Identity Governance publishes all identity sources concurrently to ensure that each unified identity receives the latest merged information. Identity sources always get published before application sources.
When using the Publish and merge option for your Identity Collectors, you will need to plan the following actions:
Specify the order in which your identity sources will be published
Specify the attribute(s) that will be used to match records from each source to identities in the catalog
Designate which identity source will be used as the preferred (authoritative) source for the attributes that will be used to match records
Decide if you want to allow or prevent new user creation when users from an identity source cannot be merged with an existing user from another identity source
For information about setting the merge rules, see Section 9.1.2, Setting the Merge Rules for Publication.
Merge rules allow you to control which values will be stored when multiple identity sources provide information for the same fields. For example, if two sources provide an email address, data from the selected source will be saved as the primary value. If you do not select a identity source as the authoritative source for merging, Identity Governance uses the first collected value.
Once you set the merge rules, you can export the rules as a JSON file, and import the file in another Identity Governance environment. The JSON file includes the merge order for the identity sources and the authoritative source for the identity attributes. While importing the merge rules, Identity Governance tries to match the identity data sources between the two systems based on ID or name and makes the best decision it can. However, before you import, you can change that decision or resolve any difference such as different mergeable identity sources or different identity attributes between the two systems.
If you delete any identity source or authoritative source from the system where data is imported and import the same file, Identity Governance displays only the current mergeable data present in the system regardless of the data being present in the exported file.
IMPORTANT:When collecting identities using the publish and merge setting, matching attributes are mandatory for Identity Governance to include the user when publishing. If a secondary identity source has users that do not have the matching attribute defined in the collector, they will be collected, but they will not be published. For information about merging examples, see Data Collection and Publication Reference.
Log in to Identity Governance as a Customer or Data Administrator.
Select Data Sources > Identities.
Drag and drop the identity sources to their desired positions to set their priority for merging the published attributes. In general, it is desirable to place your most complete and authoritative source in position 1.
To use a specific identity source as the attribute authority, complete the following steps:
Under Publish and merge, expand Set merging rules.
For the attribute that you want to modify, specify the identity source.
The None (first collected value) option instructs Identity Governance to use the first identity source as the attribute authority.
NOTE:You must specify unique values for the attributes you want to match during merging. In addition, do not use an empty (null) value as a matching attribute value.
(Optional) Click Export merging rules or Import merging rules.
Select the Save icon.
Publish your pending changes.
Verify the changes that you published to the catalog.
Since the Identity Governance catalog is comprised of the data contributed by all published sources of Identity data, you must perform a publication of Identity data only after you have performed a collection from all sources. The publication process will unify your collected data sources and populate the catalog.
If you have a scheduled collection, Identity Governance publishes the collected identities at the end of the run. You can also manually publish the identity sources.
Identity Governance uses a red diamond icon to indicate that an identity source has been collected but not published. Identity Governance shows any collection errors or warnings on the Identities and Applications data source pages.
To manually publish the identities:
Log in to Identity Governance as a Customer or Data Administrator.
Select Data Sources > Identities.
Make sure you have collected all the identities.
Select the Publish identities now icon.
When you see that publication has completed, go to Catalog to view the collected information.
Identity Governance enables you to keep track of the merge events that cause unique user IDs to be created, assigned, or changed during the publication of identities. It also tracks events where merging could not happen. The merge process might result in events such as:
The collected user fails to merge and does not create a new user
A collected user that was previously merged no longer merges and new user creation is not allowed
A previously merged user is split into different users, and a new user is created with a new unique user ID
A collected user that used to merge with one user now merges with another user, which changes its unique user ID
You can view these merge events to investigate how identities were merged and why a certain user ended up having a certain unique user ID.
To view merge histories:
Log in to Identity Governance as a Customer or Data Administrator.
Select Data Sources > Identities.
In the upper right, select Merge Histories.
Select a tab to investigate merge events.
Select the Settings icon to add and delete columns.
Based on your analysis and needs, change your publication options. For support with troubleshooting issues, contact your Customer Support team.