Symantec IGA

  • Private Community
 View Only

  • 1.  Not Sync Disable/Enable User to Endpoint - HOW?

    Posted May 09, 2017 04:01 PM

    Hello Community.

     

    We have IDM 12.6.8 on WebLogic 12.1.3

     

    Im working with the forgotten password task to give the users the ability to reset their Active Directory password. I need to configure IDM in a way that if a users fails on the verification page three times this would disable the user.

     

    By default IDM offers this funcionality with minor configuration, the thing is that when i have the "Disable User" checkbox marked on the Forgotten password task search screen and the user fails 3 times, this disables the user on IDM but also on AD Endpoint. Apparently when i disable the user on IDM it syncs to AD.

     

    Is there a way to configure IDM in order to NOT sync the "Disable/Enable User" Attribute to the AD Endpoint??

     

    Thanks in advanced.



  • 2.  Re: Not Sync Disable/Enable User to Endpoint - HOW?
    Best Answer

    Broadcom Employee
    Posted May 10, 2017 10:48 AM

    Hi Jean,

     

    I believe you can do Modify Admin Task -> select your Forgotten Password task -> profile page.

    You will see two flags: Sync User and Sync Accounts.

     

    I believe that you can turn them off and that will take care of what you asked.

     

    Thanks,

    Sagi