I have a client who needs to create a separate Identity Profile for their European users due to compliance needs. Configuring the auth source’s to handle this is easy enough but we have a few concerns:
-Duplicate identity cubes being created and new LAN IDs/AD accounts being assigned.
-Almost all access is obtained through Access Requests. New cubes being created would make this extremely hard to track and duplicate “who has what” in terms of requested Roles.
I am not seeing the ability to transfer identity cubes from one profile to another. Does anyone have any workarounds/best practices for doing something like this? Ideally would like to keep the same cubes just have different auth flows.
If I understood correctly, you have only one authoritative source for both the Identity Profiles ?
Once the account from Authoritative source with high priority is deleted then automatically Identity moves to the next high priority authoritative source.
Correct we have one authoritative source. Its a JDBC connector so would just duplicate the source config and adjust the queries.
If I am understanding correctly it sounds like I would create the new source with only EU users and have it correlate to the existing identity cubes.
After they are aggregated and added to the cube I would then adjust the query on the original source to remove these EU user accounts?