HI @colin_mckibben @sharvari , have a question related to Identity Profile - we have created a manufacturing source (MFG AD) and inorder to keep it separate created a identity profile (MFG IP) from hr identity profile i am not sure if i remove the new IP will it remove users we dint even configured provisioning in IP and when i am trying to unlink the source from IP it is saying it might delete users be sure about it ? is it ok to remove IP ? dont want any data loss.
Hi Osman
If this identity profile is lowest in the list of identity profiles, i.e. lowest priority, and the identities already exist in another higher priority Identity Profile, you should be safe to delete this IP. Check on the Identity Profile page on what the number of identities are for the new IP, if it reflects as 0 then you should be safe to delete it.
check the documentation here for details on prioritising IPs: Creating Identity Profiles - SailPoint Identity Services
Hope that helps
Basically we were having 2050 accounts by aggregation from MFG AD source and after creating IP. it will create 100 new profiles in MFG AD but we do not want to create it so we did not configured Provisioning yet. and next step was to step back by removing IP. but not sure
Removing the IP won’t delete any accounts from the Source, it will only delete any Identity cubes that were created natively within Identity Security Cloud. This means the accounts you are bringing in from MGF AD will be reflected as uncorrelated if they aren’t already correlated to existing identity cubes in another IP.
Hope that makes sense.
i did removed the IP, now it shows as all the accounts are uncorrelated. however it did not deleted any user records but it is not allowing to correlate back. what else should be done in this case ?
If you’re sure your correlation rules are correct and they will correlate to the existing IP (I recommend doing a data sanity check to verify that the data will correlate to your existing IP data).
Then you can run an unoptimised aggregation against the source with this API and set the value for disableOptimization to “true”-
import-accounts | SailPoint Developer Community.
This should force the correlation to run once more.
before removing IP all accounts were correlated.
It sounds like you are confusing correlation with creating an Identity from an authoritative source? Before deleting the IP, the accounts listed in the MFG AD would have displayed as identities in the Identity List on ISC because you created the IP specifying the source as the source for the IP. This would create an identity cube for each unique account found in that source and show the accounts from this source as correlated, hence after deleting the IP, these account now show as uncorrelated.
Assuming Manufacturing identities are in your HR source then you can correlate the MFG AD account to their HR identities, however, if they do not exist in the HR Source, then you will need a separate IP for these users to correlate the accounts to.
This is not an authoritative source or related to authoritative source.
this is a standalone active directory we are trying to manage.
all accounts were correlated before IP was created.
now after removing IP 2155/2155 are uncorrelated.
so we had “ISC empnumber = MFG empnumber” as correlation key.
but the same correlation key is not working now.
How do we reestablish the correlation ?
Hi @osmanmohammed ,
Have you tried unoptimized aggregation for the source? if not try it once. Even if that is not helping then, you can try resetting the source accounts and aggregate fresh.
Thanks
1 Like
Hi Karthikeyan,
i got the Cloudexternalid for the source but what should be the endpoint ? and how we can run /make unoptimized call ?
thanks
osman
Hi @osmanmohammed ,
I hope you have the Postman setup in place, you can find the cc API which does the unoptimized aggregation,
thanks, Re creating source worked but not the unoptimized aggregation.
1 Like
This topic was automatically closed 60 days after the last reply. New replies are no longer allowed.