|
|
|
An endpoint system user can create, delete, or modify accounts on the endpoint. For example, a user may create or modify an account in the Active Directory domain using an external tool. CA Identity Manager must be aware of this potential security issue. Creating or modifying an account directly in the endpoint bypasses CA Identity Manager’s approval processes and auditing.
Reverse synchronization helps ensure control of the endpoint accounts by identifying discrepancies between Identity Manager accounts and endpoint accounts. You create reverse synchronization policies to handle the change. Then, using Explore and Correlate to update CA Identity Manager, you trigger the execution of policies.
Previously, reverse synchronization was part of Option Pack 1. In this release, reverse synchronization is incorporated into the core CA Identity Manager product and can be accessed on the Endpoints tab in the User Console.
Note: For more details on reverse synchronization, see the Managed Endpoint Accounts chapter in the Administration Guide.
| Copyright © 2011 CA. All rights reserved. | Email CA Technologies about this topic |