in sign engine log message
• #840 push strategy fails with unhandled exception
• e61ec81 Fix issue with all users setting

New Features

• d761c5e Introduce option to limit scope of Adobe-only users to just those that have groups to remove in the current sync. See the manual for more information

User Sync Tool v2.10.0rc2

Fixes

• e61ec81 Fix issue with all users setting

New Features

• d761c5e Introduce option to limit scope of Adobe-only users to just those that have groups to remove in the current sync. See the manual for more information

User Sync Tool v2.10.0rc1

Fixes

• e61ec81 Fix issue with all users setting

User Sync Tool v2.9.1

Fixes

• 8fbeb83 Fix build config for Jammy

User Sync Tool v2.9.0

Features

• 8c4ea5c Implement username update (disabled by default - see #819)
• #819 Add update_attributes config to govern which user attributes can be updated
  • username disabled by default, all others enabled
  • Generates warning message when a disabled attribute is different (assuming --update-user-info is enabled)
• OAuth Server-to-Server Support
  • New config option in UMAPI connector config and Admin Console connector:
    authentication_method
  • Set to oauth to enable Server-to-Server support
  • Server-to-Server auth only requires Client ID and Client Secret
  • JWT authentication is deprecated and will be removed in a future version
  • More information
    • https://github.com/adobe-apiplatform/user-sync.py/blob/user-guide-wip/en/user-manual/connect_adobe.md
    • https://github.com/adobe-apiplatform/user-sync.py/blob/user-guide-wip/en/user-manual/sync_from_console.md

Fixes

• #811 Fix user email update failures

Build Changes

• Github Actions no longer maintains a build for Ubuntu Bionic (18.04),
  so automated bionic builds are no longer available. Automated builds
  for 22.04 Jammy have been added with the jammy label.

User Sync Tool v2.9.0rc3

Features

• 8c4ea5c Implement username update (disabled by default - see #819)
• #819 Add update_attributes config to govern which user attributes can be updated
  • username disabled by default, all others enabled
  • Generates warning message when a disabled attribute is different (assuming --update-user-info is enabled)
• OAuth Server-to-Server Support
  • New config option in UMAPI connector config and Admin Console connector:
    authentication_method
  • Set to oauth to enable Server-to-Server support
  • Server-to-Server auth only requires Client ID and Client Secret
  • JWT authentication is deprecated and will be removed in a future version
  • More information
    • https://github.com/adobe-apiplatform/user-sync.py/blob/user-guide-wip/en/user-manual/connect_adobe.md
    • https://github.com/adobe-apiplatform/user-sync.py/blob/user-guide-wip/en/user-manual/sync_from_console.md

Fixes

• #811 Fix user email update failures

Build Changes

• Github Actions no longer maintains a build for Ubuntu Bionic (18.04),
  so automated bionic builds are no longer available. Automated builds
  for 22.04 Jammy have been added with the jammy label.

Advisory

This is a pre-release and may not be stable for production use. The username
update feature is under development and will currently update the username of
any user that can be identified as being in need of a username update. This
may have unexpected side effects.