How To
ForgeRock Identity Platform
Does not apply to Identity Cloud

How do I provision external accounts in a pre-defined order in IDM (All versions)?

Last updated Jan 12, 2023

The purpose of this article is to provide information on provisioning external accounts in a pre-defined order in IDM using implicit synchronization.

Provisioning external accounts in a pre-defined order

If you require provisioning to take place in a specific order, for example, you have multiple accounts that need to be created in a set order or you have LDAP accounts with both a main and sub-entry, where:

  • Main entries must be created before sub-entries.
  • Sub-entries must be deleted before main entries.

You must have a mapping per account or entry and then ensure the mappings in the sync.json file (located in the /path/to/idm/conf directory) are in the required order; provisioning occurs according to the order of the mappings in the sync.json file. For example, if the mapping for the main entry is listed in the sync.json file before the mapping for the sub-entry, the main entry will be provisioned/deprovisioned first, followed by the sub-entry.


The sync-two-external-resources sample (sample5) contains multiple mappings to help you understand more fully how this works.

See Also

How do I merge multiple external accounts to a single managed/user object in IDM (All versions)?

Types of Synchronization

Synchronize Data Between Two External Resources

Related Training

ForgeRock Identity Management Deep Dive (IDM-420)

Related Issue Tracker IDs


Copyright and Trademarks Copyright © 2023 ForgeRock, all rights reserved.