Sync Rules¶

A Sync Rule defines how objects flow between a connected system and the JIM metaverse. Each sync rule maps a connected system object type to a metaverse object type, specifies a direction (import or export), and contains attribute mappings that control how data flows between the two.

Sync rules are the core configuration mechanism for identity synchronisation. They determine which objects are joined, projected, or provisioned, and how attributes are transformed during the process.

Key Concepts¶

Direction:

Import sync rules flow data from the connected system into the metaverse. They can optionally project new metaverse objects when no match is found.
Export sync rules flow data from the metaverse out to the connected system. They can optionally provision new objects in the connected system, and support scoping criteria to control which metaverse objects are exported.

Attribute Mappings: Define how individual attributes are transformed between systems. Mappings can be direct (one attribute to another), multi-source (combining multiple attributes), or expression-based (using DynamicExpresso syntax).

Scoping Criteria: Control which objects are in scope for a sync rule. For export rules, criteria evaluate metaverse object attributes; for import rules, criteria evaluate connected system object attributes. Criteria are organised into groups with AND/OR logic and support nested groups for complex conditions.

Object Matching Rules: Determine how connector space objects are matched to existing metaverse objects during synchronisation. Rules can be configured at the connected system level (simple mode) or per sync rule (advanced mode).

Common Workflows¶

Setting up an import sync rule:

Create a sync rule with direction Import
Add attribute mappings to flow data from CS attributes to MV attributes
Configure object matching rules to join imported objects to existing metaverse objects

Setting up an export sync rule with scoping:

Create a sync rule with direction Export and provisionToConnectedSystem enabled
Add attribute mappings to flow data from MV attributes to CS attributes
Add scoping criteria to control which metaverse objects are exported
Configure object matching rules for the export direction

The Sync Rule Object¶

{
  "id": 1,
  "name": "Import Users from LDAP",
  "created": "2026-01-15T09:30:00Z",
  "connectedSystemId": 1,
  "connectedSystemName": "Corporate LDAP",
  "connectedSystemObjectTypeId": 10,
  "connectedSystemObjectTypeName": "user",
  "metaverseObjectTypeId": 1,
  "metaverseObjectTypeName": "person",
  "direction": "Import",
  "projectToMetaverse": true,
  "provisionToConnectedSystem": null,
  "enabled": true,
  "enforceState": true
}

Attributes¶

Field	Type	Description
`id`	integer	Unique identifier
`name`	string	Sync rule name
`created`	datetime	UTC creation timestamp
`connectedSystemId`	integer	Connected system ID
`connectedSystemName`	string	Connected system name
`connectedSystemObjectTypeId`	integer	Connected system object type ID
`connectedSystemObjectTypeName`	string	Connected system object type name (e.g. `user`)
`metaverseObjectTypeId`	integer	Metaverse object type ID
`metaverseObjectTypeName`	string	Metaverse object type name (e.g. `person`)
`direction`	string	`Import` or `Export`
`projectToMetaverse`	boolean, nullable	Create new metaverse objects when no match found (import rules)
`provisionToConnectedSystem`	boolean, nullable	Create new objects in the connected system (export rules)
`enabled`	boolean	Whether the sync rule is active
`enforceState`	boolean	Detect and remediate attribute drift (export rules)

Endpoints¶

Core¶

Method	Path	Description
`GET`	`/api/v1/synchronisation/sync-rules`	List sync rules
`POST`	`/api/v1/synchronisation/sync-rules`	Create a sync rule
`GET`	`/api/v1/synchronisation/sync-rules/{id}`	Retrieve a sync rule
`PUT`	`/api/v1/synchronisation/sync-rules/{id}`	Update a sync rule
`DELETE`	`/api/v1/synchronisation/sync-rules/{id}`	Delete a sync rule

Attribute Mappings¶

Method	Path	Description
`GET`	`/api/v1/synchronisation/sync-rules/{id}/mappings`	List mappings
`GET`	`/api/v1/synchronisation/sync-rules/{id}/mappings/{mappingId}`	Retrieve a mapping
`POST`	`/api/v1/synchronisation/sync-rules/{id}/mappings`	Create a mapping
`DELETE`	`/api/v1/synchronisation/sync-rules/{id}/mappings/{mappingId}`	Delete a mapping

Scoping Criteria¶

Method	Path	Description
`GET`	`/api/v1/synchronisation/sync-rules/{id}/scoping-criteria`	List scoping criteria groups
`GET`	`/api/v1/synchronisation/sync-rules/{id}/scoping-criteria/{groupId}`	Retrieve a criteria group
`POST`	`/api/v1/synchronisation/sync-rules/{id}/scoping-criteria`	Create a criteria group
`POST`	`/api/v1/synchronisation/sync-rules/{id}/scoping-criteria/{groupId}/child-groups`	Create a child group
`PUT`	`/api/v1/synchronisation/sync-rules/{id}/scoping-criteria/{groupId}`	Update a criteria group
`DELETE`	`/api/v1/synchronisation/sync-rules/{id}/scoping-criteria/{groupId}`	Delete a criteria group
`POST`	`/api/v1/synchronisation/sync-rules/{id}/scoping-criteria/{groupId}/criteria`	Add a criterion to a group
`DELETE`	`/api/v1/synchronisation/sync-rules/{id}/scoping-criteria/{groupId}/criteria/{criterionId}`	Delete a criterion

Object Matching Rules¶

Method	Path	Description
`GET`	`/api/v1/synchronisation/connected-systems/{id}/object-types/{typeId}/matching-rules`	List matching rules (simple mode)
`POST`	`/api/v1/synchronisation/connected-systems/{id}/matching-rules`	Create a matching rule (simple mode)
`PUT`	`/api/v1/synchronisation/connected-systems/{id}/matching-rules/{ruleId}`	Update a matching rule
`DELETE`	`/api/v1/synchronisation/connected-systems/{id}/matching-rules/{ruleId}`	Delete a matching rule
`GET`	`/api/v1/synchronisation/sync-rules/{id}/matching-rules`	List matching rules (advanced mode)
`POST`	`/api/v1/synchronisation/sync-rules/{id}/matching-rules`	Create a matching rule (advanced mode)
`POST`	`/api/v1/synchronisation/connected-systems/{id}/matching-mode`	Switch matching mode