Managed Endpoint Accounts › Reverse Synchronization with Endpoint Accounts › Policies for Reverse Synchronization › Create a Policy for New Accounts

Create a Policy for New Accounts

If you want to define a process for when a new account is detected on an endpoint, you create an account policy that applies to new accounts. New account policies run when accounts are detected when the Correlate option is included in the Explore and Correlate definition. If an account was found when running explore only, the policy runs the next time the Correlate option is included when exploring that endpoint.

To create a policy for new accounts

1. In the User Console, click Endpoints, or click Tasks, Endpoints.
2. Reverse New, Create Reverse Sync New Account Policy.
3. Enter a name and description for the policy.
4. Enter the following parameters:
   • Priority—The priority of policy. The highest priority policy is the one with the lowest number. If two policies have the same priority and the same scope, either policy may run. Therefore, be sure to set different priority levels.
   • Endpoint Type—All endpoints or a specific endpoint type.
   • Endpoint—The specific endpoint name. If Endpoint Type is All, the only choice is All endpoints.
   • Container—The container where the account resides. This field applies only to hierarchical endpoints. Enter the container as a list of nodes, ending with the endpoint. For example, for an AD OU with the path "ou=child,ou=parent,ou=root,dc=domain,dc=name" the format "child,parent,root" is correct.
   • Correlated User—Controls when to run the policy based on if a correlated user is found in the Provisioning Directory.
5. Select one of the following Actions:
   • Accept—Takes no action on the account. This choice would be useful if two policies exist, one that rejects all new accounts, and a higher priority policy that accepts accounts created under a certain OU. Therefore, if the account was created at that OU, it is accepted. The reject priority does not run since it has a lower priority.
   • Delete—Removes the account from the endpoint.
   • Suspend—Leaves the account in the endpoint, but suspends it.
   • Send for Approval—Submits the change for workflow approval.
6. Perform the following steps if you set Action to Send for Approval:
   1. Click the icon next to Workflow Process.
   2. Choose a workflow process.
   3. Click OK.
7. Click Submit.

If you assigned a workflow process to the policy, you need to create an approval task.