This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject
Register Now
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

SecurID® Governance & Lifecycle Knowledge Base

Find answers to your questions and identify resolutions for known issues with knowledge base articles written by SecurID Governance & Lifecycle experts.

Partially orphaned accounts occur in RSA Identity Governance & Lifecycle when the ADC defines multiple user resolution attributes from the same target collector

Article Number

000037420

Applies To

RSA Product Set: Identity Governance & Lifecycle
RSA Version/Condition: 7.0.2, 7.1.0
 

Issue

Partially orphaned accounts are created after Unification. In the example below, note that UserC3 is not displayed as an orphaned account, yet it is not mapped to any user which is the definition of an orphaned account.
 
Image descriptionImage description
Image descriptionImage description

Cause

This problem occurs when an Identity Data Collector (IDC) collects multiple attributes for a user, an Account Data Collector (ADC) defines two or more of these attributes in the user resolution rules, and one of the attributes defined in the resolution rules is modified in the data source.

As an example, an IDC collects User Id, Email Address, and Department. An ADC collects AccountName. Three User Resolution rules are defined on these IDC attributes in the ADC definition:
 
Image descriptionImage description

After running the IDC, Unification and ADC, the AccountName resolves to the User Id and correctly maps the users.
 
Image descriptionImage description

If one of the user attributes other than the User Id is modified in the IDC, the problem occurs. In this case, the email address for UserC3 was modified. After running the IDC and Unification, the account is left partially orphaned:
 
Image descriptionImage description

Resolution

This is fixed in 7.0.2 P12, 7.1.0 P05, and 7.1.1.  The fix ensures that unification will not deactivate the affected account mappings and the accounts will no longer appear to be orphaned or partially orphaned.
 

Workaround

As a workaround, run the Account Data Collector. This will re-map the user to the account.
0 Likes
Was this article helpful? Yes No
No ratings

In this article

Version history
Last update:
‎2020-12-12 05:12 PM
Updated by:
Administrator Administrator

Related Content

© 2023 RSA Security LLC or its affiliates. All rights reserved.