I would like to understand correlation configuration in Sailpoint IIQ.
I’ve noted that account is marked as correlated when account is created though Authoritative source but not when identity is created using CreateIdentity Form.
In this case, we are using Rapid Setup Joiner to create accounts, despite this, identity is not correlated. Is it correct? It would be neccesary implement a custom rule for that?
Identities are first created from an Application which is marked as Authoritative Source
When we are onboarding the remaining non-authoritative applications we need to mention the correlation logic so that the accounts get correlated to the identities created from Authoritative source
Correlation in this application can be configured either via Account correlation config or via correlation rule
Thanks for your quick reply.
In our case, IdentityCreate Form is the authoritative source , and joiner process creates the application accounts, so for this case, It should be necessary to configure correlation rule in the applications to set identity as correlated during aggregation process?
It’s a bit “old-school”, but for this kind of use-case, I’d generally prefer to create a custom table in the IIQ DB (or plugins DB) to store the identity data, and then onboard that DB table as a JDBC application in IIQ. The process would essentially work like this:
Preconditions:
A DB table to store the identity data (can encrypt sensitive data if desired and decrypt in your customization rule if needed)
The Create Identity workflow would be modified to insert a record/row into the custom table
A JDBC app is configured to read from that table and is flagged as authoritative
Identity Mappings are configured to utilize this source (likely a lower priority than the main HR source)
When a new record is entered, you can execute a getObject single-account aggregation to aggregate the new record immediately.
Note: You can also update the Edit Identity workflow to modify records in the DB table as well