How Reverse Synchronization Works

Reverse synchronization with endpoint accounts occurs as follows:
cim1265
Reverse synchronization with endpoint accounts occurs as follows:
  1. An administrator or a malicious user creates or modifies an account on an endpoint.
  2. When Explore and Correlate runs on that endpoint, the new or modified account is detected.
  3. The Provisioning Server sends a notification to the Identity Manager server.
  4. The Identity Manager server searches for a reverse synchronization policy that matches the change on the endpoint.
  5. If a matching policy is found, it executes. If more than one policy applies to this account and those policies have the same scope, the highest priority policy runs.
  6. Depending on the policy, one of the following actions occurs:
    • For a new account, the policy accepts, deletes, or suspends the account or sends it for workflow approval.
    • For a modified account, the policy accepts the value, reverts it to the last known value, or sends it for workflow approval.
  7. If workflow is selected, a new event for the workflow is generated and the approvers are set. Then, one of the following actions occurs:
    • For a new account, the approver can accept, delete, or suspend the account or assign it to a user.
    • For a modified account, the workflow process is the same as if the value was changed in the User Console, except that rejected values are reverted at the endpoint.