Correlation is the process Identity Security Cloud uses to match and assign source accounts to identities. Identity Security Cloud's correlation configuration compares the values of specific account attributes with the values of related identity attributes. When Identity Security Cloud finds matching values in an account attribute and an identity attribute, it assigns the account to the identity that has the matching value.
Can you include whether the Correlation is done in a case-sensitive or not case-sensitive manner? The only reference to it is that the default correlation is NOT case sensitive, but nothing about the others that get configured.
Can we confirm the limit of 6 additional identity attributes that can be configured to be “Searchable” for use in Correlation rules? I’m assuming the default ones are first name, last name, display name, manager, identification number, and personal email?? I’m trying to reconcile our current configuration and determine what we have added and what is default as we have a need to change some correlation rules.
Hi Brian! Thank you for your input. We’ve created the Jira issue SAASDOCS-8827 to track the effort, and we’ll update the comment thread when it’s been addressed.
Hey @bmhorsfall01! We’re still investigating this and determining whether we need to make updates to our product documentation. In the meantime, you might find this post in our Compass Community helpful: API to Extend Customizable Correlation Attributes.
Based on information from the product manager I spoke with, the list of default attributes is: displayName, firstName, lastName, identificationNumber, manager, personalEmail, and uid. This means your list is accurate, only missing uid. We’re currently investigating some inconsistencies between what displays in the UI vs. the API.
We’ll update this thread again with any doc updates we make as a result of this information. Thanks again!
Thank you, I actually tried to add an additional searchable attribute via the API, but that failed because we already have the maximum amount defined (14?).
Thanks, @bmhorsfall01. Our current plan is to update the documentation with more information about the total number of attributes that can be used in manager correlation, and which attributes are included by default. I’ll update this thread as we get more information on that.
If you’d like more specialized help, I’d encourage you to post in ISC Discussions and Questions, or reach out to your Customer Success Manager. Thank you!
Hi Brian! The limit is 6 custom searchable attributes + the ootb searchable attributes. It’s best to ensure most target systems can correlate with the ootb or 6 custom searchable attributes.
Hi Rachel. It seems that at some point SailPoint changed the default to "ignoreCase": false,. That would make the documentation incorrect in stating that it is case insensitive. We would prefer the default be "ignoreCase": true, and only have to change if you want it to be case sensitive. It did use to be case insensitive by default, but we’ve noticed as we are working with new clients, the default is now false.
@jroozeboom Hi! Thanks for letting me know. I’ve created SAASDOCS-8915 to review this behavior and the documentation on the case sensitivity. We’ll update this thread when we’ve completed that work.
Greetings! The manual correlation file documented has three columns: “account”, “displayName”, and “userName” which is well documented. But I see an additional 4th column named: “type” in the file downloaded from tenant for sources. Could you please let me know if this is a valid field? If yes please point me to an updated documentation.
From documentation: -
Hi @TheOneAMSheriff! I’ve created SAASDOCS-8919 to review our documentation on “type” in the manual correlation file. When we’ve completed that review, we’ll update this thread. Thank you!
Hi @jroozeboom! I checked with our UI and backend teams and we haven’t changed any defaults for case. If you’re seeing different behavior, you might want to post in Bugs - SailPoint Developer Community or contact Support.
You can upload data into type and the import tool will accept the data but do nothing with it. You could ignore it for now. It will eventually be removed. Sorry for the confusion.
