Hi Team,
I have an application with uncorrelated accounts. When I try to launch the uncorrelated account certification for them, they aren’t getting associated with access profiles. Instead they are getting associated with entitlements only.What is the issue here? How can I get them tagged to the access profile?
Thanks!
Hi @imagavis,
Access profiles are associated with Identities, which means they are not mapped to the uncorrelated accounts.
So, the uncorrelated certification would only list the entitlements and you will need to certify the entitlements directly instead of access profiles.
Issue is you’re attempting to leverage an IGA tool to handle account management use cases without Identity association. From a practice / discipline perspective, the accounts ought to have an identified owner first. Account classification come into play as well. As a ‘brute-force’ approach, you can manually correlate them to a phantom / fake identity, call it “Uncorrelated Account Owner 01”…or whatever.
temporarily correlate the uncorrelated accounts by creating a delimited file source with minimal identity data. This will allow the accounts to be linked to identities so that Access Profiles can appear in the certification. make sure provisioning is disabled on this source to avoid any unintended changes. After the certification is completed, remove the temporary source. This approach should help improve the readability and usability of the certification results.
Thanks Terry for the response. The same scenario is working in my sandbox and not in production and hence the call out. I forgot to mention this in my original question. Also, in my sandbox the uncorrelated account is not tagged to any identity as well but still it is part of the campaign.
Thanks all for the insights. I have logged a support ticket with Sailpoint as well since this is working in Sandbox and not in production for me. I’ll keep the post updated with the response from Sailpoint.
Is your Access Profile exactly the same in Production and Sandbox?
Maybe uncorrelated accounts are not having the Access Profile because they dont meet the criteria
Hi @imagavis
Uncorrelated accounts aren’t linked to identities, so IdentityNow can’t evaluate access profiles — it only shows direct entitlements in certifications.
Access profiles require identity correlation to match entitlement sets and be recognized.
To show access profiles in certifications, you must temporarily correlate the accounts to test identities, then launch the certification — access profiles will now appear.
Thanks
Manvitha