IDM and Password Sync Agent Forward / Backward Compatiblity

Document ID : KB000044681
Last Modified Date : 22/03/2019
Show Technical Document Details
Introduction:

Question: 

Is it possible to install a newer version of Password Sync Agent to be configured with an older version of Identity Manager?

Ex. Password Sync Agent 12.6 SP8 with IDM 12.6 SP5,
or Password Sync Agent 14.2 with IDM 14.1
 

Instructions:

Answer:

The Password Sync Agent is a standalone component which is implemented as a Windows Password Filter. It will user ldap/ldaps to communicate with the Provisioning Server. The newer versions of Password Sync Agent will send the same format of transactions so, yes, you could use a newer release of the Password Sync Agent against an older Identity Manager's Provisioning Server. 

Additional Information:



IMPORTANT NOTE:

You should only attempt to use a Password Sync Agent that is the same, or a newer, version as the Identity Manager version.   Attempting to use an older version of the Password Sync agent may not work against a newer version of Identity Manager due to security changes around the TLS cypher as you advance through the Java release versions.

We cannot guarantee an older version of  Password Sync agent will work with a newer version of Identity Manager.