Symantec IGA

Expand all | Collapse all

Endpoint reverse sync

Jump to Best Answer
  • 1.  Endpoint reverse sync

    Posted 08-23-2019 10:51 AM
    Hi All,

    Before managing endpoint example AD completely , I already have accounts in AD and i also have user in IM how can i correlate these AD accounts so user see in enpoint accounts

  • 2.  RE: Endpoint reverse sync

    Posted 08-23-2019 11:30 AM

    You'll need to create some correlation rules and a correlate definition. Then perform and explore and correlate with the endpoint. These references should get you started.

    Correlation rules:

    Explore and correlate:


  • 3.  RE: Endpoint reverse sync
    Best Answer

    Posted 08-23-2019 11:49 AM
    You mentioned that you already have IM users but it is unclear if there are already corresponding Provisioning Global Users for them or not. If there are not then I would suggest assigning a provisioning role to the IM users which will trigger IM to create the corresponding Provisioning Global Users. Note that the provisioning role does not need to have any templates within it since the sole purpose in this case is to trigger the creation of a provisioning global user versus actually creating endpoint accounts.

    You will then want to be sure you have appropriate correlation rules defined so that you can match the AD accounts to the Provisioning Global Users. Please see the following documentation link:

    You will then want to define and execute the Explore/Correlate definition against the AD Endpoint. Please see the following documentation link:

    You will want to also ensure that you have appropriate provisioning roles and AD templates for those accounts afterwards else the system will see those associated accounts as being "extra" and could potential delete them later.

  • 4.  RE: Endpoint reverse sync

    Posted 08-24-2019 05:12 AM
    Edited by bhanu sudheer 08-24-2019 05:34 AM
    Hi Kenneth/Jermy,

    Thanks for your reply and it's really helpful , before we manage the endpoint we just want show this read-only endpoint , so it will be easy for verification teams to check how many people has these accounts .

    Thanks again for your reply