Symantec IGA

  • 1.  IM events triggered after an ADS account is changed

    Broadcom Employee
    Posted Feb 05, 2016 08:34 AM

    Customer use some provisioning exits that are triggered on Active Directory POST_MODIFY_ACCOUNT event. He asked us to find a way to move this logic from the Provisioning Layer to the IM Layer.

     

    Despite the way we are going to implement this logic on IM (PX / Event Listener / BLTH / etc.), it is mandatory that this logic is triggered only after the Active Directory accounts is changed on the endpoint.

     

    Question: Is it possible to implement a reliable IM logic that will be triggered after the Active Directory account changes on the endpoint ?

    More specifically : the question is on understanding the exact sequence of IM events triggered after an ADS account is changed on the native endpoint.

    Thanks



  • 2.  Re: IM events triggered after an ADS account is changed

    Broadcom Employee
    Posted Feb 09, 2016 04:42 PM

    Hi Alberto,

    I just want to respond to your post.  This appears to be a question pertaining to Identity Manager but I see that you've posted the question to that forum as well. Someone should answer your question in that forum.

     

    Regards,
    Sandy GreenCA Support



  • 3.  Re: IM events triggered after an ADS account is changed
    Best Answer

    Posted Jun 10, 2016 12:29 AM

    It is possible using reverse synchronization.

    Or you could trigger Policy Xpress after account synchronization.

    These are the simpler options.

    Then you have event listeners if you wanted something more complex.

     

    The account update will usually occur on the account synchronization event.

    Unless you are updating the account directly then other events come into play. You can see exactly what events till take place form the View Submitted tasks and then go from there.