Skip to content

Managing Machine Identity Schemas

Each source supports a variety of details, or attributes, about machine identities. The set of attributes each source stores and how they're organized is known as the machine identity schema. To best represent your data, you can configure sources to use a schema matching the one in the external connector.

Viewing Machine Identity Schemas

Most sources supported by Agent Identity Security have preconfigured schemas included in Identity Security Cloud. SailPoint recommends using these schemas unless you need to update attributes for a specific purpose.

  1. Go to Admin > Connections > Sources.

  2. Select or edit a source to view its schema.

  3. In the Machine Identities section, select Machine Identity Schemas to display the schema.

    An example schema for Azure Foundry.

    You can update the schema if changes are required.

    If a source does not have a default machine identity schema, you can create one.

Creating Machine Identity Schemas

You can create machine identity schemas for generic sources like Web Services and JDBC.

  1. Go to Admin > Connections > Sources.

  2. Select or edit the source you want to configure.

  3. In the Machine Identities section, select Machine Identities Schemas.

  4. Select + Create Machine Identity Schema.

  5. Enter a name and description for the schema and then select Save.

    Note

    The name of the schema cannot be changed after it is created.

  6. Add attributes to the schema. Choose which attributes will be designated as the Native Identifier and Identity Name.

Updating Machine Identity Schemas

You can add and delete attributes from a machine identity schema, as well as indicate whether an attribute supports multiple values.

  1. Go to Admin > Connections > Sources.

  2. Select or edit the source you want to configure.

  3. In the Machine Identities section, select Machine Identity Schemas.

  4. Update the schema through the following actions:

    • Add an attribute by selecting Add Attribute.

      Note

      Attributes cannot exceed 256 characters.

    • Edit an attribute by selecting Actions > Edit.

      Warning

      Each schema includes the Native Identity and Identity Name attributes. If these attributes require changes, it is strongly recommended to do so before an aggregation is performed. After an aggregation has run, editing these attributes can result in duplicate machine identities and other serious issues.

      To edit these attributes, select the schema’s Actions menu > Edit Type.

    • Delete an attribute by selecting Actions > Delete.

      Delete multiple attributes by selecting the checkboxes for the attributes you want to delete. Select Delete Attributes above the attribute list to remove them from the schema.

    • Set an attribute to support multiple values by selecting Actions > Edit. Select the Multi-Valued checkbox and then select Update to apply the change.

      Mark multiple attributes as multi-valued by selecting the checkboxes for attributes you want to change. Select the Multi-Valued checkbox above the attribute list to apply these changes.

    • Remove the multi-valued setting on an attribute by selecting Actions > Edit. Clear the checkbox for the Multi-Valued setting and then select Update to apply the change.

      Remove the multi-valued setting from multiple attributes by selecting the checkboxes for the attributes you want to edit. Clear the Multi-Valued checkbox above the attribute list to remove the setting.

Deleting Machine Identity Schemas

You can delete machine identity schemas that are no longer in use.

Important

Before deleting a schema, ensure that all machine identities associated with the schema have been deleted.

  1. Go to Admin > Connections > Sources.

  2. Select or edit the source you want to configure.

  3. In the Machine Identities section, select Machine Identity Schemas.

  4. Select Actions > Delete Type for the schema.

  5. Confirm the deletion.

Documentation Feedback

Feedback is provided as an informational resource only and does not form part of SailPoint’s official product documentation. SailPoint does not warrant or make any guarantees about the feedback (including without limitation as to its accuracy, relevance, or reliability). All feedback is subject to the terms set forth at https://developer.sailpoint.com/discuss/tos.