Why are changes to eTPassword, eTSuspended and eTLocked propagated to accounts with the same attribute type through direct propagation whenever a global user is updated?

Document ID : KB000053732
Last Modified Date : 14/02/2018
Show Technical Document Details

Description:

In the Provisioning Layer for Identity Manager, when making modifications on a Global user that is associated to an endpoint account without the presence of an Account Template or Policy, for example, a user was created during a explore/correlate/create global users as needed action, then there are three special attributes which can be directly propagated to the account. These are eTPassword, eTSuspended and eTLocked.

Solution:

Changes to eTPassword, eTSuspended and eTLocked are propagated to accounts with the same attribute type through direct propagation whenever a global user is updated. There is usually no special mappings required for these attributes to get propagated and the values will only be propagated where appropriate. For example, some endpoints do not support locking and therefore the endpoint account will remain unaffected when the global user is locked. As a general rule, if the endpoint supports the update actions then the change will be propagated to the endpoint accounts. If the Global user has the 'Restricted user' flag, direct propagation will not occur.