PEA
Protect existing accounts from unsafe updates and enforce synchronized attribute values.
Enforces and protects attribute values across eDir and remote systems when changes flow end-to-end, preventing unauthorized drift and improving compliance.
Overview
Protect & Enforce Attributes adds two critical safety layers to your IDM environment.
PROTECT: Adds a protection layer so that existing accounts in connected systems are not impacted by an IDM transaction even if some attributes or actions are valid for new accounts. IDM driver rules are usually designed around the JOIN use case. Once deployed, pre-existing accounts may require different behavior, with some attributes intentionally left untouched.
ENFORCE: Adds logic to enforce attribute values, making sure the value is synchronized even if it was changed in the remote system. Default driver behavior may fail to update correctly when attributes were customized remotely — a failed remove-value action can prevent the intended add-value from being applied, blocking synchronization of other attributes as well.
Features
Per-attribute protection rules for existing accounts. Enforcement logic that detects and corrects drift between IDM and remote systems. Handles edge cases where standard driver synchronization fails due to value conflicts. Applies across eDirectory and all connected remote systems.
Benefits
Protects pre-existing accounts from unintended IDM overwrites
Enforces consistent attribute values across all connected systems
Prevents synchronization failures caused by remote customizations
Reduces risk of data corruption from bulk imports or source errors
Improves compliance through reliable attribute governance
Works transparently alongside existing driver configurations