Idea ID: 2848220

Orphan Account Review - IGA to allow manual association of account to an user

Status: Needs Clarification

Needs Clarification

See status update history

Currently in Orphan Account Review, whenever user select "Assign account to User", IG does not have any action. It created a fulfillment task that need manual intervention in target system.

IG should execute the action and associate the account to user in IG.

There are cases like user has multiple IDs and target system does not have additional column to store additional correlation key. 

Besides, the other IGA products are working in this way. Why MF IG is not?

Parents
  • We evaluated the product a couple of years ago and had to choose another vendor product mostly because of this major shortcoming. Collecting all kinds of user account data from all kinds of existing systems is the core functionality of identity governance solution. The solution must support linking/mapping/correlating collected application accounts to real identities, but it must not assume that the source application could be improved to contain and provide perfect data for this operation. Or would want to develop automation for that (that's usually called IDM) or have manual data update process for each lacking application. IG should of course utilize data (e.g. employee number) whenever possible, but even if there were just random user account names in the application, in IG it should be possible to manually add the account linking to the identity. Being able to run reviews with "Assign account to User" is already great, but if IG cannot persist this manual assignment internally, it's pretty useless.

    And yes, other vendors do this (but may have other shortcomings).

Comment
  • We evaluated the product a couple of years ago and had to choose another vendor product mostly because of this major shortcoming. Collecting all kinds of user account data from all kinds of existing systems is the core functionality of identity governance solution. The solution must support linking/mapping/correlating collected application accounts to real identities, but it must not assume that the source application could be improved to contain and provide perfect data for this operation. Or would want to develop automation for that (that's usually called IDM) or have manual data update process for each lacking application. IG should of course utilize data (e.g. employee number) whenever possible, but even if there were just random user account names in the application, in IG it should be possible to manually add the account linking to the identity. Being able to run reviews with "Assign account to User" is already great, but if IG cannot persist this manual assignment internally, it's pretty useless.

    And yes, other vendors do this (but may have other shortcomings).

Children
No Data