Saviynt unveils its cutting-edge Intelligence Suite products to revolutionize Identity Security!
Click HERE to see how Saviynt Intelligence is transforming the industry. Saviynt Copilot Icon
This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

AzureAD account not being correlated properly

Go to solution
FranciscoJ
New Contributor II
New Contributor II

‎09/04/2024 03:15 AM

Hello community,

We are facing an issue regarding re-correlation operation.

Correlation rules for AzureAD endpoint is:

  • Rule 1: customproperty29 = name
  • Rule2: email = customproperty4

FranciscoJ_0-1725444366066.png

 

Current AzureAD Account attributes:

Saviynt User A: AzureAD acccount was correlated in the past. Later, Customproperty29 was cleared and it is set as blank. Email is not equal to customproperty4 of the current AzureAD. They are not matching anymore.

The user A was rehire as a new Saviynt user as Saviynt User B.

Saviynt User B: it is matching the rule for AzureAD correlation:

  • Rule 1: Sav user customproperty29 = account name
  • Rule2: Sav user email = account customproperty4

We have executed the following job for account import:

FranciscoJ_1-1725444750019.png

However, the AzureAD account is not being moved to the new Saviynt User B. It is still correlated to the old Saviynt User A even if the correlation rule does not apply anymore.

Do you know why this is hapenning?

Many thanks in advance.

Kind regards,

Francisco J.

Labels:
0 Kudos
3 REPLIES 3

Go to solution
rushikeshvartak
All-Star
All-Star

‎09/04/2024 08:10 AM

  • Once account has been correlated it will not be changed during import process.
  • You can have detective analytics report and fix mapping manually

Regards,
Rushikesh Vartak
If this helped you move forward, click 'Kudos'. If it solved your query, select 'Accept As Solution'.

Go to solution
FranciscoJ
New Contributor II
New Contributor II
In response to rushikeshvartak

‎09/05/2024 03:55 AM - edited ‎09/05/2024 03:57 AM

Thanks for your answer!

Do you mean we have to detect by detective analytics the accounts that are linked wrongly to Saviynt users and then perform the mapping 1 by 1 manually using this button (change/remove user in Accounts tab)?

FranciscoJ_0-1725533563806.png

 

This is quite annoying and risky! Is there not any automatic process to do this? I think Saviynt should have sufficient resources to do that by itself since other Saviynt user is matching the endpoint correlation rule for that account!

Thanks in advance

0 Kudos

Go to solution
NM
Honored Contributor II
Honored Contributor II

‎09/05/2024 04:04 AM

Hi @FranciscoJ yes that is a limitation with saviynt.. you can identify those account and either manually correlate it or manually remove from users when user was deactivated.

Copyright © 2024 Khoros, LLC