AnsweredAssumed Answered

Reverse Modify Sync on IDM 12.6sp5

Question asked by Kevin19 on May 17, 2016
Latest reply on May 23, 2016 by Kevin19

Hi Guys,


Need your help in this regards.


1. We have the following setup in our IDM environment.

--  Accounts gets created in IDM (CA directory) and then synced down to AD.

-- Service accounts gets created in AD and then brought into IDM on Explore/ Correlate.

-- Most of the modification on the accounts occur on AD and then during Explore/Correlate are updated in the IDM.


2. We need the following requirement to be met.

--  Service accounts will be created in AD and brought into IDM.  (these Service accounts will be present in a particular OU for which E/C definition is set as create to create the accounts in IDM )

--  During the explore/correlate process, we would like to bring in only 2 attributes from AD to IDM (AD distinguished name and mailbox). Other than these 2 attributes, no attributes should be brought into IDM even though there is a update made on the AD account.



I have followed the instructions provided in Policies for Reverse Synchronization - CA Identity Manager - 12.6.5 - CA Technologies Documentation  which speaks about how to reject the attributes on Explore/Correlate.


Even after configuring this policy, I still see the account gets updated in IDM. So basically 2 events are performed upon explore/correlate.


1.  ModifyProvisioningactivity event    (this rejects the attributes) --- Provisioning activity tasks

2.  Modify User Event   (This updates the IDM attributes)      ----- Provisioning Modify tasks.


Can anyone help me on how to stop the update on IDM during explore/correlate