Accounts can also synchronize across different user configuration associations. That is, a user configuration can be associated with an Active Directory hierarchy (OU or user) in one domain and associated with an Active Directory group in another domain. As long as the application definition names are the same in each user configuration, the Account Association feature will synchronize credentials.
User credentials are shared only for applications defined by the Single Sign-on administrator. Administrators must ensure that each application definition on each domain has the same name in each central store.
For example, if the application definition for SAP is named SAP Logon on one domain, SAP on another, and SAP Launch Pad on another, user credentials for these applications will not be synchronized across accounts for these domains.
A best practice when creating a new application definition across domains is to use the Export application definitions and Import administrative data tasks in the console. Use these tasks to export newly-created application definitions to import into each central store. Existing, previously-defined applications must be manually renamed.