IBM Security Verify

I need advice on the following. The company has used Microsoft AD and is newly implementing IDM. IDM is installed and configured, but does not currently contain any identities.

Q: What happens if I start synchronization and reconciliation with AD? Will the data be transferred from AD to IDM or will IDM delete the data in AD?

Greetings Martin,

Everything of course depends on which IDM product is used.
If the customer is implementing ISIM/ISVG IDM, then if there are no identities, no provisioning action can be performed towards the accounts.
If you start reconciling accounts from AD, they will just end up in orphan accounts, which are unmanaged accounts. In this case IDM will not delete or modify any of the orphans.

To be able to perform actions on the AD accounts, you have to adopt the accounts to existing identities and you have to set up Role/Provisioning Policy link from the Identity to the managed resource account dictating how the accounts will be manager.

Same concerns apply if you use ISVG IGI. There are configuration items that you have to specify like Rules which will dictate how the accounts are managed.