PSA and Azure
search cancel

PSA and Azure


Article ID: 236516


Updated On:


CA Identity Suite


Does the Broadcom IM (Identity Manager) pwd sync function (Password Sync Agent)  synchronize in a hybrid AD (Active Directory) Environment connected to Azure with other target systems on-Premise.

The use case is: The user changes his password in Azure which is synched back to an AD DC through MS AD Azure Connect. Would the Broadcom password agent (installed on the DC) capture the new password?



Release : 14.4.x

Component : IdentityMinder(Identity Manager)


There is no specific Azure Password Sync Agent. The Identity Manager PSA (Password Sync Agent) needs to be installed on an on-premise AD Domain Controller and acts as a Windows Password Filter which is loaded into the lsass.exe. 

Azure AD Connect can be configured in a number of ways, ie Federated, Pass-through, HASH Sync, etc. If the synchronization is simply passing the hash algorithm around then no the PSA will not work in your use case, as the password sync agent would not pick up on the password change. If the synchronization is passing an actual password change request then yes, the agent would pick it up and perform its actions.

We recommend customers discuss this with Microsoft to determine if there is a configuration that would work with the IM PSA.