Hey! I’ve seen somewhat similar posts around but have not spotted a solution to our situation yet.
We’ve been using Okta as our authoritative source for a while now.
Now we’re switching that around (so instead of HRIS->okta->IDN, the data would flow hris->idn->okta). For the most part, the migration’s gone without issues but seemingly the previously existing Manager Correlation on the Okta source is overriding the Manager Correlation on the HRIS source.
This means that if a user does NOT have the “manager” attribute filled in on Okta, they are not mapped to their manager correctly, despite having the relevant attribute on the HRIS.
One way I’ve managed to fix it is to:
- navigate to the “accounts” tab for a problematic identity
- Remove their Okta account
- Aggregate the identities HRIS account - at this point the manager mapping is created
- Run an unoptimised Okta aggregation, their Okta account is correlated again but manager correlation is not touched
The other way would be to write the manager attribute into Okta from IDN (since it has it from the HRIS) and then correlate from there but it seems like a roundabout way of doing things.
This occurs for new records that did not pre-exist in Okta as well. What I mean is - the record was imported from WD, IDN provisioned an Okta account and manager mapping is not present. I’m mentioning this because I’m considering resetting the Okta source and running another unoptimised aggregation but looking at how this currently works, I’m not convinced that this would solve the issue for new identities.
The HRIS identity profile is higher priority than Okta, I’ve ran unoptimised aggregations multiple times and I’ve both forced identity refresh and gone through the scheduled identity refresh with no luck. Manager correlation is configured correctly on the HRIS source. I’ve ran an export of the HRIS accounts to confirm the attribute is in the expected format and it is.
Is there some hidden “source authority” priority or manager correlation priority I’m missing?