Skip to content

Managing Multi-Host Account Schemas

Each source supports a variety of details, or attributes, about each user who has an account, such as their name, email address, manager name, and location.

The set of account attributes each source stores and how they're organized is known as the account's schema. To best represent your data, you can configure sources to use an account schema matching the one you use in the external connector.

Multi-host account schemas enable bulk configuration of account schemas for all sources within a multi-host group.

Viewing an Account Schema

Most sources have an account schema as soon as they're connected to Identity Security Cloud. To view your multi-host group account schema:

  1. Go to Admin > Connections > Multi-Host Sources and select a multi-host group.

  2. Select Edit to view configuration details about the multi-host group.

  3. From the left navigation, select Account Management > Account Schema.

Each multi-host group schema has one attribute marked as the Account Name and one attribute marked as the Account ID. Editing the Account Name or Account ID after aggregation can result in serious issues and is strongly discouraged.

If your multi-host group doesn't have an account schema, you can create one by adding attributes to the source that match your external connector.

Editing an Account Schema

You can add and delete attributes from a multi-host group account schema, as well as indicate whether an attribute supports multiple values.

  1. Go to Admin > Connections > Multi-Host Sources and select a multi-host group containing the account schema you want to update.

  2. Select Edit to view configuration details about the multi-host group.

  3. From the left navigation, select Account Management > Account Schema.

    • To add a new attribute, select Add New Attribute and fill out all required fields.

      Important

      Attribute names cannot contain periods.

    • To delete an attribute, select the Actions icon beside the attribute and select Delete.

      You can also select the checkbox beside attributes in this list and select Delete.

    • To mark an attribute as an entitlement, select the Actions icon beside the attribute and select Edit. Select the Entitlement checkbox, then select Update.

      Note

      Boolean attributes cannot be marked as entitlements.

    • To include permissions with entitlements that are part of an account aggregation, select Edit Schema at the top of the page, and select the Include permissions in aggregations checkbox.

    • To remove the Multi-Valued setting on an attribute, select the checkboxes beside the attributes you want to edit. Clear the checkbox for the Multi-Valued setting.

      You can also do this in the Edit Attribute overlay.

    • To edit a source's Account Name and Account ID attributes, select Edit Schema at the top of the page. Under Account ID and Account Name, choose the attributes that should be used to provide those values and select Update.

      Changing Account Name and Account ID Attributes

      Updating the Account Name or Account ID attributes for a source after aggregating accounts is strongly discouraged and can cause significant errors.

      The Account Name attribute is immutable, and editing it after accounts have been aggregated can cause duplicate accounts and identities to be aggregated and created. The Account ID attribute is used in multiple places across systems to reference accounts. Changing the Account ID can break these references in serious and unexpected ways.

Documentation Feedback

Feedback is provided as an informational resource only and does not form part of SailPoint’s official product documentation. SailPoint does not warrant or make any guarantees about the feedback (including without limitation as to its accuracy, relevance, or reliability). All feedback is subject to the terms set forth at https://developer.sailpoint.com/discuss/tos.