In our organization, we have custom requirements about when a user should be deactivated during a sync. How can I achieve this?


UserSync supports writing groovy code in order to make decisions about whether a user should be cleaned up or not.

To activate this, go to Edit on your UserSync connector, select the Sync tab, and check the Use Groovy to decide about cleaning up a user option.

The default function cleans up a user if the user has not been updated during the sync. Thus, if the last modification timestamp (timestamp(atlasUser)) was before the current sync (syncStartedAtTimestamp).

Parameter NameMeaning
syncStartedAtTimestampTimestamp of when the sync started in milliseconds
atlasUserThe object representing the user

If you see the need for a custom function but have problems realizing it, please contact us at


"Users should not be cleaned up if they are members of the group 'Always Active'".

boolean shouldCleanup(AtlasUser atlasUser, long syncStartedAtTimestamp) {
    long userTimestamp = timestamp(atlasUser)
    boolean timestampBeforSyncStarted = userTimestamp < syncStartedAtTimestamp
    boolean userIsInAlwaysActiveGroup = atlasUser.getAttributeValues("ATTR_GROUPS")?.contains("Always Active")
    return timestampBeforSyncStarted && !userIsInAlwaysActiveGroup