Hi Team,
We’ve noticed several new Identity Cubes being created with names starting with a ‘$’ symbol. They don’t appear to be originating from our authoritative sources.
Has anyone encountered this behavior before or seen similar accounts?
Regards,
Aniket
when you say identity getting created, do you mean the uncorrelated accounts, when you are doing aggregation for any connected or disconnected applications??
@aniketnegi Please open any identities and navigate to Application accounts. This should tell you from which application they are aggregating. If you want to restrict it you need to delete these identities first and then see if applicaiton supports any user/account filter that you can add or restrict it in the Account Aggregation task by checking option: “Only create links if they can be correlated to an existing identity.”
Note: Found a fix?Help the community by marking the comment as solution. Feel free to react(
,
, etc.)with an emoji to show your appreciation or message me directly if your problem requires a deeper dive.
Hi @aniketnegi ,
Please check how these Identities are created by checking Audit actions related to those identities or application accounts (Link) in Identity warehouse.
As @neel193 mentioned, if identities are created from non-authoritative application, you can check account aggregation task options of that application. Disable Identity creation from this task with option “Only create links if they can be correlated to an existing identity.“
If Identities are created unintentionally (from batch workflow, rule, or tasks, etc), and not created from as part of account aggregation, then those can be deleted by Identity Prune task. Please have detail analysis before going with this option.
An identity is created through aggregation. Find the application this identity came from. Change the application’s aggregation task with “Only create links if they can be correlated to an existing identity.”