Introduction

Basically, the push is a sort of synchronization mechanism used by Apache Syncope to propagate a filtered set of user/role/membership data to external resources.

Push can be "full" only: all the data matching the configured filter (potentially the same set of data) will be sent to the external resource at each push task execution.

From Syncope to an external resource

All the entity (user/group) data involved by a push are retrieved locally and compared with remote ones before sending out.

An entity to be sent out can be:

1. a matching entity, if a corresponding remote entity has been found;
2. or an unmatching entity, otherwise.

By default, Syncope will propagate all the unmatching entities for provisioning (without linking entities and resources) and will update all the matching ones.

By the way, a different behaviour can be configured working with matching/unmatching rules.

Matching and Unmatching rules

Unmatching (corresponding user not found on external resource):

• IGNORE (do not perform any action);
• UNLINK (just unlink resource without performing any (de-)provisioning operation - of course, if any link is found);
• ASSIGN (provision entity linking the resource);
• PROVISION (provision entity without linking the resource).

Matching (corresponding users found on external resource):

• IGNORE (do not perform any action);
• UPDATE (update matching entity);
• DEPROVISION (delete resource entity);
• UNASSIGN (unlink resource and delete resource entity) ;
• UNLINK (just unlink resource without performing any (de-)provisioning operation);
• LINK (just link resource without performing any (de-)provisioning operation).