We have a bunch of accounts that were generated from our authoritative source originally that have a unique ID number as the ‘account name’ field on identities, this value is what is being passed in event logs - i’ve looked around but i don’t see anything that indicates this can be changed or recalculated? the obvious impact is that event logs are effectively garbage to auditors or compliance people who are not savvy in the system to validate these numbers equal the person in question. The issue has since be fixed for new hires as our transforms and attribute mappings were updated, but the legacy population has this long string of numbers as their account name, which seems to be tied to the sailpoint account. is this possible to manipulate after the fact without an extensive reset of a bunch of information?
That field is controlled by a Mapping in your Identity Profiles. The first Mapping will be something like Sailpoint Username (uid). I have never changed this mapping, so I don’t know what will happen, but I am guessing your Identities would be recreated with the new mapping info.
I would highly recommend changing it in your Sandbox Tenant first.
thanks for the reply Carl!
I actually have changed in sandbox, it resets the password but doesn’t create a new account, since were sso there is no impact in our tenant for that.
however, it did not change the account name, that stayed the same, the sailpoint username did update as expected. I was looking to help cleanup the event logs to make them more usable for the populations in our tenant that have a weird ID for account name in the initial load.
The SailPoint account on the cube will have an Account ID
based off of your identity’s Account Name
(which is the unique identity name which never changes that you highlighted above in the Attributes section of the cube). The Identity Account Name
is generated from whatever the Account Name
is on the schema of the authoritative source (not to be confused with Account ID
) that is set on the Identity Profile in which the identity is created from. You would need major changes in order to change all of this around.
More info here: Source Account Schema Best Practices - Compass
Thanks Patrick, that was what I figured would be the case, yes the account name on the identity was the one was I was hoping could be changed, due to the nature of the event logs and how they present data.
This topic was automatically closed 60 days after the last reply. New replies are no longer allowed.