Skip to content

Aggregating Accounts and Entitlements

There are two possible ways to collect accounts and entitlements. This can be done by either running an aggregation manually in IdentityNow or by using the Data Access Security website.

Run Aggregation Manually in IdentityNow

  1. Navigate to Admin > Connections > Sources.

  2. Find the source you want to aggregate from and select View on that particular source.

  3. In the top left corner, select Import Data.

  4. Verify that Account Aggregation is selected. Near Manual Aggregation, select Start.

  5. To see all of the aggregated accounts, select the Accounts tab.

  6. Once the account aggregation process is complete and the amount of accounts in IdentityNow matches the number of rows in the Data Access Security database, navigate to the Import Data tab.

  7. On the Import Data tab, select the Entitlements Aggregation view and then select Start.

  8. To see the aggregated entitlements, navigate to the Entitlements tab.

Run Aggregation from Data Access Security Website

Warning

This method is not recommended. When this method runs, it collects all of the accounts and entitlements from the source and not only the new or updated data. Due to this, the aggregation takes longer than the aggregation within IdentityNow.

  1. Navigate to Admin > Identity Collectors.
  2. On any existing Identity Collector row, select the third icon in the Actions column and select Run Aggregation.

This triggers the Run Accounts Aggregation task in IdentityNow.

  • All accounts existing in the source that are connected to the current Identity Collector will be imported into IdentityNow.
  • Every found account is sent a message to the Kafka Accounts topic. The Data Access Security Accounts Collector Service takes the relevant messages and saves the collected accounts into the Data Access Security database.

After the Accounts are imported to IdentityNow, the Entitlements aggregation triggers automatically. It works in the exact same way as for Accounts except for these differences:

  • Entitlements are sent to Kafka Entitlements topic.
  • The Data Access Security service responsible for collecting and saving Entitlements is the Data Access Security Entitlement Collector Service.
  • After the Entitlements aggregation process is finished, an automatic process runs connecting all the imported Accounts with the relevant Entitlements.

Note

This automatic process also runs on an hourly basis regardless of whether or not aggregation was requested.

Note

All Accounts should be collected before the Entitlements collection process is finished.

After both aggregation processes are complete, all existing users and groups in the IdentityNow Source are in the Data Access Security database.