Correlation rule does not uncorrelate

sjoyee · November 9, 2023, 8:06am

Hi.

The following is our sample code for correlation rule where we want to uncorrelate the account during offboarding LCS.

Map returnMap = new HashMap();

  String sAMAccountName = account.getStringAttribute( "sAMAccountName" );

  sailpoint.rule.Identity foundIdentity = idn.getIdentityById("uid");
  String lcs = foundIdentity.getAttribute("cloudLifecycleState");

  if (!"offboarding".equals(lcs)) {
      returnMap.put( "identityAttributeName", "adid");
      returnMap.put( "identityAttributeValue", sAMAccountName );
  }

  return returnMap;

However, when we offboard the user, the account is not removed / detached from the identity. Appreciate any input on this, thank you!

MVKR7T · November 9, 2023, 8:21am

Did you try running full aggregation through API call.

POST
/cc/api/source/loadAccounts/123456?disableOptimization=true

sjoyee · November 9, 2023, 8:28am

Hi Krishna, we have not done that, as we wanted to check is the correlation rule working for a few accounts to not affect the other existing ones.

Can I know will it not be immediately uncorrelated once the user is offboarded - reach end date / aggregation from authoritative source with instruction to offboard ?

sjoyee · November 10, 2023, 12:55am

Hi Krishna,

I have run the API call as suggested, however, it seems that the account is still not removed/uncorrelated from the identity.

Any input on the possibility of errors in the current rule? Thank you

iamnithesh · November 11, 2023, 3:11pm

Is, by any chance, manuallyCorrelated is set to true for this account?

MVKR7T · November 12, 2023, 7:11pm

Can you try passing the param in body.

sjoyee · November 28, 2023, 3:43am

Hi, the reason that the correlation rule was not running even after invoking the API:

POST
/cc/api/source/loadAccounts/123456?disableOptimization=true

is because the condition set in the rule is incorrect. After updating it to a correct condition, and aggregating from the target source with disableOptimization set as true, the account is uncorrelated as expected. Thanks all for the help!

sjoyee · December 1, 2023, 2:14am

Following up this topic as attached:
Correlation Rule Issue - IdentityNow (IDN) / IDN Discussion and Questions - SailPoint Developer Community Forum

system · January 30, 2024, 2:14am

This topic was automatically closed 60 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Correlation Rule Issue ISC Discussion and Questions rules , identity-security-cloud	7	570	February 25, 2024
IdentityNow Correlation Rule ISC Discussion and Questions rules , aggregation , identity-security-cloud , correlation	6	1215	July 27, 2023
Remove manual correlation between an account and an Identity ISC Discussion and Questions aggregation , identity-security-cloud , accounts	4	569	July 11, 2023
Correlation Queries for Active Directory ISC Discussion and Questions identity-security-cloud , correlation	4	332	December 9, 2023
Correlation rule IIQ Discussion and Questions rules , aggregation , identity-security-cloud , identityiq , correlation , entitlements	5	598	December 11, 2023

Correlation rule does not uncorrelate

Related Topics