I’ve noticed with the API (/beta/accounts) as well as using search a lot larger number of accounts that are being returned as manuallyCorrelated equals True than expected.
This occurs even if you just do a basic role assignment which creates the account and automatically correlates the account to the identity.
I’ve tried running an account aggregation afterwards and it did not change. I did not manually correlate the account. We took a look at some of our customer tenants and noticed the same thing.
Why are accounts being marked as manuallyCorrelated equal to True when they weren’t manually correlated?
Just received an update from Support.
Seems like it’s working by design. I had misunderstood manuallyCorrelated to be ones where an admin actually went and used the manual correlation option in the UI.
Is there a way then to use Search or the API to only pull back “manually correlated” accounts that we done in the UI by importing a .CSV?
I don’t believe there is any information in Search or the API that exposes how the account was correlated, so I don’t think what you are asking for is feasible. I suggest that you create an idea for this at https://ideas.sailpoint.com.
I had also asked this to Sailpoint in the past and the answer was the same. Which I also find it to be misleading, since as you mentioned those accounts are not getting manually correlated. In our case, this creates issues when identities are deleted since those accounts go into an “Identity Exception” state which you can only see under Source → Accounts. These don’t show as uncorrelated (which is what I would expect) due to that flag being “true” AND that is a “different” identity exception from the ones reported under the Identity Profiles, so there is no easy way to report on them.