Symantec IGA

  • Private Community
 View Only

  • 1.  Reverse sync for account disable

    Posted Jan 15, 2021 03:48 AM

    Hi Team,

    We are trying the reverse sync process in IDM and AD. If we disable the account in Active directory, then it need to be disable in Identity manager and also if we enable in Active directory then it need to be enabled in idm. 

     Can anyone confirm is this possible?

    If possible  please share the details, how can we do for the existing accounts.

    CAIDM version: 14.3 CP2 

    Thanks
    Bhumesh



  • 2.  RE: Reverse sync for account disable

    Broadcom Employee
    Posted Jan 15, 2021 08:00 AM
    You would need to have endpoint Attribute Mapping on the acquired AD endpoint between the Global User's "GlobalUserStatus" and the AD Account's "Status". You would then need to run the "UPDATE" from the Explore/Correlate/Update to retrieve the AD Account value and apply it to the correlated Global User. This would then trigger an inbound notification that is sent to the IM Server to be applied to the IM User.
    Original Message


  • 3.  RE: Reverse sync for account disable

    Posted Jan 25, 2021 04:36 AM
    Hi Kenneth,

    Thanks for the update.
    I have followed the above steps. Now when we perform the explore correlate, then the account is disabling in provisioning directory, but not disabling in CA directory(corporate directory.). Can you please confirm on this.
    Original Message


  • 4.  RE: Reverse sync for account disable

    Broadcom Employee
    Posted Jan 25, 2021 09:32 AM
    You would need to review the inbound notifications to be sure they are being sent from the Provisioning Server to the IM Server and processed.
    Original Message