Skip to main content

Account Aggregation Completed

Event Context

The platform has introduced an event trigger within the Source Aggregation workflow to provide additional monitoring capabilities. This trigger helps ensure account aggregations are performing as expected and identity data always reflects current source account information for better identity governance. Aggregations connect to a source and collect account information from the source to discover the number of accounts that have been added, changed, or removed. For more information about account aggregation see Account Aggregation Data flow

Flow

After the initial collection of accounts in the source system during aggregation completes, some uses cases for this trigger include the following:

  • Notify an administrator that Identity Security Cloud was able to successfully connect to the source system and collect source accounts.
  • Notify an administrator or system (e.g. PagerDuty) that Identity Security Cloud failed to collect accounts during aggregation and indicate required remediation for the source system.
info

This event trigger does not include entitlement aggregations.

This is an example input from this trigger:

{
  "source": {
    "type": "IDENTITY",
    "id": "2c91808568c529c60168cca6f90c1313",
    "name": "William Wilson"
  },
  "status": "Success",
  "started": "2020-06-29T22:01:50.474Z",
  "completed": "2020-06-29T22:02:04.090Z",
  "errors": ["Accounts unable to be aggregated."],
  "warnings": ["Account Skipped"],
  "stats": {
    "scanned": 200,
    "unchanged": 190,
    "changed": 6,
    "added": 4,
    "removed": 3
  }
}

The source account activity is summarized in stats, as seen in this example:

"stats": {
            "scanned": 200,
            "unchanged": 190,
            "changed": 6,
            "added": 4,
            "removed": 3
        }

In this example, there are 10 changed accounts (scanned (200) - unchanged - (190)). Changed accounts include accounts that are added (6) and accounts that are changed (4), equaling 10 accounts. Removed accounts may or may not be included in the changed account total depending on the sources. For this example, removed (3) may be considered a changed account in some sources and would show a scanned count of 203 instead of 200.

This event trigger fires even without changed accounts. The unchanged count will match the scanned accounts in the response.

The status of the aggregation can be one of two possible values:

  • Success: Account collection was successful and aggregation can move to the next step.
  • Error: There is a failure in account collection or an issue connecting to the source. The errors vary by source.