We have a custom SaaS ISC Loopback connector that we are seeing an issue with account aggregations. The number of accounts returned by the SaaS connector and how many accounts are visible in SailPoint through the UI are off. Looking at the logs and test calls through Postman, the SaaS connector returns 560 unique accounts. However, in the UI and API, looking at the accounts list we see 559 accounts for the source.
I did a diff check between the two and found the identity that is missing the account. Interestingly, this identity has the entitlement assigned from the SaaS connector but no associated account listed. I checked the identity through the Search API and found the account there but I get a 404 error when using the Get Account API endpoint to retrieve the account details.
We’re seeing this across our tenants for this SaaS source for identities that have the same display name but unique account IDs. Has anyone experienced this issue before?
They have the same display name identity attribute, but I have configured the display name of the accounts to be different. It uses the employee number of each identity as the account display name to ensure they are different.
What I am wondering is if SailPoint is getting confused as to which account should be correlated.
This page Assigning Source Accounts... - SailPoint Identity Services under the Preset and Default Configurations has a statement that talks about the default correlation logic. SailPoint will automatically tryp to correlate using the “Account Name” attribute matches the “Name” attribute of the identity.
But there is also a support article that says that accounts won’t correlate if there is more than one match:
Yeah we had that thought as well, but there doesn’t appear to be any uncorrelated accounts. There could be some strange behavior behind the scenes with that default correlation logic.
Opened a ticket with SailPoint to hopefully dig deeper.
