Click HERE to see how Saviynt Intelligence is transforming the industry. |
06/05/2024 03:22 PM
Hello,
I am trying to understand how duplicate identity management is supposed to work. Can someone confirm or correct my understanding? I am more interested in the user import or user creation scenarios (not the detection of existing duplicate identities)
1. DIM will not stop the duplicate user from being created. It can only stop any birthright accounts from being provisioned, until the manual review has happened.
2. In the manual review, you have 2 options - you can reject the match, in which case there is no change to primary (new) or secondary user and the new user can proceed to birthright provisioning. The other option is 'Analyze' or 'Merge'. In this case, birthright provisioning is not triggered for the new user. Is this correct?
3. If Analyze is chosen, then one of the outcomes is that the secondary identity is marked as inactive after the manual review. Is this correct? What happens in this case where the authoritative source still has the user as active?
4. There is 'merging of identities' in the sense that the 2 user records are not merged into 1 user record. Certain uncommon user attributes are copied to the primary user record, but the user objects themselves remain separate and are not merged.
5. For duplicates - accounts or access is not copied over or transfered. For e.g. primary user 'a' is new and secondary user 'b' is existing, with an existing AD account. That AD account is not 'moved' or transferred to the primary user. If user 'b' is an owner of a role, or a is a member of a user group, then user 'a' is made the owner of the role or added to that user group, and user 'b' is removed as the owner, or removed from the group. Is this correct?
Thanks
06/05/2024 08:13 PM
Duplicate User Creation:
Manual Review Options:
Outcome of Analysis:
Merging of Identities:
Handling Accounts and Access:
06/20/2024 08:30 AM
One quick follow up -
When the secondary user is deactivated at the end of 'Analyze', would the user update rule for termination pick it up and trigger the disablement of accounts? Is this considered as a 'user update from UI' or 'user udpate from API'? Or will nothing happen to the secondary user's accounts and it will simply change the user-status to Inactive?
Thank you!
06/20/2024 09:38 PM - edited 06/20/2024 09:38 PM
As per my knowledge It will change status to inactive
06/22/2024 07:19 AM
Hi @asp yes it will make the secondary account status inactive after record is removed.
And it will also trigger user update rule .. if configured only .. as far as I remember it will be updated from UI