Non-Employee Risk Management Sources in Identity Security Cloud will now support filtering profiles for aggregation based the profiles’ status in NERM.
Problem
Prior to this enablement, Non-Employee Risk Management sources in ISC that are configured to use the SailPoint Non-Employee Risk Management connector would aggregate all profiles of a given type, regardless of status. This caused problems for customers who did not want to aggregate Inactive Non-Employee or Assignment profiles into ISC for governance.
We are introducing a new setting on the Non-Employee Source configuration in ISC: NERM Account Aggregation Filter by Status. This setting is a dropdown with two options:
All - Profile statuses to be aggregated: Active, On Leave, Inactive, Terminated
Active - Profile statuses to be aggregated: Active, On Leave*
* Note: this is consistent with the display of profiles in NERM, where On Leave profiles are included under the “Active” status in tables
This setting will be available on all Sources using the SailPoint Non-Employee Risk Management connector
This includes Sources configured prior to April 2025, which were manually configured via ISC to aggregate a single Profile Type
This includes Sources configured since April 2025 which use the Identity Security Cloud Connection Settings configuration in NERM
The default selection for this setting will be All
This is consistent with the current approach wherein profile of all statuses are aggregated by the Source.
Changing the setting to Active will update the accounts to only reflect Active Profiles on the next aggregation
Dates
This new setting will be available on Non-Employee Risk Management Sources in Identity Security Cloud during the week of: June 16, 2025.
There is a slight delay with the enablement of this feature. We still plan to enable this status filtering on Non-Employee Sources this week, but the setting will not be available today as previously indicated. We apologize for the inconvenience.
Thank you for this thoughtful enhancement to Non-Employee Risk Management sources in ISC.
The ability to filter aggregated profiles based on status is a highly practical improvement. By giving administrators the option to exclude Inactive or Terminated profiles from ISC aggregation, this update helps reduce noise, improves governance relevance, and streamlines identity lifecycle operations, especially in environments with high non-employee short-term assignments.
Given the recent update noting a slight delay in enablement, could you kindly confirm the revised release date or expected timeline for when this setting will become available in production?
Appreciate the continued investment in making NERM integrations more manageable and governance-friendly.
This option is now Live on Non-Employee Risk Management sources in ISC production tenants. If you are not seeing it in your tenant, please let us know.
Additionally, we have already received feedback from some of our customers that more granularity from this filtering is desired. Currently the options are ‘Active’ or ‘All’. This means that you can filter out InactiveandTerminated profiles by setting the filter to “Active”, but not InactiveorTerminated Profiles. We are open to targeting further enhancements to this feature, but we’d like to better understand the use cases around more granular profile status aggregation filtering. If you have more details on this business case, please let us know!
Thank you,
Jeff Lakey
Sr. Product Manager
Non-Employee Risk Management
A feature that would be quite useful would be to be able to filter by ‘Active’ and ‘Terminated.’ This way, we can avoid reading NERM accounts that are ‘Inactive’ and we can manage the reactivation of accounts when an external employee rejoins the company.
If we filter by ‘All,’ you read the accounts in “Inactive” status, which in our case means that the registration process has not been completed. ‘Terminated’ means that the account has been terminated because the access end date has been reached or the employee has left the company.
Thank you very much. We hope you will update this feature.
