CyberSolve

How To: SailPoint IdentityNow – Reset Exceptions & Uncorrelated Accounts

There are several scenarios when using the SailPoint IdentityNow (IDN) product where you can end up with Exceptions and Uncorrelated target accounts. The most common scenario is when an Identity Profile for a user is deleted. This happens when a user record is deleted from the authoritative source mapped to the Identity Profile container. When this occurs, any target application mapped to the profile will go into an exception state and will not re-correlate until they are manually reset. Below are the steps to manually reset an account.

1. Navigate in the IdentityNow Cloud Tenant UI

a. Admin > Connections > Sources > <SourceName>

2. Click on the Accounts tab.

3. Open Dev Tools (if using Google Chrome on a Mac, click on View > Developer > Developer Tools).

4. Click on the Network tab of Dev Tools.

5. Clear the logs/view in Dev Tools.

6. Click on XHR to filter only XHR items.

7. In the Account Search field, find the troubled account, as illustrated in the picture below.

8. In Dev Tools, on the left side that shows the URLs, select the one that begins with: https://<Org>.api.identitynow.com/cc/api/source/getAccounts/

9. Click on this logged event and expand the items on the right-hand side of the screen. Under “features”, you will find the ID for this account.

 

10. Using Postman, you will want to confirm that you can find the account using that ID

<GET>HTTPS://<Org>.api.identitynow.com/beta/accounts/2c91808b784223090178494847e42aa3

 

11. Using the following API, you will now reset the account

<PATCH>https://<Org>.api.identitynow.com/beta/accounts/2c91808b784223090178494847e42aa3

Payload Configuration: Select Body >> raw >> JSON. In the form place this text

[{ “op”: “replace”, “path”: “/manuallyCorrelated”, “value”: false}]

12. After the successful completion of step 11, the account should be reset.

13. Run a de-optimized aggregation.

<POST>HTTPS://<Org>.identitynow.com/api/source/loadAccounts/<Source ID>?disableOptimization=true

14. The account should now correlate to the proper Identity Profile.

If you want to learn more about our Identity & Access Management services and solutions, see our IAM Services page.

Talk to the experts at Identity And Access Solutions to see how your organization can implement SailPoint IdentityNow (IDN) features to fit your unique needs.

Leave a Reply

How can we help you?

Contact us at the Consulting WP office nearest to you or submit a business inquiry online.