Hello everyone,
I’m working on a use case where I need to correlate a single application account(from an aggregated source) to multiple identities in IdentityIQ.
If anyone has encountered a similar scenario or has experience with this type of correlation logic, I’d greatly appreciate your insights or guidance.
Thank you in advance!
Hey you can only correlate single account to one identity. You cannot correlate to multiple identities. When you correlate the account SailPoint will set correlation flag to true and will be linked to the identity.
Thanks for the clarification. Yes, I’m aware that IdentityIQ only supports one-to-one correlation between an account and an identity due to the correlation flag and how links are managed.
Is there any recommended pattern or workaround to handle cases where a single account needs to be associated with multiple users?
For example, duplicating the ResourceObject during aggregation to simulate per-user ownership?
I do not think that is possible
Account will be correlated to single identity . I don’t think that you can correlate a single application account to multiple identities .
Hi @shruthi_m
In ISC we have a new featured called: Machine Identity Security
I guess you are referring to this concept.
I would probably create that account as its own identity and then use a multi-valued attribute to keep track of the identities that share it. depending on how many you have you could use the extended identity attributes too.
Hi All,
I resolved this by writing a custom Correlation Rule. Since IIQ only allows one account ↔ one identity, I worked around it by cloning the account’s ResourceObject during correlation. For each correlated identity, I created a new Link to the cloned resource object.
This way, a single physical account can be represented under multiple identities in IIQ.
That sounds like a recipe for things to go wrong.