The synchronization of users and groups is triggered by the ExternalLoginModule, after a user is successfully authenticated against the IDP or if it’s no longer present on the IDP.
In addition to the synchronization API Oak 1.0 defines utilities to manage synchronized external identities within JMX (SynchronizationMBean) which allows for the following tasks:
Oak 1.0 provides a default implementation of the user synchronization API that allow to plug additional SyncHandler implementations.
Default implementation is described in section User and Group Synchronization : The Default Implementation.
There are two ways to replace/change the user synchronization behavior
The following steps are required in order to replace the default SyncManager implementation or plug a new implementation of the SyncHandler: