You mentioned that you already have IM users but it is unclear if there are already corresponding Provisioning Global Users for them or not. If there are not then I would suggest assigning a provisioning role to the IM users which will trigger IM to create the corresponding Provisioning Global Users. Note that the provisioning role does not need to have any templates within it since the sole purpose in this case is to trigger the creation of a provisioning global user versus actually creating endpoint accounts.
You will then want to be sure you have appropriate correlation rules defined so that you can match the AD accounts to the Provisioning Global Users. Please see the following documentation link:
https://docops.ca.com/ca-identity-manager/14-3/EN/administrating/managed-endpoints-and-provisioning/managed-endpoint-accounts/integrating-managed-endpoints/create-correlation-rules
You will then want to define and execute the Explore/Correlate definition against the AD Endpoint. Please see the following documentation link:
https://docops.ca.com/ca-identity-manager/14-3/EN/administrating/managed-endpoints-and-provisioning/managed-endpoint-accounts/integrating-managed-endpoints/create-an-explore-and-correlate-definition
You will want to also ensure that you have appropriate provisioning roles and AD templates for those accounts afterwards else the system will see those associated accounts as being "extra" and could potential delete them later.
Original Message:
Sent: 08-23-2019 10:51 AM
From: bhanu sudheer
Subject: Endpoint reverse sync
Hi All,
Before managing endpoint example AD completely , I already have accounts in AD and i also have user in IM how can i correlate these AD accounts so user see in enpoint accounts