You can configure high availability for directory sync by associating the directory with multiple Directory Sync service instances and then setting up a Sync Services list for the directory. The Directory Sync service instances in the Sync Services list are arranged in failover order. The Workspace ONE Access service uses the first Directory Sync service in the list to sync users and groups for the directory. If the first Directory Sync service is unavailable, it uses the next one in the list, and so on.

Each directory has its own Sync Services list.

As a best practice, set up your deployment in a way that the same Directory Sync service instance does not sync multiple directories at the same time. You can use the following strategies.

  • Use a different set of Directory Sync service instances for different directories.
  • If you use the same set of Directory Sync service instances in the same failover order, schedule the sync at different times for each directory.
  • If you use the same set of Directory Sync service instances for multiple directories, set a different failover order for each directory so that sync does not fall back to the same instance.

Prerequisites

  • You have installed and configured additional Directory Sync service instances. See Installing Workspace ONE Access Connector for information.

Procedure

  1. In the Workspace ONE Access console, navigate to the Identity & Access Management > Manage > Directories page.
  2. Click the directory for which you want to configure high availability.
  3. Click Sync Settings, then click the Sync Service tab.
  4. From the Select Sync Service drop-down menu, which displays all the Directory Sync service instances associated with the Workspace ONE Access service, select the Directory Sync service instance to add, then click +.
    The Directory Sync service instance is added to the Sync Services list.
  5. Add all the Directory Sync service instances that you want to use to the Sync Services list.
  6. In the Sync Services list, arrange the entries in failover order by using the up and down arrow keys.
    To perform a directory sync, Workspace ONE Access uses the first Directory Sync service instance in the list. If the first instance is unavailable, it tries to use the second one, and so on.
  7. Click Save.

Results

The list of Directory Sync service instances is saved and is applied from the next sync onwards.

You can view which Directory Sync service instances were used for each sync run in the Sync Log tab of the directory page.