Overview
Sync users from external systems (databases, Azure AD, Keycloak, etc.) into Hanzo IAM.
Hanzo IAM stores users in its user table. When you adopt Hanzo IAM, you don’t have to migrate users manually—use a syncer to import and keep user data in sync from your existing source.
Supported syncers
Hanzo IAM supports these syncer types:
- Database: Synchronize users from any database supported by Xorm (MySQL, PostgreSQL, SQL Server, Oracle, SQLite). See database syncer.
- Azure AD: Synchronize users from Azure Active Directory using Microsoft Graph API. See Azure AD syncer.
- Active Directory: Synchronize users from Microsoft Active Directory via LDAP. See Active Directory syncer.
- Google Workspace: Synchronize users from Google Workspace using Admin SDK API. See Google Workspace syncer.
- Keycloak: Import users directly from Keycloak databases. See Keycloak syncer.
- WeCom: Fetch users from WeCom organizations via API. See WeCom syncer.
- DingTalk: Import users from DingTalk organizations via API. See DingTalk syncer.
All syncers share a common interface, so new sources can be added without changing the rest of the system.
Supported user attributes
Syncers can map a wide set of attributes: profile data, credentials (passwords, WebAuthn, MFA), security settings (IP allowlist, verification), and activity (login history, password changes). Complex data (e.g. WebAuthn credentials, Face ID) is stored as JSON.
Sync and change detection
Hanzo IAM computes a hash per user from fields such as password and phone. When the hash for a given user Id changes, Hanzo IAM treats that user as updated and applies the change. This allows two-way sync between the Hanzo IAM user table and the source system.
How is this guide?
Last updated on