Design: Single account aggregation displays wrong data

Hi fellow developers!

Suppose we have the following for a source:

Weekly scheduled account aggregation that just occurred
3 Accounts, different identities, all have department = sales.
We do single account aggregation on all three accounts and this account attribute is now marked as department=sales for all three accounts.
Someone now changes the department on the target application to HR on the first two accounts and leaves the third account on sales.
We wait two days
Someone deletes the second account on the target application
We wait two days
We now wonder what the current data is of the three accounts, so we do a single account aggregation on these three accounts. After all, that is what single account aggregation is for and it should give us access to the latest information without taking the time and resources to update the source’s entire contents.
We see the following results
account 1: department HR
account 2: department sales
account 3: department sales

Account 2 is now definitely not up to date in IdentityNow. Not only does it not show that the account is deleted, it also displays a value that was not even the latest version prior to deletion.
Due to this current behavior of IdentityNow, we can’t trust single account aggregation to display the latest values. To get the correct data, we would now perform a full account aggregation, which can take a lot of time and unnecessary computing power.

Would you consider this behavior of IdentityNow a bug?

2 Likes

Hi Angelo,

How are you performing the single account aggregation? Via API? What are the details of your request?

Hi @colin_mckibben,

This was related to performing the single account aggregation through the UI, I haven’t tried it using the API, but I would expect both to be able to detect deletions and handle accordingly.
SailPoint Support might accept it as a bug now given that Kirby agrees it is a bug.(https://ideas.sailpoint.com/ideas/GOV-I-2378)

3 Likes