Although it is the responsibility of Identity Management to create, delete and modify accounts, it is impossible to prevent an endpoint system user from performing these operations on their own. This situation can occur due to emergency reasons, or malicious reasons, such as a hacker. Reverse Synchronization ensures control of the accounts a user has on each endpoint by identifying discrepancies between Identity Management accounts and accounts on the endpoints.
For example, if an account was created in the Active Directory domain using an external tool, Identity Management must be aware of this potential security issue. In addition, bypassing Identity Management causes a lack of approval processes, and audit reports.
Two types of discrepancies between Identity Management and managed endpoints are as follows:
You can treat both cases by defining policies to handle the change. Then, using Explore and Correlate to update Identity Management, you trigger the execution of policies.
|
Copyright © 2013 CA.
All rights reserved.
|
|