Native Change Detection Configuration

Native change detection is a mechanism in IdentityIQ's application connectors that can detect changes made in account information outside of IdentityIQ's control. The native change detection can detect newly created accounts, deleted accounts, or modified accounts. The changes are detected on aggregation by comparing stored information with newly read information. If any changes are detected, actions can be taken to respond to these changes. These actions include automatic recertification, approval, notifications or even automatically reverting the changes.

Native change detection is enabled on each application separately.

Once enabled, aggregation will start detecting changes (while filtering SailPoint requested items) and storing them with other Lifecycle Events on the identity. If you make native changes you will see them being stored on the Identity object.

Note: For Native Change Detection to operate you must have both a lifecycle event defined and the application enabled.

To configure IdentityIQ to detect native changes during aggregation, do the following:

  1. Run an aggregation to obtain the baseline information for the application.

  2. Configure a Native Change life cycle event on the Lifecycle Events page.

There are two lifecycle change events included with IdentityIQ and you can configure your own as needed:

Lifecycle Event – Email manager for all native changes

Sends a formatted email to the manager describing the changes detected.

Lifecycle Event – Manager Approval for all native changes

Generates an approval work item for each change detected. Any items rejected are undone / reversed and provisioned. This business process also creates an access request within IdentityIQ so that once the changes are made they will be visible from the Access Request page.

  1. Go to Applications > Application Definition and select an application.

  2. Select Native Change Detection on the Details panel of the application configuration UI.

  3. Define the operations to include when detecting native changes – Create, Modify, Delete.

  4. Define the attributes to compare when detecting native changes:
    Entitlements: All entitlement attributes
    User Defined: Manually enter the names of the attributes to compare, one per line.

  5. Run or schedule aggregations to detect and store any changes.

  6. Run an Identity Refresh task with the Process Events option enabled to trigger the lifecycle events for any changes detected since the last time the events were processed.