Restriction/Filter on Single and Full account aggregation of AD Multiforest application

Hi,

We’re trying to implement an AD Multiforest application in IdenitityIQ.
We have a requirement of restricting full account aggregation to only few domains, but perform single account aggregation for all domains.

  1. Restricting full account aggregation for certain domains at “SearchScope” might also restrict Single account aggregation for those domains. Is our understanding right ?
  2. Is there any other real time possibility that we can perform Full account aggregation on few domains but allowing single account aggregation to all domains.

Appreciate any suggestions.

Hi @Shivaleela,

I had a similar request in the past and i resolved with Target Aggregation plugin:
https://community.sailpoint.com/t5/Professional-Services/Target-Aggregation-Extension/ta-p/176995

you can set the connector with searchScope with only domain that you want and use this plugin for single aggregation.

Alse, I tried this rule and it works:

2 Likes

Hi @enistri_devo ,

Thanks for the quick response. I’ll go through the solution you posted, and get back.
Appreciated !!

Thanks.

2 Likes

This topic was automatically closed 60 days after the last reply. New replies are no longer allowed.