Hello,
Is there a way to update the account name in an IdentityNow source without deleting the identity or re-running aggregation?
The account name was changed in the target system, but IdentityNow still shows the old value.
Thanks.
Hi,
By source, are you meaning HR source, or data source. Your problem statement is slightly confusing with your choice of words:
If the former, then you will need to aggregate the source to bring in the fresh data,
If the latter, then you will need to sync then aggregate
Hi, By source, I mean the source named âIdentityNowâ, which is the default source configured in SailPoint ISC.
Iâll be honest, that didnât make it any clearer. However, my solution still stands. You will need to either aggregate or sync&aggregate depending upon if the source is authoritative
The IdentityNow source is not visible in the UI, and it seems that aggregation cannot be performed even via API. Is there any other way to handle this?
if the source is not present in the UI, then its not present.
And I am more confused about why you called a source âidentityNowâ. What sort of data does it hold, what sort of connector is it?
It might get updated automatically after some time based on the next aggregation. Could you please confirm when the account name was changed in the HR system?
I updated the Account Name schema of the HR source to a different attribute about a month ago.
@santhirajumunganda I donât think that is what they are talking about.
I think that they want to rename a source, and that source is not present in the UI.
@sxxnex Is this a Dev tenant you are working in? And why do you need to rename it?
Iâve never seen that source before, and if its hidden, its probably for a good reason
Iâm not trying to rename a hidden source. Doesnât your tenant also have a source called âIdentityNowâ?
Hi @sxxnex The name of the identityNow source account is mapped from the name of the account in the auth source defined in Identity Profile. It is then used as default correlation rule. It is an immutable atttribute. I am not aware it can be updated, so in your circumstance the Identity may well need to be deleted
Hello @phil_awlings, Iâm not sure why my name was mentioned here. Did I provide any wrong answer?
In the current setup, Iâm unable to delete the identity. Is there any way to make this change without deleting it?
Hi @santhirajumunganda I name-checked the wrong person.
Sorry. it was meant to be @ssowmya567
I canât recommend anything because any fix may have unintended consequences (itâs immutable for a reason)
You literally said that the source wasnât visible in the source.
I canât offer you any more advice until you can define your problem statement better.
It is as designed by SailPoint. Correlation is always attempted before an identity is created. If the account cannot find an existing identity to correlate to, and itâs an authoritative account source, then it creates an identity.
The âaccount nameâ attribute wonât change, so whatever it was on the identity thatâs being created/correlated first time will remain same.
In case, if you want to change the account name, then you need to create a new identity from HR source.
The same issue occurs if you aggregate the non-authoritative source first and auth source later. In this case, the account name will be generated from non-auth source, and it will not change when an auth source is aggregated. So, always it is recommended to aggregate the auth source first.
So, the answer is you cannot change the account name as far as I know for the existing identity.
Hope this helps you.
As per SailPoint documentation it is not recommended to modify the account id and account name after aggregation as it breaks references.