Managed Endpoint Accounts › Reverse Synchronization with Endpoint Accounts › Execute Reverse Synchronization

Execute Reverse Synchronization

Reverse synchronization occurs when you use the Execute Explore and Correlate task. Using this task, you update the CA Identity Manager Provisioning store with the new or changed accounts on an endpoint.

To execute reverse synchronization

1. Create an explore and correlate definition that includes a Correlate option. Correlation is needed to detect new accounts.
2. Click Tasks, Endpoints, Execute Explore and Correlate.
3. Choose a definition that applies to the endpoint with the new or changed accounts.

   Note: When correlating to the existing user, the user must exist in the Provisioning Directory, otherwise the user is correlated to the default user in that directory. The CA Identity Manager user store is not in the scope of the Explore and Correlate task.

4. Click Submit.

If a policy has no workflow process, the accounts are already processed as defined in the policy.

Note: If multiple attributes were rejected on an account that was detected by reverse synchronization policy, all actions are put into one event. However, if that event fails due to an issue with one of the attributes, no attributes are updated.

If workflow is part of the policy, any approvals generated by the reverse synchronization appear under Workflow, View My Work List for the approver.

For new accounts, the approver has the following choices:

• The approver may choose to suspend or delete the account in the endpoint, by selecting either Delete or Suspend and then clicking reject.
• Otherwise, the approver may accept the new account by clicking Approve.

  If an approver does not select a user in the Correlated User field, the account is assigned to the default user. If the Correlated User field is populated in the approval task, the account is correlated with this user. The Correlated User field contains the suggested user found by the correlation mechanism if a user can be found.

For modified accounts, the approver has the following choices:

• For each account, the approver sees which values are changed and can approve or reject them just as if the changes were initiated in the account management screens.
• The approver sees changes to capability attributes (such as an Active Directory groups) as separate approval events.

To verify if reverse synchronization succeeded

1. Go to System, View Submitted Tasks.
2. Complete the task name field as follows: Provisioning Activity
3. Click Search.

The results show if the reverse synchronization events completed successfully.