Verify handling source system data updates

Last modified 22 Nov 2025 11:07 +01:00
Table of Contents

You have already confirmed that creating new users works. In this module, you will verify that you can actually change data in the source HRIS system and that these changes are picked up by midPoint correctly.

What awaits you this module

This exercise is short:

  1. Update an attribute of a user.

  2. Wait for the recurring reconciliation task to run.

  3. Inspect how midPoint handled the change across the systems.

1. Update user in HRIS

  1. Open the HRIS web interface and log in.

    • If you are using the Docker images prepared for this guide, it is accessible under http://localhost/hr.

  2. Pick whichever user you like, e.g., Geena Green.

    • You may need to click Show users at the top bar if you do not see the user list.

  3. Click Modify in right-most column of the listing table.

  4. In the form that appears, rewrite Locality to Hot Lava City.

  5. Click Modify user.

  6. Click Export users to csv file at the bottom of the user listing page.

2. Let automation handle the updates

Wait for the recurring HRIS reconciliation task you have already up and running to pick up the changes.

3. Inspect the results

To verify that the change have propagated to midPoint and the target LDAP system:

  1. In Users > Persons, search for geena and click the name to open Geena Green’s profile.

  2. Select History in Geena’s profile on the left.

    midpoint geena user history modified by reconciliation
    Figure 1. You can see here that the user has been modified through the reconciliation channel.

  3. Click the time stamp of the last change in the History screen to open the audit log entry with the details of the change.

    midpoint geena user audit log
    Figure 2. On the right, you can see that both the focus and the LDAP account of Geena have been modified.

  4. You can check the data on the target LDAP system by two means:

    • In Geena’s midPoint user profile, go to Projections, select the target resource, and inspect the attribute values.

    • Go directly to the target LDAP system interface, open Geena’s account details, and confirm the changes there.

3.1. Canonical approach to keeping track of changes

Finding out what the scheduled reconciliation task did was easy this time, because you knew exactly on which user to expect changes. In case you do not know which user to inspect and want to review what is happening in your IGA ecosystem, use the audit log:

  1. Select Audit Log Viewer in the left-side navigation menu.

  2. Inspect entries with an appropriate value in the Channel column.

    • In the case of this module, it is Reconciliation.

  3. There are always multiple stages for events—open the Execution or Resource stage entries as those show most clearly what has actually been done.

Audit log entries
Figure 3. Audit log entries

Summary

This experiment has proven beyond doubt that your setup works as expected. The changes you made in the source system propagate to midPoint and then to the target system.

Next steps

Having successfully covered two out of the three basic IGA transitions (join, move, leave), you have yet left to confirm your configuration performs correctly for leavers. In the next module, you will do exactly that.

You may also be interested to read a related IAM myth: IGA Is All About Account Synchronization

Was this page helpful?
YES NO
Thanks for your feedback