Question: Is there any audit logging, API, search, etc. to track/confirm if/when an account was correlated to an identity, or more specfically to a different identity?
Scenario: Something changes on a non-authoritative source account that causes the standard correlation configuration to assign this account to a different identity. Similar scenario with changing the account correlation configuration that based on evaluation order changes the account assignment to a different identity.
Hello Ed,
I think the closest thing to an audit logging you can get is account activities Account Activities | SailPoint Developer Community
Unless I’m missing something in this API, I’m not seeing anything specific to account correlation which is the requirement in this case.
Hi Ed,
Only place I can think of that would have this information currently is the beta Identity History endpoint. If you know what identities you would like to check, you could loop through the history of the identities and check if accounts were removed/added.
The endpoint would look like this - beta/historical-identities/:id/events?accessItemTypes=account
Unfortunately, I’m not aware of a search query that would allow you to find correlation events across all identities or sources. Would be a good SailPoint Ideas entry though!
Thanks,
Liam