How to handle multiple accounts coming from one authoritative source

Identity Security Cloud (ISC) ISC Discussion and Questions
1

Hello everyone,

I’m currently working with HCM using the HCM connector, which acts as an authoritative source for identity management. One challenge I’m facing is that it can provide multiple accounts for the same identity. For instance, an individual may have a main account as well as an expatriate account. I can recognize the two different kind of accounts trough a set of attribute.

Could anyone provide insights on best practices or strategies to effectively manage and differentiate between these accounts for the same identity? How can I ensure accurate representation and processing of these accounts within the system?

Thank you for your assistance

2

I found a similar post here: Authoritative source having two accounts for same user, how to select only one? - #6 by colin_mckibben

3

Hi @s_tartaglione ,
Please check the below link it may be helpful for you. I think its the same issue which you are facing.

Authoritative source having two accounts for same user, how to select only one? - Identity Security Cloud (ISC) / ISC Discussion and Questions - SailPoint Developer Community

Thank you!

4

In the post that you have sent i didn’t see how to manage 2 accounts, but how to select one of those, i want to manage both accuounts

5

if user has 2 accounts in HCM obviously 1 would be the trusted account . check if you can add filter to the connector to pull only primary accounts.

Do you need to get some attributes to be mapped in profile from secondary account too ? I would say best would be onboard the another source just for secondary accounts.

6

No i want to map to one entity multiple accounts coming from the same source, that is my goal

7

what do you mean by this?

8

I’m reading from one source and on that source I have two accounts for each identity that I want to associate with that identity because they are referred to that identity but in different state

9

I think best would be you need to consider particular identity as the trusted source for particular set of attribute .
ex
identity1 ( primary ) - firsrtName , LastName , Status etc .
identity1 ( secondary ) - BU , CC etc.

10

You cannot associate 2 accounts from an Authoritative source to a single identity. By design, each account from an Auth source will create an identity

11

Can you create 2 sources for HCM? One source would be filtered to create the Identity and the other source would be filtered to be an account for that identity.

12

So, I have created two sources, one authoritative and another one not authoritative. Than I created a filterString to filter based on the attribute of the different accounts that the source have . The problem is that i’m not able to reach my goal because supposing to fill the two connectors with the same source files for both sources and supposing to have two accounts for the same person:

ID Name Attribute to filter
12 Mario X
12 Mario Y

If I use the filterString on “Attribute to filter” = X on the first source and the filterString on "Attribute to filter " = Y on the second source the filter isn’t working properly because I noticed that since two accounts are associated to the same Identity, firslty Sailpoint is choosing one of these accounts and than it applies the filter, so it results to pick only one account, for example the one that as the "Attribute to filter " = Y and than applies the filter and take it in the first source, and nothing on the second One. I tried to use the same filter changing the personnumber and that works. But my goal is to have different account for the same person based on an attribute.

13

This topic was automatically closed 60 days after the last reply. New replies are no longer allowed.