How To
ForgeRock Identity Platform
Does not apply to Identity Cloud

How do I provision external accounts in a pre-defined order in IDM (All versions)?

Last updated Apr 8, 2021

The purpose of this article is to provide information on provisioning external accounts in a pre-defined order in IDM using implicit synchronization.

Provisioning external accounts in a pre-defined order

If you require provisioning to take place in a specific order, for example, you have multiple accounts that need to be created in a set order or you have LDAP accounts with both a main and sub-entry, where:

  • Main entries must be created before sub-entries.
  • Sub-entries must be deleted before main entries.

You must have a mapping per account or entry and then ensure the mappings in the sync.json file (located in the /path/to/idm/conf directory) are in the required order; provisioning occurs according to the order of the mappings in the sync.json file. For example, if the mapping for the main entry is listed in the sync.json file before the mapping for the sub-entry, the main entry will be provisioned/deprovisioned first, followed by the sub-entry.


The sync-two-external-resources sample (sample5) contains multiple mappings to help you understand more fully how this works.

See Also

How do I merge multiple external accounts to a single managed/user object in IDM (All versions)?

Synchronization Guide › Types of Synchronization

Samples Guide › Synchronize Data Between Two External Resources

Related Training

ForgeRock Identity Management Core Concepts (IDM-400)

Related Issue Tracker IDs


Copyright and Trademarks Copyright © 2021 ForgeRock, all rights reserved.