Do we know why native change detection does not work if “Promote Managed Attribute” option is checked in AD account aggregation?
I was having the issue in AD Account Aggregation as it was giving Warning with - Encountered Uncorrelated Group.
However I found response comments in below discussion where it says both option enabled doesn’t work for AD. Can someone tell me why its happening. Why Sailpoint is considering the groups as Uncorrelated group? IS it because of Logiplex?
If both Native Change Detection and Promote Managed Attribute are enabled, SailPoint may encounter issues with correlating groups or other attributes. If an attribute is not already correlated or recognized as a managed attribute, it may be flagged as an Uncorrelated Group.
If you have uncorrelated groups indicates that SailPoint cannot find a matching identity for the group or attribute in its existing Identity Cube. As a result, it raises a warning
So if we uncheck Promote managed Attribute option for any new account membership that group will be reconciled as Managed Attribute for AD right? Or we need this option to be checked always ?
Promote managed Attribute means that SP during account aggregation, will create all the managed attribut that find on account, whitout execute a group aggregation.
Whit this flag marked, you cant do the group aggregation and have on SP only the entitlements are present on accounts.
The problem is that you cant activate the native change detection and you dont have all the possible entitlments.
For me, the best conf is scheduling the group aggr. and account aggr. with Promote managed Attribute unmarked and use native change detection for keeping the changes in real time.