I am a Zivver admin
Configure and manage Zivver
Functionalities and limitations
At this moment, Cloud Sync provides the core functionality for managing accounts in Zivver with Exchange Online as the source, covering the basic synchronization tasks. More complex scenarios will be addressed in future updates.
Functionalities
Cloud Sync offers the following functionalities:
Create and update user and functional accounts: Automatically creates and updates both user and functional accounts in Zivver by retrieving information from Exchange Online user and shared mailboxes.
Deactivate user and functional accounts: Automatically deactivates accounts in Zivver if the corresponding mailbox has been deleted or deactivated in Exchange Online, if the primary email address does not match the configured domains, or if it is not part of the Cloud Sync Source Filter (if configured).
Manage delegated access to user and functional accounts: Grants or removes delegated access in Zivver when users have Full Access mailbox rights in Exchange.
Logging: Provides detailed logs of actions performed during the synchronization process for tracking and auditing. Log levels can be configured. Logs are also sent to Zivver for monitoring.
Preview mode: Allows administrators to review and verify proposed changes before execution.
Update display name: Synchronizes and updates the display names of user and functional accounts in Zivver based on the Exchange Online display name.
Add and remove email aliases: Automatically adds or removes secondary SMTP addresses in Zivver to reflect changes in Exchange Online.
Source filter: Option to synchronize only mailboxes that are members of the specified groups.
Indirect group delegations (first level): Grants delegated access to functional accounts via group membership. This applies only to the first level of groups; nested groups are not yet supported.
Email report: Sends automatic email reports after each Cloud Sync run.
Change primary email addresses: Zivver links the Exchange Online mailbox property
ExternalDirectoryObjectId
to the corresponding Zivver object, so that changes to primary email addresses are supported by Cloud Sync.Large change validation: A failsafe mechanism that prevents more than 10% of accounts in Zivver from being updated, created, or deactivated. The user must confirm this intent by adding the parameter
allow_large_sync
.
Limitations
Although Cloud Sync is designed for basic account synchronization, there are some limitations. Depending on the impact on your organization, you can choose one of the following three approaches:
- Use Cloud Sync for daily synchronizations and the Synctool for special functions (e.g., account deletion, merging guest accounts).
- Use Cloud Sync for daily synchronizations and the Zivver admin portal for special functions (e.g., account deletion, merging guest accounts).
- Continue using the Synctool until limiting factors are resolved.
Use the Synctool for special functions
The following actions are not yet supported in Cloud Sync but are only needed occasionally. For these, you can use the Synctool locally until Cloud Sync supports this functionality. Install the Synctool locally following these installation instructions and add an Exchange Online source with MFA authentication:
Delete account: Permanently deleting accounts that have been deactivated and are not present in the source is not supported in Cloud Sync. Consider using Automated user deletion.
Merge accounts: Cloud Sync cannot merge two accounts into a single Zivver account.
SsoAccountKey updates: Updating the SsoAccountKey in Zivver is not supported; this is usually only required during migrations, mergers, source changes, or troubleshooting.
Manage mobile phone numbers: Adding or changing mobile phone numbers for two-factor authentication in Zivver is not supported.
Info
In most cases, it is not necessary to synchronize the mobile number for two-factor authentication, because MFA is handled via Entra ID SSO when using SSO.
Use the admin portal for special functions
The following actions cannot be performed by either the Synctool or Cloud Sync. Use the Zivver admin portal for these actions:
Change account type: Switching between user and functional accounts is not possible.
Promote or demote administrators: Cloud Sync cannot change admin roles, even when Role-Based Access Control is used.
Change time zone or language: Automatically changing time zone or language settings based on source data is not supported.
Manage active sessions: Removing active sessions in Zivver is not possible.
Change sender display settings: Adjusting sender display settings is not supported in either Cloud Sync or the Synctool.
Continue using the Synctool
If one of the following synchronization options applies, continue using the Synctool for now. For more complex configurations, share your use case, so we can consider supporting it in the future:
Source filter on Exchange attribute: Within Cloud Sync, it is not possible to select the Exchange source based on specific attributes for refined synchronization.
Synchronization options: All account synchronization actions are executed; selecting individual actions (e.g., updating only functional accounts) is not possible.
Custom attribute mapping: Mapping custom Exchange fields to Zivver fields is not implemented.
Nested shared mailbox synchronization: Synchronization of nested shared mailboxes for delegations and filtering based on nested group membership is not available.
Password login support: Synchronizations for organizations that do not use Single Sign-On (SSO) are not supported.
Synchronizations longer than 3 hours: The current system supports synchronizations of up to three hours.