Hi All
Trying to understand why sailpoint couldn’t correlate Manager.
We are trying to integrate Active Directory we have successfully established a connection and were able to bring the accounts into sailpoint.
we are trying to correlate manager which is extension Attribute 2 to sailpoint username but we were not successful in achieving that.
As shown below screenshot it’s able to populate but somehow failed to link to the identity value
Is AD your authoritative source? Or do you have a HR system or something you’re bringing users from initially?
Generally if it’s from a HR source, you’d set something like the below
From there you can lookup the managers DN, map this to an identity profile attribute and then map that value in your creation profile for the AD Source to the AD attribute Manager.
Thanks for the reply
we have another HR system which is bringing users. we are trying to map our custom attribute from AD which is extension attribute2(Manager) to sailpoint username for Manager correlation
As per my previous screenshot, it’s able to pull the manager but couldn’t map it to identity though all the configurations in the identity profile are correct. When I see the preview results I could see the manager name populated but the identity value shows empty.
Oh ok, it seems a little non standard.
But if you’re just trying to map a value from the AD source to an identity value, you do that through the identity profile mapping. (Identities, Identity profiles, [profile], mappings)
Identity attribute (manager) comes from source: AD, attribute name: extended Attributes, transforms(whatever you need)
Just make sure you’ve included the extended attribute into your AD schema so it’s visible within IDN, but I think from your screenshot you’ve done that already.
Yeah I have done those things already. but couldn’t figure out where I am going wrong to populate manager filed for AD accounts.
If you’re trying to sync to a downstream system, it should be set-up in the create profile on your target source.
If you want to push that value to this extended attribute, you could attribute sync those values. Just use it with caution. Perhaps set-up another source for AD with a filter to test first
Also looking at your screenshot it looked like there was a value coming from AD on that particular account.
Attribute
i don’t want to sync it to any downstream system i need to pull out all the users from AD into sailpoint just aggregation so that those identities host in sailpoint.
extended attribute 2 has already populated in AD . In the schema, I have added extended attribute 2 and tried to bring it to sailpoint. I was successful in that but failing in manager correlation.
Hey had another read through this, the Preview value you’re seeing in the mappings section is what the result will be on that identity once an update is done and the mappings applied. Like the before and after a transform is applied. Screenshot below
Have you pushed through an update to the Identity Profile yet or are you just using the preview function? If you’re getting the expected value in the preview and not yet applied it then the value for that manager attribute will not be set at an identity level.
Generally, but not always manager correlation is done using a linked ID number as detailed here
It’s difficult to understand without me seeing it, perhaps someone else can shed some more light on the issue.
yes, I have triggered a refresh identity profile job through API.
but still, the manager is not linked to the identity.
even i felt the same reading the manager correlation documentation. but our correlation rule also should work right ?
anyways a big thanks for all your efforts in troubleshooting.
