IdentityNow role assignment for existing users

Hi, I have one use case where I need your suggestion -

There is one other IAM system we were using where we used custom java code (as custom adapter) to provision ids on target system. This provisioning was done based on birthright rule. This process of id creation was not done for all users in older IAM system, it was done for few users.

Now we have connected the same target system with Sailpoint IDN. There is one new web service system we have configured in our Sailpoint environment. We have configured all required steps in SP to create account at target system. We are creating ids in target system based on role assignment which internally call access profile (entitlement). In first role refresh it created many new accounts in target system, but we have few issues:

1. from older IAM system there were many users for whom id was already created on target system, for them create account is failing saying account already exist on target system. In this case, although user has account on target system but from Sailpoint side we are able to see role assignment or entitlement add in user’s profile.

could you please suggest how can I fix this issue.

Hi @hranjan3,

This looks more like an issue with your account correlation in the source.

If IDN is trying to create accounts for the users who are already existing in the target system, you will need to find out why they are not showing up in IDN after your aggregation. Ideally if you have the accounts aggregated and correlated correctly, IDN would not try to re-create the accounts for existing users in the target system.

Maybe you need to verify the correlation attributes for the impacted users and see how they are looking like.

Hi @jesvin90 right, I updated correlation rule and it worked fine. Thanks for your input!

This topic was automatically closed 60 days after the last reply. New replies are no longer allowed.