Reconciliation is the process of fetching account details and entitlements from target systems and publishing them into Identity Management Systems. It is to observe changes and detect discrepancies between the Identity Management System and Applications. Reconciliation is used to build new permission catalog items detected in the application.
Full reconciliation recalculates the existence, ownership, and state for each account listed in the connected application. Full reconcile is a comprehensive evaluation of Users and their respective Resource Accounts and Entitlements.
Incremental reconciliation only processes the Accounts and Entitlement that have been added, deleted, or modified since the last successful reconciliation. It is faster than processing a full set of target system accounts and typically runs on a periodic basis.
Connected Applications can be scheduled to run at regular intervals. This allows for near real-time synchronization of identities and actionable insight.