Encrypted Data Synchronization

The Encrypted Data Synchronization task goes over the objects re-encrypting the values using the newest key.

Note: The Encrypted Data Synchronization task is not enabled upon installation, you must create the task from the New Task dropdown menu.

The task encrypts the following attributes / types by default:

  • Application secret configuration attributes

  • User passwords

  • Password history

  • Users challenge questions

  • Activity / Target source configurations

  • Integration configuration password attributes

In cases such as integration configuration and unstructured target sources the task looks for encrypted values with the password in the name. You can also add a configuration attribute, IIQSecretAttributes, to either type names to define which attributes are targeted during a re-synchronization.

<entry key="IIQSecretAttributes">
<value>
<List>
<String>mySecret1</String>
<String>mySecret2</String>
<String>password</String>
</List>
</value>
</entry>

The task enables you do disable the following three categories of objects:

  • Applications – which enabled application, activity and target source updates

  • Identity

  • Integration configuration