Idea ID: 2848220

Orphan Account Review - IGA to allow manual association of account to an user

Status: Needs Clarification

Needs Clarification

See status update history

Currently in Orphan Account Review, whenever user select "Assign account to User", IG does not have any action. It created a fulfillment task that need manual intervention in target system.

IG should execute the action and associate the account to user in IG.

There are cases like user has multiple IDs and target system does not have additional column to store additional correlation key. 

Besides, the other IGA products are working in this way. Why MF IG is not?

Parents
  • As documented in the User&Admin Guide / "Editing Attribute Values of Objects in the Catalog" chapter, this is how we should also be able to handle the account to user association as well:

    "When you edit the data, you override the originally collected content and Identity Governance shows an icon next to the value to indicate the change. Any attribute that you edit will be persisted through subsequent collection and publication, even if the original value for the attribute changes. You can later reset the attribute value to its collected value."

    The above only applies to "editable" attributes. Probably there's a bit more work than just marking the "Account-User Mapping" as editable under the hood. But this would be the way to go. Seems to work just fine with "Custodians" attribute. Once possible, it should be also possible to fulfill the orphan account review "assign account to user" like this, if the application doesn't support user assignment directly.

Comment
  • As documented in the User&Admin Guide / "Editing Attribute Values of Objects in the Catalog" chapter, this is how we should also be able to handle the account to user association as well:

    "When you edit the data, you override the originally collected content and Identity Governance shows an icon next to the value to indicate the change. Any attribute that you edit will be persisted through subsequent collection and publication, even if the original value for the attribute changes. You can later reset the attribute value to its collected value."

    The above only applies to "editable" attributes. Probably there's a bit more work than just marking the "Account-User Mapping" as editable under the hood. But this would be the way to go. Seems to work just fine with "Custodians" attribute. Once possible, it should be also possible to fulfill the orphan account review "assign account to user" like this, if the application doesn't support user assignment directly.

Children
No Data