QUESTION:
Identity M&M : On merging the secondary identity to primary identity, accounts/access/roles are not getting transferred to primary identity
Team,
We are using the identity match and merge functionality in production and dev and found an issue wrt to merging the user attributes and transfer of access/roles/accounts from secondary to primary user.
That on merging, associated roles and entitlements will be transferred to primary user, but this is not happening. The accts/access/roles are still remaining with secondary user only.
Example -
Assume, both users have same email, FN, LN, company name. Account association happens on user.email = accounts.cp35.
primary user A (active) - 0 accounts
secondary user B (inactive) - 2 accounts
On merging
1. accounts and access is not getting transferred
2. secondary user is getting inactive and still having the 2 active accounts
If accounts get transffered for example, how will saviynt avoid mapping the accounts to inactive user where both users have same attributes ?
The documentation does not refer to any config where we have to enable transfer of data on merge activity, not sure if any such config exits as well.
ANSWER:
As per the current product functionality we are not supporting transfer of accounts/ents/roles to the primary user incase of duplicate/secondary users.
You can only remove access of the duplicate user based on the DUPLICATEDETECTIONSTATUS attribute value.
I will also get the documentation updated correctly as right now it is not clear.
However The transfer of accounts/entitlements/roles is there in our roadmap but there is no definite ETA on this