Recovery Guide

Validate hybrid authentication after sync, firewall, certificate, or connector changes.

Use this page after planned maintenance or emergency repair work on any component that could influence cloud sign-in, sync health, PTA/federation behavior, or user identity state.

Search Hybrid AuthOpen Cloud Domain
Situation

Hybrid auth changes need explicit validation, not assumption.

Authentication can look restored from an admin screen while users still fail through a different path. Post-change validation must cover sync freshness, client experience, fallback behavior, and the exact auth model in use.

What To Verify

Test the chain end to end.

  • Connector and sync health after the change.
  • Current auth model and whether fallback behavior still works.
  • User sign-in from external and internal paths.
  • Certificate validity and service connectivity if federation remains involved.
  • Whether a real user in scope for the change experiences the expected result.
Working Sequence

Validate in layers.

  • Confirm the changed component is healthy from its own diagnostics first.
  • Test sync state and cloud object freshness.
  • Run user sign-in checks that mirror the affected workflow.
  • Verify failover or fallback behavior if the model is supposed to survive partial outage.
  • Capture the post-change baseline so future incidents have a known good reference.