Archer User Profile and Contact Synchronization

Assigning accountability for tasks, findings, and remediation is a key component for nearly all Archer use cases. Several Archer use cases utilize the Contacts application to store metadata about users. The user profile information, including the credentials used to log into the Archer Platform, is stored separately. Therefore, the Platform stores similar user and contact data in two different locations.

Archer Exchange: With the Archer Exchange, the Archer team has created a broad selection of supplemental, value-added offerings to help you get your unique risk management program on the right path, right from the start. You can leverage the Archer Exchange offerings to expand the use of Archer solutions into new business processes and address specific industry, geographic, regulatory, or technical requirements.

On this page


Release history

Release date

Release

Notes

2025.10

December 2025

Archer Release Version

Published Date

Notes

2025.02

March 2025

Recertified on Archer platform release 2025.02 with resigned JavaScript file.

2024.03

June 2024

The offering has been updated to allow customers the ability to specify if they want to filter against the Update Date or Create Date when selecting users by Last Runtime.

6.12

February 2023

The offering has been updated to use SOAP for authentication instead of REST.

6.12

October 2022

The Offering has been updated to utilize the Archer JST data feed. The offering uses the Archer Rest API and a data feed to synchronize key attributes such as first and last name, username, email address and phone number etc.,

6.8

April 2022

Updated documentation with notes regarding implementation in Archer SaaS environments

6.8

February 2021

Offering Updated:

  • App Settings in web.config file are encrypted when the utility is run for the first time. Encrypt and decrypt batch files are no longer required.

  • The new version of Archer User Profile and Contacts Sync uses the NLog framework to enable logging. The previous version of this tool did not use a logging framework and was writing data to one log file. Over time, this file will become quite large and difficult to work with. NLog provides a configurable option for logging such as setting the maximum log file size and options to configure a Rolling File Appendix to create new log files at certain time intervals.

6.3

February 2018

Initial Release

Overview

The Archer User Profile and Contacts Synchronization Tool & Utility uses the Archer RESTful API and a data feed to synchronize fields, if populated, between the User Profile and the Contacts application.

Archer User Profile and Contacts Synchronization is available to both Archer on-premises and Archer SaaS clients.

Key features and benefits

The Archer User Profile and Contacts Synchronization Tool & Utility establishes a consistent process for synchronizing user and contact data and assures data integrity between this metadata. It automates this process and improves data consistency across these two data sets.

With Archer User Profile and Contacts Synchronization, organizations can:

  • Sync User Profile key attributes with the Contacts application.

  • Enable a one-way sync between these data sources.

  • Reduce the manual effort of creating or updating the contacts records.

Prerequisites

Components

Recommended Software
Archer Solution Area This offering applies to various solution areas.
Archer Use Case Enterprise Catalog
Archer Applications Contacts
Uses Custom Objects No

Requires Archer On-Demand Application (ODA) License

This offering does not require an Archer On-Demand Application (ODA) license.

Archer requirements

Archer Platform Release 2025.10 and later

Supported Archer Environments

  • On-premises

  • Archer SaaS

Components

The following diagram provides a high-level overview of the data flow process for the Archer User Profile and Contacts Synchronization.

Diagram Description automatically generated

Installing Archer User Profile and Contacts Synchronization

It is assumed that the reader has both working knowledge of all products involved, and the ability to perform the tasks outlined in this section. Administrators must have access to the documentation for all products to install the required components.

Archer use cases that utilize the Contacts application must be installed and working prior to the integration.

To configure the Archer Platform, you must first download the following components from Archer Exchange.

File Name

Description

User Profile Contact Sync (JST).dfx5

Archer JavaScript Transporter Data Feed

signed-UserProfileContactSync.js

Signed JavaScript file used by the JavaScript Transporter data feeds.

You must import and schedule each use case data feed that you want to use. See Setting Up Data Feeds for complete information.

Test the application according to your company standards and procedures, to ensure that the use case works with your existing processes.

Setting up data feeds

Before you upload a JavaScript file, you must configure JavaScript Transporter settings in the Archer Control Panel.

  1. On the General tab, go to the JavaScript Transporter section.

    1. Open the Archer Control Panel.

    2. Go to Instance Management and select All Instances.

    3. Select the instance you want to use.

    4. On the General tab, go to the JavaScript Transporter section.

  2. In the Max Memory Limit field, set the value to 2048 MB (2 GB).

  3. In the Script Timeout field, set the value to 120 minutes (2 hours).

  4. (Optional) If you want to allow only digitally signed JavaScript files in the data feed, enable Require Signature.

    1. In the JavaScript Transporter Settings section, select the checkbox Require Signature. A new empty cell appears in the Signing Certificate Thumbprints section

    2. In the Signing Certificate Thumbprints section, double-click an empty cell.

    3. Enter the digital thumbprint of the trusted certificate used to sign the JavaScript file.

      Note: For information on how to obtain digital thumbprints, see Obtaining Digital Thumbprints.

      Important: If you enable Require Signature and specify no thumbprints, no JavaScript files will be accepted by the system.

    4. (Optional) If you want to add additional thumbprint sources, repeat steps b-c for each thumbprint.

  5. On the toolbar, click Save.

When running JavaScript data feeds, you can set the Archer instance to only allow digitally signed JavaScript files from trusted sources for security considerations.

For a certificate to be trusted, all the certificates in the chain, including the Root CA Certificate and Intermediate CA certificates, must be trusted on both the Web Server and Services Server machines.

Archer Technologies LLC certificate is not present on every machine’s root by default.

  1. On the JavaScript file, right-click and select Properties.

    1. Click the Digital Signatures tab.

    2. From the Signature List window, select Archer Technologies LLC.

    3. Click the Details button.

    4. Click View Certificate.

    5. Click Install Certificate.

    6. Select Local Machine.

    7. Click Next.

    8. Select Place all certificates in the following store and click Browse.

      1. Select Trusted Root Certification Authorities and click OK.

      2. Click Next.

      3. Click Finish.

  2. Upon successful import, click OK.

  1. In the Archer Control Panel environment, open the Manage Computer Certificates program.

    1. Click Start.

    2. Type: certificate

    3. From the search results, click Manage Computer Certificates.

  2. Ensure that your trusted source certificates are in the Certificates sub-folder of the Trust Root Certification Authorities folder.

  3. In the Certificates sub-folder, double-click the Archer Technologies LLC certificate that contains the thumbprint you want to obtain.

  4. Verify that the certificate is trusted.

    1. In the Certificate window, click the Certification Path tab.

    2. Ensure that the Certificate Status windows displays the following message: This certificate is OK

      Note: If the Certificate Status windows displays something different, follow the on-screen instructions.

  5. Obtain the trusted certificate thumbprint.

    1. In the Certificate window, click the Details tab.

    2. Select the Thumbprint field. The certificate's digital thumbprint appears in the window.

    3. Copy the thumbprint.

Configure the data feeds

Important: Before you upload a JavaScript file, configure JavaScript Transporter settings in the Archer Control Panel. For more information, see Configure the JavaScript Transporter Settings.After setting up the data feeds, you can schedule them to run as needed per your organization’s requirements. For more information on Scheduling data feeds, see the Scheduling Data Feeds section.

  1. Go to the Manage Data Feeds page.

    1. From the menu bar, click Admin menu.

    2. Under Integration, click Data Feeds.

  2. In the Manage Data Feeds section, click Import.

  3. Locate and select the User Profile Contact Sync (JST).dfx5 file for the data feed.

  4. In the General Information section, in the Status field, select Active.

  5. Click the Source Connection tab.

  6. In the Transport Configuration section, do the following:

    1. Click Upload.

    2. From the Upload JavaScript File dialog, click Add New.

    3. Locate and select the signed_UserProfileContactSync.js file.

    4. Click Open.

    5. From the Upload JavaScript File dialog, click OK.

  7. In the Custom Parameters section, enter key values. The following table describes the value for each key in Custom Parameters.

Key

Value

archer_url

The URL to the root of your Archer instance

Example: https://[YourArcherHostURL]/archer

archer_instance

Instance name of your Archer environment

Example: ArcherProd

Note: Instance name is case sensitive.

archer_username

Username of the account

Example: adminuser

archer_password

Password of the user account

Example:  Password@123

  1. The following additional parameters are providedin the Custom Parameters section for the current JavaScript file.

Key

Value

oDataFilter

This is how you filter for specific users you want to pull
Example: $filter=AccountStatus eq '1'

oDataSelect

This is how you specify which columns within the user record you want

Example: $select=Address,BusinessUnit,Company,Department,FirstName,Id,LastName,MiddleName,Title,UserName

includeGroups

If this value is true, it retrieves the Group info from a user account. The GroupNames and GroupIds source fields can then be mapped in the data feed to be used in the Contacts application.Note: GroupNames and Group Ids are returned in semicolon-delimited strings

Example: true

useLastRuntimeFilter

If this value is true, an additional user filter will be applied, based on the value of either filter By Update Date or filter By Create Date

Example: true

pageSize

Set this to 0 to retrieve all the users in a single request. If there are more than 1000 users, it is recommended to set the value to 100.

Example: 100

proxy

Only necessary for SaaS implementations (or if the customer is on-prem and their network requires a proxy, in which case they will know the correct value).

Example: http://tempworkaround:8118/

verifycerts

If verifyCerts= true, the node JS validates whether the endpoint certificate is from a trusted Certificate Authority (CA).  The related API requests succeed if the endpoint certificate is from a trusted CA.

Example: true / false

filterByUpdateDate

 

If this value is true, an additional user filter will be applied, requiring the user’s last update date to be greater than the value of the LastRuntime token.

Example: true

filterByCreateDate

If this value is true, an additional user filter will be applied, requiring the user’s create date to be greater than the value of the LastRuntime token.

Example: true

When you schedule a data feed, the Data Feed Manager validates the information. If any information is invalid, an error message will display. You can save the data feed and correct the errors later, but the data feed is not processed until the errors are rectified.

Important: A data feed must be active and valid to successfully run.

  1. Go to the Schedule tab of the data feed that you want to modify.

    1. From the menu bar, click Admin menu.

    2. Under Integration, click Data Feeds.

    3. Select the data feed you want to modify.

    4. Click the Schedule tab.

  2. Complete the Recurrences section. The following table describes the fields in the Recurrences section.

Field

Description

Frequency

Specifies the interval in which the data feed runs.

  • By minute: Runs the data feed by the minute interval set. For example, if you specify 45 in every list, the data feed executes every 45 minutes.

  • Hourly: Runs the data feed by the hourly interval set. For example, every hour (1), every other hour (2), and so forth.

  • Daily: Runs the data feed by the daily internal set. For example, every day (1), every other day (2), and so forth.

  • Weekly: Runs the data feed based on a specified day of the week. For example, every Monday of the first week (1), every other Monday (2), and so forth.

  • Monthly: Runs the data feed based on a specified week of the month. For example, 1st, 2nd, 3rd, 4th, or Last.

  • Reference: Runs a specified data feed as runs before the current one. This option indicates to the Data Feed Service that this data feed starts as soon as the referenced data feed completes successfully. From the Reference Feed list, select after which existing data feed the current data feed starts. A reference data feed will not run when immediately running a data feed. The Data Feed Now option only runs the current data feed.

Every

Specifies the interval of the frequency in which the data feed runs.

Start Time

Specifies the time the data feed begins running.

Start Date

Specifies the date on which the data feed schedule begins.

Time Zone

Specifies the time zone in of the server that runs the data feed.

  1. (Optional) In the Run Data Feed Now section, click Start to override the data feed schedule and run the data feed immediately. 

  2. Click Save.

Troubleshooting

  • Do not include default.aspx in the Archer URL.

  • Note that the Archer instance name is case sensitive.

  • Assure that dedicated, active Archer user account credentials are used in the data feed.

  • All Source Fields automatically populate when you import the data feed.  To repopulate the source fields again, upload the SampleOutput.xml file.

  • The following list of fields are supported in ODATA Filter.

    • AccountStatus

    • Company

    • DistinguishedName

    • DomainId*

    • FirstName

    • Id*

    • LastName

    • MiddleName

    • Title

    • UserName

    *Indicates that when using Domain Id or Id field within the ODATA filter, do not enclose its value with Single Quote(‘). However, all other field values should be enclosed with single quote(‘).

Certification environment

Date Tested: December 2025

Product Name

Version Information

Operating System

Archer

2025.10

Virtual Appliance