Symantec IGA

  • Private Community

  • 1.  Correlate and update attributes not working as expected

    Posted Sep 13, 2017 04:03 AM

    Hi,

     

    Correlate and update attributes not working as expected.

    The last account data applied on all the other accounts.

    I am not  sure which function calls when we run correlate and update attributes.

     

    Any help is appreciated!

     

    Thanks,

    Harilal.



  • 2.  Re: Correlate and update attributes not working as expected
    Best Answer

    Broadcom Employee
    Posted Sep 13, 2017 07:55 AM

    Hi Harilal

     

    Could you please provide a bit more detailed description of what's going wrong when you do explore and correlate and your global users are not being updated? I don't understand whether you have issues with updating the corporate user fields or whether they are being updated with previous values. Therefore below I am giving you indications for both situations.

     

    1. Issue #1: Your IM user attributes are not being updated:

     

    I don't know what endpoint type you are using but typically, for some endpoints, whether explore and correlate updates global user attributes depends on whether you have configured the attribute mapping on the Endpoint's Attribute Mappings screen. For custom endpoint no default mapping is typically there for Explore and Correlate to update Global User Attributes. For example, in the below screen I am telling CA IM to update Global User attribute Country with CRM endpoint's attribute Country when explore and correlate takes place with Update User Fields option.

     

     

    Then whether this attribute is synchronized with Identity Manager corporate user depends on whether this Global User attribute is mapped with the Identity Manager user store attribute on the Environment settings in the IM Management console.

     

    2. Issue #2: Your IM user attributes are being updated with the old information:

     

    In CA Identity Manager, Explore, Update and Correlate are different types of operations. Which means that if you run them separately and not together the behavior is different. For example, if you just explore, CA IM will update its pointers / inclusions to the target system objects. If you run just correlate, then CA IM will take the already explored data (will not do another explore) and will do the correlation and update based on the data CA IM already has. So if this is the issue that you are having, maybe all you need to do is make sure that you check all of the options: Explore and Update User fields in the same operation.  CA Identity Manager needs to run Update User Fields as you are exploring.

     

    Understanding the exact behavior of your issue would help us understand where you are having the issues.

     

    KR
    Russi



  • 3.  Re: Correlate and update attributes not working as expected

    Posted Sep 13, 2017 10:54 AM

    Hi Russi,

     

    Thanks for your reply!

     

    The issue matches with the case #1.

    The Person UUId overridden with Person UUId of last account in the list of managed object.

     

     

                   

     

    Detailed :-

    When we run the Explore endpoint for managed objects the Person UUId are unique as expected and the Correlate accounts to global users alos unique with Person UUId.

    But once I run the Update global users fields then all accounts Person UUId’s are identical in managed object with last account of Person UUId.

     

     

    Thanks,

    Harilal.