Update Account Scenario for Webservice Source

Hi Team,

Suppose I have an existing account in a webservice application.

And for that account identity firstname changes.
I have firstname in create and update prov plan and update account operation as well.

How will this trigger the update account scenario in this case?

Will it trigger automatically?

Yes, if you have enabled attribute sync for “firstname” then the trigger will happen automatically.

@Deepanshu07 -

Follow the documentation - This will help.
Synchronizing Attributes - SailPoint Identity Services

When an identity’s firstname changes, it can trigger an update account scenario in a webservice application, but it is not necessarily automatic. The process typically involves several steps:

1. Identity Attribute Update: When the firstname attribute of an identity is changed, it is considered an Identity Attribute Update.

2. Identity Processing: This change may initiate identity processing, which analyzes the identity to ensure all of its data is accurate and in sync with current configurations.

3. Event-Based Processing: If the change occurs during an aggregation or provisioning process, it can trigger event-based processing. This automatically analyzes the identity to make sure the rest of their data is accurate.

4. Account Activity: The change in the firstname attribute may be reflected as an Identity Attribute Update in the account activity data. However, whether this change automatically triggers an update to the account in the webservice application depends on several factors:

5. Application Configuration: The webservice application must be configured to receive and process such updates.

6. Provisioning Policies: There need to be provisioning policies in place that define how attribute changes should be propagated to the application.

7. Attribute Mapping: The firstname attribute must be mapped correctly between the identity and the account in the webservice application.

8. Native Change Detection: If the webservice application supports Native Change Detection, it may detect the change and trigger an update independently.

9. Manual Processing: In some cases, manual intervention might be required to initiate the update process, especially if there are significant changes to identity profiles, roles, or access profiles.

Therefore, while the process can be automated, it’s not inherently automatic and depends on the specific configuration of your Identity Security Cloud environment and the webservice application integration.

I had a couple of questions so i was looking into Attr Sync as well.

1. Does it work only when the identity attr is changed and triggers it? or does it checks if the identity and the account attr value differs and then runs and push the data from identity → target?

2. How often does this run? Does it run automatically, or we need to schedule it?

Attribute sync occurs as a result of below(automatically). We can manually run the sync whenever needed but cannot schedule it.

• An authoritative source aggregation updating an identity attribute.
• A source aggregation detecting a change to an account attribute made natively in the source system. Identity Security Cloud may override this change based on the sync configuration.
• A source account being moved, or correlated, to a different identity with different attribute values.

This topic was automatically closed 60 days after the last reply. New replies are no longer allowed.