Manager Correlation from two different Sources

Hi Team,

Can we map two sources for Manager Correlation is this supported in IDN?
We have requirement to get the manager id from two different sources and populate on the manager attribute of Identity Profile whichever is available first.

As we are only allowed to map only single Source for Identity Profile. We have populated the Manager ID using First Valid transformation with two different sources. During preview we are able to see the Manager details but on the in the Identity List when we select the Identity Manager name is not populated only for the users whose manager id is linked with other source than the Identity Profile source. We have populated same Manager correlation for both the sources.

Does IDN supports mapping two different sources for Manager correlation?

Either through Manager correlation rule / transformation logic? Did anyone tried this functionalities?

Appreciate your help!

Thank you!
Sailaja Prathi

Do both of your account manager source values map to the same identity attribute? I believe that may be the only way to get this functionality to work, but Iā€™d like to see what the community has to say about it.

Yes we did that but it didnā€™t work Manager mapping is not working for other source

@jordan.violet Do you have any information on this? Could you please provide any pointers here?

Thank you!
Sailaja P

Hey @sailajaprathi,

I am currently looking into this matter on your behalf and looking for the information you need to be able to achieve your desired results. Thanks for posting and please bear with me as we do some investigating.

PS: Congratulations on ā€œNew Member of the Monthā€ award :slight_smile:

@jordan.violet Thank you :slight_smile:

Mapping in Identity Profile under manager attribute is more of cosmetic and real work is done in manager correlation. It can be done either through UI config or manager correlation rule. Manager correlation job runs after aggregation is completed.

The requirement here: We have requirement to get the manager id from two different sources and populate on the manager attribute of Identity Profile whichever is available first.

If you just want to get the id visible then you probably can use normal attribute but overall this needs detailed investigation and how you are getting the data from 2 sources.

1 Like

Hi Chirag,
Thank you for the reply.
We were able to achieve normal display which will be just employee number but we need proper mapping of manager as Identity not just display, So that Manager can see the sub-ordinates
Please find the below details:
Requirement: Manager details are populated in two different sources. Manager Employee Id is the reference to find the manager details and this is present in two different sources.
Steps Followed:
Number of Sources :-

  1. Source1 - Authoritative source used for Identity Profile
  2. Source2 ā€“ Other target source
    Identity Profile Mapping:-
    Attributes are mapped with both Source1 and Source2
    manager attribute mappingļƒ 
    {
    ā€œattributesā€: {
    ā€œvaluesā€: [
    {
    ā€œattributesā€: {
    ā€œattributeNameā€: ā€œmanageridā€,
    ā€œsourceNameā€: ā€œManagerTestGā€
    },
    ā€œtypeā€: ā€œaccountAttributeā€
    },
    {
    ā€œattributesā€: {
    ā€œattributeNameā€: ā€œmanagerIdā€,
    ā€œsourceNameā€: ā€œManagerCheckFeedā€
    },
    ā€œtypeā€: ā€œaccountAttributeā€
    }
    ]
    },
    ā€œidā€: ā€œManager Tranformation For Manager TestGā€,
    ā€œtypeā€: ā€œfirstValidā€
    }
    }

Manager Correlation Mapping:-
Source1:
ā€œmanagerCorrelationMappingā€: {
ā€œidentityAttributeNameā€: ā€œidentificationNumberā€,
ā€œaccountAttributeNameā€: ā€œmanagerIdā€
}
Source2:
ā€œmanagerCorrelationMappingā€: {
ā€œidentityAttributeNameā€: ā€œidentificationNumberā€,
ā€œaccountAttributeNameā€: ā€œmanagerUidā€
}

Thank you!

Clarification needed: if there are 5 records coming in first source, managerId would be empty for few of them? Is that the problem we are trying to solve here? Those empty records would have details in another source?

Yes Chirag, If it is empty in first source we need to pick it from second source and map it.

Hey Sailaja,
Assume record A comes in from source A and if he has managerID then we will populate manager on his identity. This is normal situation.
Next record B comes in from source A and it does not have managerID then we would not be able to make any decision here but I see there is one opportunity here.

In case you have managerID empty and if the identity has an identity attribute from another source which gives his managerID then you can fetch it (manager correlation rule ) and then supply it for manager correlation. You can also use query options if possible and get link from another source and fetch managerID from another source and then pass it for manager correlation.

Overall manager correlation should run on single source.

If you are using OOTB settings in both source, I predict below behavior:

  1. Source A manager correlation runs, all identities have manager populated who have managerID in their source A record. Others are not having any manager populated.
  2. Source B manager correlation runs, the identities who had manager populated from source A would not have manager removed even if the managerID is empty here because this is how product behaves. This is an advantage for you. The remaining record which were empty in source A would have managerID coming in so manager correlation would work here as expected.

The next sequence in source A would be similar.

Can you try the ootb option and run both source aggregation with ootb ui settings and see how it goes.

1 Like

@chirag_patel : Thank you for the details. As mentioned in my post OOTB was already tried but it is not working as expected only option left is to try with Manager correlation rule, I am going to work on it. Will update you with the outputs.

Thank you!
Sailaja

1 Like

Hi Chirag,

We have tried with Manager correlation rule but no luck. It only connect with the User ID which is available on the Authoritative source.

One small question, we logging using log.debug and log.error but we didnā€™t see logs in ccg.log or chron.log is there anyother logs where this will display value.

Thank you!
Sailaja Prathi

If rule did not work then it needs detailed investigation. About logs, correlation rule is cloud executed rule so logs would not be available on VA side. Only Sailpoint folks can see those logs from backend tools. https://community.sailpoint.com/t5/IdentityNow-Wiki/IdentityNow-Rule-Guide/ta-p/76665

Hi @sailajaprathi
we have a similar use case. Were you able to resolve ?