Symantec IGA

 View Only
Expand all | Collapse all

Tech Tip : CA Single Sign-On : Password sync agent 

  • 1.  Tech Tip : CA Single Sign-On : Password sync agent 

    Broadcom Employee
    Posted Jun 26, 2018 05:15 AM



    I have a query about password sync agent for IM.

    Can I enable the Password Sync Agent for multiple END point ( Active
    Directory ) ?

    When I do the configuration it will ask me for END point. And there
    is not option to select the multiple end points.

    Suppose I have 3 domain controllers, do I need to deploy the password
    sync agent on all three of them ?




    The documentation here specifies only 1 Endpoint to be configured :

    Synchronizing Passwords on Endpoints

    "If you have the Password Sync Agent installed on a managed
    endpoint, you need to manually enable the checkbox on the Endpoint
    object to indicates that the Password Sync Agent is installed."

    According to the following Knowledge Document, you should configure
    the agent password sync on each end point :

    How does the mechanism for password capturing an endpoint password
    change and propagate it to global user, corporate user and other
    accounts work.

    "You will need to install a Password Synchronization Agent ( aka PSync
    Agent ) on your endpoint. The PSync Agent is specific to each endpoint
    and is intercepting passwords changed on the endpoint. "

    Further, according to this next knowledge document, you should set the
    password sync agent on all domain controllers where password are
    allowed to be set / reset.

    Which Domain Controllers should I install Password Sync Agents on?

    "Password Sync Agents are required to be installed only on DCs where
    passwords are allowed to be set/reset."


    "you really do not need to install the Password Sync Agent software
    on any domain controller that isn't allowing direct password resets."

    KB : KB000103383

  • 2.  Re: Tech Tip : CA Single Sign-On : Password sync agent 

    Posted Jun 29, 2018 05:12 PM

    Hi Patrick, all

    May I suggest you to move this thread from CA Single Sign-On to CA Identity Suite/CA Identity Manager community? This topic is not related to CA SSO.


    HTH. Best, Welington.