User Account Synchronization #82
Description
Overview
When enabling Customer Data Service (CDS) for an organization, CDS should also handle existing user accounts similar to how it handles user synchronization in the Identity Server (IS).
Upon activation (i.e., when "cds_enabled": true), CDS should fetch all existing user accounts from IS and provision corresponding user profiles within CDS.
Apart from the initial sync, user account creation, update and deletion should be reflected in the CDS and where as generally profile changes need NOT be reflective on the IS side.
Key Considerations
1. Initial User Account Sync
- When CDS is enabled for an organization, all existing user accounts in IS should be fetched and provisioned as profiles in CDS.
- Ensure that identity attributes in IS are mapped to profile fields in CDS.
2. Profile and Account Lifecycle
- Creating a profile in CDS should not automatically create a user account in IS.
- Creating a user account in IS (via self-registration, admin onboarding, or JIT provisioning) must create or update the corresponding CDS profile.
3. Account Linking and Association
- Evaluate how to handle linking between multiple accounts and profiles (e.g., federated or social logins).
4. Deletion Handling
- User deletion in IS should trigger deletion of the corresponding profile in CDS.
- Profile deletion in CDS should never delete or modify user accounts in IS.
Subtasks
- Implement initial user account synchronization when CDS is enabled (
"cds_enabled": true). - Map user attributes from IS to corresponding CDS profile identity attributes.
- Handle user provisioning flows for self-registration, admin onboarding, and JIT provisioning.
- Define and implement account linking and association logic.
- Implement deletion handling for IS → CDS.