01/19/2023 12:23 PM
We are importing admin accounts from a new application but no way to correlate to User schema. But we do have the same admin accounts in our other endpoints like AD, Unix, O365 etc., already correlated to Users. Can we leverage these correlated endpoints while importing from the new Application, using advanced SQL rule?
Solved! Go to Solution.
01/19/2023 12:56 PM
I don't think it is possible to correlate user and account using data from another endpoints account
01/19/2023 02:03 PM
can we do analytics or SQL update after the Import? This would be a nice feature to connect the dots within IGA.
01/19/2023 02:30 PM
There is an actionable analytics with Action as Map Orphan Account. But problem is you cannot configure default action to automate this process. You have to take the action manually from analytics history report.
If you feel its good feature to have then you can open an idea ticket
01/19/2023 05:34 PM
Analytics are just used for reporting (select queries).
You can correlate accounts to user using actionable analytics with action Map Orphan Accounts.
This report can be setup automatically after every accounts import or can be mapped manually. Since this is sql you should be able to write correlation logic
01/19/2023 10:30 PM
What we do for some applications is 'promote' application account data to the user record custom properties. We then use the user customproperty attribute(s) in the account correlation config for other applications that can correlate on that promoted data.
For example, in an AD connector's USER_ATTRIBUTE config we set the user's customproperty20 value to the AD account's UPN. CUSTOMPROPERTY20::userPrincipalName#String
And use the user customproperty20 attribute in the correlation config for other application(s) which has the AD UPN as one of the application account attributes to find a match.
We also make use of the Saviynt for Saviynt feature. Whereby we make use of the UPDATEUSERJSON component to populate user custom properties from application account data or calculate values.
01/20/2023 09:38 AM
Thanks All for your great suggestions. In our use case, a privileged User has multiple priv accounts with application specific naming standards and storing all these on the User schema is not possible as we are running low on User schema attributes. We will try out the Map Orphan Accounts option.