Identity Policies › Identity Policies › How Users and Identity Policies Are Synchronized › Configure Automatic User Synchronization

Configure Automatic User Synchronization

CA Identity Manager can automatically synchronize user accounts with identity policies at different points during a task’s lifecycle.

A CA Identity Manager task generates events, detectable activities that occur during task processing. For example, the default Create User task generates the CreateUserEvent, AddUserToGroupEvent, and the AssignAccessRoleEvent. You can configure CA Identity Manager to synchronize users after a task completes, or when each event completes.

Note: The section Synchronize Users with Identity Policies provides more information on the user synchronization process.

To configure a task to trigger user synchronization

1. Log in to CA Identity Manager as a user who can modify admin tasks.
2. Select Roles and Tasks, Admin Tasks, Modify Admin Task.

   CA Identity Manager displays a search screen.

3. Search for and select the admin task that will trigger user synchronization.
4. Select one of the following options in the User Synchronization field on the Profile tab for the task:
   • Off—This task will not trigger user synchronization.
   • On Task Completion—CA Identity Manager starts the user synchronization process after all of the events have completed. This setting is the default synchronization option for the Create User, Modify User, and Delete User tasks. The default setting for all other tasks is Off.

     Note: If you select the On Task Completion option for a task that includes multiple events, CA Identity Manager does not synchronize users until all of the events in the task complete. If one or more of those events require workflow approval, this may take several days. To prevent CA Identity Manager from waiting to apply identity policies until all events complete, select the On Every Event option.

   • On Every Event—CA Identity Manager starts the user synchronization process when each event in a task completes.

     For tasks with a primary and secondary event for the same user, setting user synchronization to On Every Event may result in more evaluations for which policies apply to a user than if the On Task Completion option is selected.