I. Intro
Availability: This feature is in beta.
Who can perform these steps: Primary administrators and administrators with Organization data synchronization permissions.
Administrators can synchronize user data in JumpCloud to the corresponding organization in Lark through the Organization data synchronization functionality.
II. Steps
- Configure Lark & JumpCloud Sync App
The Lark & JumpCloud Sync App is a web application in the Lark Admin Console. It provides configurations for synchronizing data from JumpCloud to Lark.
1.1 Enable user sync from JumpCloud to Lark
- Enter the Lark Admin Console and click Settings > Directory Sync > Add sync source.
- 250px|700px|reset
- In the sync source panel, select JumpCloud.
- On the Configure access security page, click Copy Token and Copy URL to note them down for the following configuration in JumpCloud. Click Next.
- 250px|700px|reset
- On the Set attributes page, configure the sync rules for workforce type. Click Next.
- Field value of Employee Type in JumpCloud: The employee type defined by the organization in JumpCloud, such as "Regular", "Consultant", and so on.
- Name of Workforce Type in Lark: The workforce type defined by the organization in Lark, such as "regular employee", "consultant", and so on.
- If the employee type in JumpCloud is configured as "Regular", it will be mapped to "regular employee" in Lark.
- Note: You can configure 15 sync rules at most.
- 250px|700px|reset
- On the General settings page, complete the following settings. Click Next.
- Member deletion rule: How to respond to the SCIM API requests to delete a user.
- Administrator notification: You can configure which administrators can receive notifications of sync failures. If the sync fails due to an expired token, the notification will be sent to the administrator with the permission to configure JumpCloud sync, regardless of this setting.
- Select attributes for identifying existing users when creating new users: When SCIM creates a user, it will query whether the user exists through the username. This configuration provides an additional option for the Lark & JumpCloud sync App: when the App cannot query the existing user through the username, it will also use other attributes you've specified to determine whether the user exists.
- 250px|700px|reset
- On the Preview page, confirm the configuration. Click Save or Save and Activate.
- Save: Only save the configuration, do not enable this service.
- Save and Activate: Save the configuration and enable this service at the same time.
- Note: If the service is not activated, both connection and synchronization requests from JumpCloud will be denied.
- 250px|700px|reset
1.2 Create an App in JumpCloud
- Click https://console.jumpcloud.com/login/admin to open JumpCloud and log in as an administrator.
- 250px|700px|reset
- Go to User Authentication > SSO Applications, click Add New Application.
- On the Create New Application Integration page, click Custom Application.
- 250px|700px|reset
- On the Select Applications page, click Create App Integration and follow the defaults. Click Next.
- On the Select Options page, select Export users to this app (Identity Management). Select other options as needed, and click Next.
- 250px|700px|reset
- On the Enter General Info page, fill in the App name under Display Label, and click Save Application.
- 250px|700px|reset
- On the Review page, confirm the information is correct. Click Configure Application.
- 250px|700px|reset
- Back to the SSO Applications page, click the application you have created and click Identity Management. Then select SCIM API as API Type and SCIM 2.0 as SCIM Version.
- 250px|700px|reset
- Configure and test the SCIM connection.
- In Base URL, fill in the Base URL and token obtained in step 3 of "1.1 Enable user sync from JumpCloud to Lark" in this article.
- In Test User Email, fill in a test email address and test the connection. JumpCloud will try to use this email to verify whether the connection with Lark works properly.
- Important: If the test email account exists in Lark, the account could be deactivated after the test according to JumpCloud's verifying process. Be cautious about using an existing account email from Lark to verify..
- 250px|700px|reset
- After the test passes, deselect Enable management of User Groups and Group Membership in this application under Group Management. Click Activate to enable SCIM user sync.
- To assign users to the App, select the user group to be synchronized in the User Groups. The users in the group will be automatically synced to Lark.
- Click Save to complete the configuration.
1.3 Verify the results
After completing the above steps, JumpCloud users will be automatically synced to the Lark Organization.
If successful, you will see relevant notifications on the Member and Department, User Group, and Field Management pages under Organization in the Lark Admin Console.
250px|700px|reset
250px|700px|reset
250px|700px|reset
Note: The corresponding notifications are also visible in the Lark mobile app.
- Manage Lark & JumpCloud Sync App
You can click the JumpCloud Sync App card to view the sync configuration details page, and disable, enable, edit, or delete the Lark & JumpCloud Sync App.
250px|700px|reset
250px|700px|reset
- Deactivate: Click Deactivate in the sync configuration details, or directly click Deactivate on the App card to disable the App. Once stopped, it will not respond to any sync requests from JumpCloud.
- Activate: For deactivated sync Apps, click Activate in the sync configuration details, or directly click Activate on the App card to enable and restore service.
- Edit: Click Edit, the changes will take effect at the next sync.
- Delete: If you no longer need this App, you can click the icon and then click Delete to delete the App.
- Note: The App cannot be recovered after deletion, and all configurations will be lost. Users who have been synced will not be affected.
- Log management
View Sync Logs
By clicking Sync log on the JumpCloud Sync App card, administrators can view the sync logs of user creation, modification and deletion, as well as the associated objects (such as job title and department). Click Details at the right of the log entry to learn more.
250px|700px|reset
250px|700px|reset
View administrator operation log
Who can perform these steps: Primary administrators and administrators with administrator log permissions.
Administrators can view the creation, configuration, and modification details of the Lark & JumpCloud Sync App in the administrator log.
- Enter the Lark Admin Console, and click Compliance > Audit Log > Admin log.
- Set the query filters:
- Event type: select Settings > Organization Data Sync, and choose the following as needed:
- Add sync source
- Delete sync source
- Edit sync configurations
- Activate/Deactivate or Stop Sync Settings
- Administrator
- Start time
- End time
- Click Search to get the log.
- Click Details at the end of the log entry to view the details.
- 250px|700px|reset
- View data source information
On the Members or Departments tab under Organization > Member and Department, you can click the Details at the right end of a member or department entry to view the data source information.
- SCIM data source: Created by SCIM synchronization.
- Lark Admin Console: Manually created by the administrator in the Lark Admin Console.
250px|700px|reset
250px|700px|reset
For fields with synchronized data from JumpCloud & SCIM, you can also click Details of an entry in Organization > Field Management to view the data source information of the field.
250px|700px|reset
III. FAQs