Previous Topic: Reverse Synchronization with Endpoint Accounts

Next Topic: Map Endpoint Attributes


How Reverse Synchronization Works

Reverse synchronization with endpoint accounts occurs as follows:

  1. An administrator or a malicious user creates or modifies an account on an endpoint.
  2. When Explore and Correlate runs on that endpoint, the new or modified account is detected.
  3. The Provisioning Server sends a notification to the CA IdentityMinder server.
  4. The CA IdentityMinder server searches for a reverse synchronization policy that matches the change on the endpoint.
  5. If a matching policy is found, it executes. If more than one policy applies to this account and those policies have the same scope, the highest priority policy runs.
  6. Depending on the policy, one of the following actions occurs:
  7. If workflow is selected, a new event for the workflow is generated and the approvers are set. Then, one of the following actions occurs: