Saviynt unveils its cutting-edge Intelligence Suite products to revolutionize Identity Security!
Click HERE to see how Saviynt Intelligence is transforming the industry.
Saviynt Copilot Icon

AzureAD account not being correlated properly

FranciscoJ
New Contributor II
New Contributor II

Hello community,

We are facing an issue regarding re-correlation operation.

Correlation rules for AzureAD endpoint is:

  • Rule 1: customproperty29 = name
  • Rule2: email = customproperty4

FranciscoJ_0-1725444366066.png

 

Current AzureAD Account attributes:

Saviynt User A: AzureAD acccount was correlated in the past. Later, Customproperty29 was cleared and it is set as blank. Email is not equal to customproperty4 of the current AzureAD. They are not matching anymore.

The user A was rehire as a new Saviynt user as Saviynt User B.

Saviynt User B: it is matching the rule for AzureAD correlation:

  • Rule 1: Sav user customproperty29 = account name
  • Rule2: Sav user email = account customproperty4

We have executed the following job for account import:

FranciscoJ_1-1725444750019.png

However, the AzureAD account is not being moved to the new Saviynt User B. It is still correlated to the old Saviynt User A even if the correlation rule does not apply anymore.

Do you know why this is hapenning?

Many thanks in advance.

Kind regards,

Francisco J.

3 REPLIES 3

rushikeshvartak
All-Star
All-Star
  • Once account has been correlated it will not be changed during import process.
  • You can have detective analytics report and fix mapping manually

Regards,
Rushikesh Vartak
If this helped you move forward, click 'Kudos'. If it solved your query, select 'Accept As Solution'.

Thanks for your answer!

Do you mean we have to detect by detective analytics the accounts that are linked wrongly to Saviynt users and then perform the mapping 1 by 1 manually using this button (change/remove user in Accounts tab)?

FranciscoJ_0-1725533563806.png

 

This is quite annoying and risky! Is there not any automatic process to do this? I think Saviynt should have sufficient resources to do that by itself since other Saviynt user is matching the endpoint correlation rule for that account!

Thanks in advance

NM
Honored Contributor III
Honored Contributor III

Hi @FranciscoJ yes that is a limitation with saviynt.. you can identify those account and either manually correlate it or manually remove from users when user was deactivated.