Symantec IGA

We have an existing environment with CA IM 12.5. We are creating a parallel environment with CA IM 14.0. Both the IM's point to same user store, so that user creation and modification from both IM's hits the same user store.

When accessing FPS task in CA IM 14.0 for a disabled user, we are seeing - "Unable to execute task. User is disabled". But when access FPS task in CA IM 14.0 for a enabled user, we could see the FPS page.

This could be because of using different encryption keys in IM environments. Do anyone know how to update the encryption key in a IM environment? You help is much appreciated.

While not specifically a response to your question, having two IMEs hit the same userstore is not a good idea (even worse idea since they are different product versions). The %IDENTITY_POLICY% well-known attribute will contain IME dependent data about PX Policies. There is likely other attributes where overlapping different IMEs will cause problems too.

Objective of having two stacks with different version of IM's is, we are trying to do a upgrade from 12.5 to 14.0, and once the upgrade is done old stack will be decommissioned.

Can you provide some one data on how you try to use the forgotten password? where you trigger it from?

It seems he portal\IDM uses the target user instead of the dedicated public user to run this task.

This is to do with the Allowable Disable Reasons. Edit the task and modify the search screen to set the allowable states.