fp_idmworks Honored Contributor.
Honored Contributor.
337 views

3.5 -- Overview page -- Accounts double the identities

I have two applications, AE and eDirectory accounts. I am trying to map based on source from ID, but the accounts don't ever diminish to the same count as identities.

Is this as expected or should we be able to merge / match application accounts the same as we do identity sources?
If this isn't expected and we should be able to merge, what would be the default for the RBPM AE collector and eDirectory Account application sources?
0 Likes
1 Reply
Micro Focus Expert
Micro Focus Expert

Re: 3.5 -- Overview page -- Accounts double the identities

On 2/5/19 3:04 PM, fp IDMWORKS wrote:
>
> I have two applications, AE and eDirectory accounts. I am trying to map
> based on source from ID, but the accounts don't ever diminish to the
> same count as identities.
>
> Is this as expected or should we be able to merge / match application
> accounts the same as we do identity sources?
> If this isn't expected and we should be able to merge, what would be the
> default for the RBPM AE collector and eDirectory Account application
> sources?
>
>

Greetings,

I. Is the following what you are outline:

1) You have the following:
a) IDM AE Permissions Collector
b) eDirectory Accounts Collector
c) ?? Identity Collector


2) When you look at the accounts from 1.a and/or 1.b they do not map to
an Identity that was collected from 1.c. Or another way to view it, is
that when you look at your Identities they do not have any accounts?

OR

II.

1) You have the following:
a) IDM AE Permissions Collector
b) eDirectory Accounts Collector

Both are pointing to the same eDirectory/Vault server. As a result,
when you look at the Accounts in the Catalog you see what appears to be
a fair number "duplicates"?

If this is the case then it is working as expected and designed.
Accounts do not get "merged". Each account is coming from a different
Application Source (Collector) so therefore each is unique.


In general, the pattern is Account --maps to--> Identity

You can have unmapped accounts, which are unmapped for different reasons
(For Example: (a) they are special admin account and do map to an
Identity in the Company or (b) the user was removed and the account had
not been cleaned up, which is where running an unmapped account review
would help resolve).

The other aspect is that in a lot of environments/configurations you
will have Permission --> Account --> Identity

--
Sincerely,
Steven Williams
Principal Enterprise Architect
Micro Focus
0 Likes
The opinions expressed above are the personal opinions of the authors, not of Micro Focus. By using this site, you accept the Terms of Use and Rules of Participation. Certain versions of content ("Material") accessible here may contain branding from Hewlett-Packard Company (now HP Inc.) and Hewlett Packard Enterprise Company. As of September 1, 2017, the Material is now offered by Micro Focus, a separately owned and operated company. Any reference to the HP and Hewlett Packard Enterprise/HPE marks is historical in nature, and the HP and Hewlett Packard Enterprise/HPE marks are the property of their respective owners.