We have a setup that requires us to use a extension attribute that’s sync’d up from on prem AD to Entra as the correlation criteria. I’ve added this attribute to the account schema, and ISC is able to aggregate account successfully with this attribute. However, accounts are not getting correlated to identities no matter what, even though I can clearly see the values match between the account and the identity. Is there anything regarding extension attributes that’s somehow treated differently? I’ve tested with random attributes and correlation is happening, but we need to use this specific extension attribute.
There shouldn’t be anything about the extensionAttribute that would alter how correlation works in ISC. Have you tried running an unoptimized aggregation so the correlation is re-checked? Are the accounts remaining uncorrelated or are they correlating to a different identity?
1 Like
Yes I’ve tried unoptimized aggregation as well and the accounts are not getting correlated. They are not correlated to any identities at all
Would you be able to give an example?
- Showing the Identity with the Identity Attribute value
- Showing the account with the account attribute value
- Showing the correlation configuration
Please check if there are any leading or trailing spaces in the account or identity attribute values. In most cases, an unoptimized aggregation should resolve the issue, but if spaces exist in the attribute values, the process will fail.
-Ganesh
So the value that we are using are all system generated, and they’re actually all passed from Sailpoint itself. For example, the flow of data is going from sailpoint > On prem AD > Entra > back to sailpoint. I don’t see any way how spaces could be inserted in any of the above steps
I can’t share it since correlation criteria is using identity information - but I’ve had multiple people review the criteria and the matching values and it’s definitely not my eyes playing tricks on me (unfortunately)
This topic was automatically closed 60 days after the last reply. New replies are no longer allowed.