Hello Experts,
What is this SailPoint IdenitityNow Prod source? Workday is the authoritative source, we want the account name in the identity cube to be what we have setup in Workday. But for some reason some identities have the account name as the SailPoint IdenitityNow Prod account name on the identity cube. Where can we update it and how can we have only workday data showing on the identity cube
Any thoughts @MVKR7T ?
Looks like you have multiple sources configured as Auth Source (or had in the past) and the identity in the question must have moved from One Auth Source to another due to correlation and Identity Profile Priority.
Once the Identity got created from previous Auth Source, it got the account name from previous auth source. I believe you could delete the identity and re-create to have correct account name.
However, once you do that, you might see identity exceptions in target source accounts and you would have to patch those accounts with correct identityid.
Additionally:- SailPoint IdentityNow Prod source can also be name of your tenant and an account from tenant name would always show up.
Hello Animesh, these are new identities which got created from Workday, also this is the only auth source for these identities. I’m not sure why it is showing the something else as the account name on the identity cube. I just increased Workday Identity Profile. Is there anything i can do to fix all of this at once?
The SailPoint IdenitityNow Prod account for your tenant is a representation of the IDN permissions of your identity.
My tenant name is Kartik’s SE. My account will hold the ORG_ADMIN entitlement:
Account name gets assigned to the identity from the Authoritative Source’s account schema attribute which is selected as Account Name.
Are you getting a different value than that you selected in Account Name source account schema?
Yeah, the SailPoint Identitynow username is the account name from Workday. But the Account name in the identity cube is not the same. Everything else seems to be correct, its just the account name being different
Interesting, I have seen this behavior only when moving Identities from one IDP to another.
I would suggest you to observe the behavior for new identity which is being created by maybe adding a test account to Workday and see if you get different account name then what is mapped in Account Schema of workday.
To rectify it, we reset the authoritative source accounts and removed any other idp which would recreate those identities and then aggregate again to create the identities but it is not recommended if your source accounts are provisioned through IDN and if there is any dependency/reference on identities. We had a greenfield deployment which didn’t caused any issue.
@atarodia has given the answers already, I would like to see the config. Can you get us some screenshots of Workday config and Identity cube account name attribute for a test user.
Thanks
Krish
This topic was automatically closed 60 days after the last reply. New replies are no longer allowed.
