Skip to content

Managing Machine Accounts

If your organization has Machine Identity Security, you can set criteria to classify the machine accounts on a source. A machine account is a non-human account that relates to an application or service. Machine accounts may include service accounts, bots, or shared accounts that multiple users log in to. Like human and uncorrelated accounts, machine accounts can also be disabled, aggregated, unlocked, and removed.

You can manage the machine accounts in your tenant by updating their correlation and account attributes.

Correlating Accounts to Machine Identities

After processing your classification policy, some machine accounts might be incorrectly classified or correlated to the wrong identities. For example, some machine accounts might have been correlated to human identities. You can review these accounts in the Human Accounts list to determine whether they should be correlated to machine identities.

To correlate accounts to machine identities

  1. Go to Admin > Identity Management > Accounts.

  2. Select Human Accounts or Uncorrelated Accounts from the left panel.

    Note

    To update the correlation for a machine account in the Machine Accounts List, refer to Updating Machine Accounts.

    Tip

    The Classified as Machine tile will display on the Human Accounts page when machine accounts are correlated to human identities. Select the Classified as Machine filter to view these accounts and determine whether their correlation should be updated.

  3. Select Actions > Update Correlation for the account.

  4. Select Machine as the account type and then select Save.

Identity Security Cloud processes the machine account mappings configured for the account’s source. You can then review the machine account’s attributes to ensure the account details are correct.

Note

If mappings were not configured before correlation, the machine account will be correlated to a partial machine identity. The account will not have an account owner, environment, or description. You can update this information by editing the machine account’s attributes.

To update the correlation for multiple accounts, select the checkboxes for the accounts you want to change and then select Correlate to Machine Identity.

Important

SailPoint recommends updating the correlation for a single account first to ensure the source’s machine account mappings are configured as intended.

Note

You can correlate up to 100 accounts at a time.

Updating Machine Accounts

You can manually update a machine account’s attributes after it’s been mapped. For example, you might need to update the account owner for a machine account if the previous owner moves to a different role or leaves your organization.

  1. Go to Admin > Identity Management > Accounts.

  2. Select Machine Accounts from the left panel.

  3. Find the machine account you want to update and select Actions > Update Account.

  4. Make changes as needed and select Apply.

    Note

    Machine accounts can only be correlated to machine identities.

Identity Security Cloud will preserve manual changes made to this account even when its mapping changes.

Documentation Feedback

Feedback is provided as an informational resource only and does not form part of SailPoint’s official product documentation. SailPoint does not warrant or make any guarantees about the feedback (including without limitation as to its accuracy, relevance, or reliability). All feedback is subject to the terms set forth at https://developer.sailpoint.com/discuss/tos.