Symantec IGA

 View Only
  • 1.  Not Sync Disable/Enable User to Endpoint - HOW?

    Posted May 09, 2017 04:01 PM

    Hello Community.


    We have IDM 12.6.8 on WebLogic 12.1.3


    Im working with the forgotten password task to give the users the ability to reset their Active Directory password. I need to configure IDM in a way that if a users fails on the verification page three times this would disable the user.


    By default IDM offers this funcionality with minor configuration, the thing is that when i have the "Disable User" checkbox marked on the Forgotten password task search screen and the user fails 3 times, this disables the user on IDM but also on AD Endpoint. Apparently when i disable the user on IDM it syncs to AD.


    Is there a way to configure IDM in order to NOT sync the "Disable/Enable User" Attribute to the AD Endpoint??


    Thanks in advanced.

  • 2.  Re: Not Sync Disable/Enable User to Endpoint - HOW?
    Best Answer

    Broadcom Employee
    Posted May 10, 2017 10:48 AM

    Hi Jean,


    I believe you can do Modify Admin Task -> select your Forgotten Password task -> profile page.

    You will see two flags: Sync User and Sync Accounts.


    I believe that you can turn them off and that will take care of what you asked.