Managed Endpoint Accounts › Reverse Synchronization with Endpoint Accounts › Policies for Reverse Synchronization › Create a Policy for Modified Accounts

Create a Policy for Modified Accounts

Any account attribute in an endpoint account can be managed by Reverse Synchronization, as long as it is defined in the attribute mapping.

To define a process for when a discrepancy is found between existing endpoint accounts and their known values in CA Identity Manager, you can create an account policy that applies to existing accounts. If an attribute is multivalued, more than one value might have been added or removed. In this case, the policy is applied to each value separately or you can create different policies for different values.

To create a policy for modified accounts

1. In the User Console, click Endpoints, pr Tasks, Endpoints.
2. Click Reverse Modify, Create Reverse Sync Modify Account Policy.
3. Enter a name and description for the policy.
4. Enter the following parameters:
   • Priority—The priority of policy. The highest priority policy is the one with the lowest number. If two policies have the same priority and the same scope, either policy may run. Therefore, be sure to set different priority levels.
   • Endpoint Type—All endpoints or a specific endpoint type.
   • Endpoint—The specific endpoint name. If Endpoint Type is All, the only choice is All endpoints.
   • Container—The container where the account resides. This field applies only to hierarchical endpoints. Enter the container as a list of nodes, ending with the endpoint. For example, for an AD OU with the path "ou=child,ou=parent,ou=root,dc=domain,dc=name" the format "child,parent,root" is correct.
   • Attribute—The physical name.
   • Value—A string representation of the value, which may contain * (asterisk) as a wildcard. The wildcard refers to any value in the change.
5. Select one of the following Actions:
   • Accept—Updates the account value in the CA Identity Manager user store to match the value in the endpoint account.
   • Reject—Reverts the attribute to reinstate the original value without affecting other changes to attributes for the account.
   • Send for Approval—Submits the change for workflow approval.
6. Perform the following steps if you set Action to Send for Approval:
   1. Click the icon next to Workflow Process.
   2. Choose a workflow process.
   3. Click OK.
7. Click Submit.

If you assigned a workflow process to the policy, you need to create an approval task.