Reconciliation

Reconciliation compares what nexusID believes exists against what a target system actually has, and surfaces the drift — accounts that exist downstream but not in nexusID, or vice-versa.

Admin console: /admin/reconciliation

Concepts

Target — a system to reconcile against: Entra, a SCIM/downstream target, or AD.
Run — one reconciliation pass over a target, producing findings.
Finding — a specific drift item (missing, orphaned, or mismatched account) with a suggested remediation.
Reprovision — push nexusID's intended state back to the target to resolve a finding.

How it works

A run reads the target's current accounts (listDirectoryAccounts for Entra/Graph, SCIM user enumeration for downstream, the broker's provisioned AD operations for AD) and diffs them against nexusID. Differences become findings you can act on, including re-provisioning over the right channel (Entra / downstream / AD).

AD scope: AD reconciliation covers broker-provisioned accounts — the on-prem agent is one-way and cannot read the live directory.

Typical workflow

/admin/reconciliation → pick a target.
Run the reconciliation and review findings.
Reprovision or dismiss each finding. Drift trends feed the reconciliation report.

HR Source Precedence · Compliance Reports

Concepts​

How it works​

Typical workflow​

Related​

Concepts

How it works

Typical workflow

Related