Previous Topic: Explore and Correlate the Endpoint

Next Topic: Synchronize Users with Roles


Synchronizing Users, Accounts, and Roles

AThe integration of multiple endpoints and accounts into a single user management system can result in a loss of synchronization. The provisioning roles or account templates that are assigned to a user can differ from the actual accounts that exist for that user.

For example, consider a situation with two provisioning roles, one with Active Directory and UNIX account templates and another role with SAP and Oracle templates. The user john_smith has Provisioning Role A, which contains Active Directory and UNIX account templates, but that user only has an Active Directory account. Possibly the UNIX account template was added to the role after it was assigned to the user. Therefore, the administrator synchronizes the user with the current role definition.

synch_users

The following situations are other reasons why users lose synchronization with provisioning roles or account templates:

The following sections explain how to perform the three types of synchronization:

  1. Synchronize user with roles.
  2. Synchronize user with account templates.
  3. Synchronize endpoint account with account templates.