Previous Topic: Attributes Only for New Accounts

Next Topic: How Reverse Synchronization Works


Reverse Synchronization with Endpoint Accounts

Although it is the responsibility of CA IdentityMinder to create, delete and modify accounts, it is impossible to prevent an endpoint system user from performing these operations on their own. This situation can occur due to emergency reasons, or malicious reasons, such as a hacker. Reverse Synchronization ensures control of the accounts a user has on each endpoint by identifying discrepancies between CA IdentityMinder accounts and accounts on the endpoints.

For example, if an account was created in the Active Directory domain using an external tool, CA IdentityMinder must be aware of this potential security issue. In addition, bypassing CA IdentityMinder causes a lack of approval processes, and audit reports.

Two types of discrepancies between CA IdentityMinder and managed endpoints are as follows:

You can treat both cases by defining policies to handle the change. Then, using Explore and Correlate to update CA IdentityMinder, you trigger the execution of policies.