Layer 7 Identity Management

Expand all | Collapse all

Endpoint reverse sync

Jump to Best Answer
  • 1.  Endpoint reverse sync

    Posted 24 days ago
    Hi All,

    Before managing endpoint example AD completely , I already have accounts in AD and i also have user in IM how can i correlate these AD accounts so user see in enpoint accounts


  • 2.  RE: Endpoint reverse sync

    Posted 24 days ago
    Hi,

    You'll need to create some correlation rules and a correlate definition. Then perform and explore and correlate with the endpoint. These references should get you started.

    Correlation rules:
    https://docops.ca.com/ca-identity-manager/14-3/EN/administrating/managed-endpoints-and-provisioning/managed-endpoint-accounts/integrating-managed-endpoints/create-correlation-rules

    Explore and correlate:
    https://docops.ca.com/ca-identity-manager/14-3/EN/administrating/managed-endpoints-and-provisioning/managed-endpoint-accounts/integrating-managed-endpoints/create-an-explore-and-correlate-definition



    ------------------------------
    Thanks,
    Jeremy
    ------------------------------



  • 3.  RE: Endpoint reverse sync
    Best Answer

    Posted 24 days ago
    You mentioned that you already have IM users but it is unclear if there are already corresponding Provisioning Global Users for them or not. If there are not then I would suggest assigning a provisioning role to the IM users which will trigger IM to create the corresponding Provisioning Global Users. Note that the provisioning role does not need to have any templates within it since the sole purpose in this case is to trigger the creation of a provisioning global user versus actually creating endpoint accounts.

    You will then want to be sure you have appropriate correlation rules defined so that you can match the AD accounts to the Provisioning Global Users. Please see the following documentation link:

    https://docops.ca.com/ca-identity-manager/14-3/EN/administrating/managed-endpoints-and-provisioning/managed-endpoint-accounts/integrating-managed-endpoints/create-correlation-rules

    You will then want to define and execute the Explore/Correlate definition against the AD Endpoint. Please see the following documentation link:

    https://docops.ca.com/ca-identity-manager/14-3/EN/administrating/managed-endpoints-and-provisioning/managed-endpoint-accounts/integrating-managed-endpoints/create-an-explore-and-correlate-definition

    You will want to also ensure that you have appropriate provisioning roles and AD templates for those accounts afterwards else the system will see those associated accounts as being "extra" and could potential delete them later.


  • 4.  RE: Endpoint reverse sync

    Posted 23 days ago
    Edited by bhanu sudheer 23 days ago
    Hi Kenneth/Jermy,

    Thanks for your reply and it's really helpful , before we manage the endpoint we just want show this read-only endpoint , so it will be easy for verification teams to check how many people has these accounts .

    Thanks again for your reply