Managing Sources

After you have loaded your account data into IdentityNow, you may need to make changes to a source. A source is the IdentityNow representation of a third-party application, database, or directory management system that maintains its own set of user accounts or personnel records. IdentityNow collects data from these sources. A connector connects IdentityNow to the source system, so its data can be loaded into our identity governance system. IdentityNow collects user accounts and access rights from those systems and associates them to the source definition.

Viewing Source Details

After you have configured a source and loaded account data into IdentityNow, you may need to view or make changes to a source's details.

To access the source list, go to Admin > Connections > Sources. This is a list of all sources that are configured by your organization. You can search the list by name or description or filter the list by connection type and source owner.

The default view of the source list is the table view. Each row contains information about the source based on the customizable columns. If there are warnings or errors, you can select them in the Status column for more details. Select the the Actions menu to edit or delete the source.

Select Cards to switch to the card view. Each source card contains information about the source, including the name, description, source type, connection type, and source owner. If there are warnings or errors, you can select them on the source card for more details.

For Direct Connection sources, you can test the connection from the Actions menu on the table row or card, or you can delete the source. Select View for more details.

Select Edit to go to the source configuration page and review or update the following information about a source:

• Source type - The type of data provided by the source. For a list of source types, refer to Supported Connectors for IdentityNow.

• Connection type - The method used to add the source to IdentityNow. Sources can be added through a direct connection with an external system or through a flat file that a user imports into IdentityNow. For more information on these connections, refer to Loading Account Data.

• Source Owner - The owner of the source. After you've configured a source, you can assign a source owner.

• Governance Group - The group used for granting users source role sub-admin level oversight of the source and its access.

• Additional connectivity details - Connectivity information such as URL, host, port, username, password, and more. This information varies by connector.

You can also view the account schema for a source by selecting Import Data > Account Schema. From this page, you can add, edit, or delete attributes.

Viewing Accounts on a Source

You can view which identities have accounts on a source in its Accounts tab.

1. In the Admin interface, go to Connections > Sources.

2. Select the source you want to review.

3. Select the Accounts tab to view a list of accounts on the source.

   You'll also see the number of accounts loaded from the source.
   
   

   Notes

   • If an identity is listed multiple times, this indicates that the identity has multiple accounts on this source. As a result, the identity may be able to access the application using any of these accounts, possibly with different types of access through each account.
   • This list may also contain uncorrelated accounts. These accounts have not been matched to any identity in the Identity List.

   Select CSV to export a list of the details for all the accounts on a source, including their entitlements.

   Note

   Sources with more than 100,000 accounts can't be exported.

4. Select a user's name to go to the identity details page to view more information about the identity.

Assigning a Source Owner

IdentityNow requires the selection of an owner for each source. This user is known as a source owner.

A source owner may complete specific tasks for the following IdentityNow services:

• Provisioning - For sources that are not direct-connect, source owners will receive notifications in their Task Manager when an account needs to be added, modified, or removed.

• Certifications - A source owner may be asked to review the access of people who have entitlements on a source. They may also receive tasks to remove entitlements that were revoked during certification campaigns.

To assign a source owner:

1. Go to Admin > Connections > Sources.

2. Select Edit on the Source table row or card of the source you want to assign an owner to.

3. In the Source Owner section of the Edit Configuration tab, enter the name of the user you want to assign as the source owner.
   
   

4. Select Save to add this user as the source owner.

The new source owner will receive notifications of tasks they need to complete in their Task Manager.

Resetting Sources

You can remove all data associated with the source from IdentityNow, including accounts, entitlements, and access profiles, without losing the source's configuration. For example, you may want to reload the data for a source after you've changed its schema. Rather than delete the source and start over, you can reset the source, so it maintains its configuration, and then reload its data.

Before you reset a source, review the following table to understand how resetting a source can affect your data and what actions you may need to take after the reset.

Source Data Affected	System or User Behavior	Post-Aggregation
Connected Identity Profile	The identity profile is not deleted, but all identities are deleted from it. If the identity also exists on another authoritative source, it will temporarily become an identity on that source.	Identities are recreated. If an identity was temporarily moved to a different identity profile, it will be reconnected to the original source.
Identity Profiles with Required Attributes Mapped to the Source	If mappings are on required attributes, those accounts become uncorrelated.	Accounts become correlated.
Identity Profiles with Attributes Mapped to the Source	Associated attributes are temporarily removed from the related identities. Note: Attributes that are mapped to transforms that reference this source are also temporarily removed.	The attributes and their values appear correctly.
Source Owners from the Source	If any of the identities on the source you are resetting are source owners of any source, you will not be able to reset the source. Choose a new source owner for that source and try again.	Reassign the previous source owner as needed.
App Owners from the Source	The app owner field on the app is cleared.	You must reassign the app owner.
Entitlements	Entitlements are cleared.	Entitlements are reloaded.
Access Profiles	Access profiles are deleted.	You must recreate any access profiles needed for provisioning.
Accounts Correlated to Identities	Source accounts that were correlated to your identities are removed.	The new correlation configuration is applied to your current identities. Account sources might be reassigned based on these changes.

Notes

• You can only reset one source at a time.
• A reset will fail if an aggregation is in progress. Reset the source when aggregation has completed.
• Aggregation schedules are retained through a reset.
• You must disable delta aggregations for JDBC, Lotus Domino, and SAP HR before resetting these sources. After executing a full aggregation, you can reinstate the delta aggregation configurations.
• For Active Directory and SharePoint, delta aggregations can remain in place, and any schedules associated with aggregation still apply. IdentityNow runs one full aggregation before resuming delta aggregation for these sources.

Resetting a Source

To reset a source, you'll need to open a Support ticket or use the IdentityNow REST API.

To reset a source using the IdentityNow REST API:

1. Sign into your org as an administrator.

2. In the Admin interface, go to Connections > Sources and select the source you want to reset.

   The cloud source ID is displayed at the end of the URL in your browser address. The source ID is also known as the front-end ID for a source.
   
   

3. Make note of the source ID, as you'll need to refer to it in the next step.

4. Use your preferred tool to call the following API:

   POST https://\<tenant\>.api.identitynow.com/cc/api/source/reset/\<cloudSourceId\>

   where

   <tenant\> is the URL for the IdentityNow org.

   <cloudExternalId/> is the ID of the source you want to reset.

The call removes all accounts and entitlements from the source, allowing you to aggregate new data.

You can selectively delete accounts or entitlements and access profiles by adding ?skip=accounts or ?skip=entitlements to the API call's URL. If you choose to skip accounts, all account data remains. If you choose to skip entitlements, all entitlements and access profiles remain.

Note

This call will require the appropriate authentication/authorization.

Alternatively, if you no longer need to maintain the source in IdentityNow, you can completely remove it by deleting the source.

Deleting Sources

Before you can delete a source, you'll need to successfully remove all connections to that source including:

• Any identity profiles associated with the source.
• Any apps connected to the source.
• Any reference to the source in a transform.

Note

If the source is used to authenticate logins to IdentityNow through pass-through authentication, you must configure an alternative authentication process (source) prior to deleting the source.

Tip

To see a comprehensive list of all connections to a source, including the virtual appliance, identity profiles, apps, and SaaS Management connection, select the Connections tab for the source.

Removing Identity Profiles from a Source

Before you delete an identity profile, it's important to understand the implications of doing so. For example, in addition to deleting identities, the accounts on the related source become uncorrelated unless another identity profile in your system also owns those accounts.

Prerequisite: Before deleting an identity profile, verify that any associated identities are not source or app owners. If they are, you won't be able to delete the identity profile until those connections are removed.

To view the identity profiles on a source:

1. In the Admin interface, go to Connections > Sources and select the source you want to review.

2. Select the Connections tab. If the source is connected to an identity profile, the name of the profile is displayed under Identity Profile along with the number of identities that came from the source using that identity profile.
   
   

3. Select the name of the identity profile to view additional details about it and to verify that deleting it will not pose any problems.

To delete a source's associated identity profile:

1. In the Admin Interface, go to Identities > Identity Profiles.

2. Select the checkbox next to the identity profile(s) you want to delete.
   
   

3. From the Actions menu, select Delete. You'll receive a warning message that states the number of identities that came from that source.
   
   

4. Select Continue to delete the identities.

The identity profiles have been removed from the source.

Removing App Connections from a Source

Before you remove an app from a source, it's important to understand the implications of doing so. Removing an app from a source will affect users' ability to use those applications. You must select a replacement source for the application before you remove the current source.

Note

You must be an Admin to remove or change an existing connection between an app and a source.

1. In the Admin interface, go to Connections > Sources and select the source you want to review.

2. Select the Connections tab. In the Applications section, you'll see the number and list of applications currently connected to the source.

3. Select an app in the list to view additional details about it before removing it from the source.

4. When you understand the impact of removing the app from the source, go to Admin > Applications and select the app you want to edit.

5. In the Account Source section of the Configuration tab, use the Select Source dropdown menu to select the new source for the app to use in place of the one you are preparing to delete.
   
   

   Note

   The Account Source section only displays when Admin (IT) is selected for App Accounts Created By.

6. Complete your configuration and select Save to update IdentityNow with your changes.

After you've removed all connections to the source, run an aggregation for the source. After the aggregation process successfully completes, you can delete the source.

Note

IdentityNow doesn't allow you to delete a source while any identity data is being processed, even if the data isn't connected to the source you want to delete.

Deleting a Source

Before you delete a source, you must remove all references to that source from identity profiles and applications. You can delete a source on the Sources list page or from the Source Configuration page, or by using the IdentityNow REST API. Refer to the Delete Source API documentation on the Developer Portal for more information on the API call.

To delete from the Sources list page:

1. Go to Admin > Connections > Sources.

2. On the Source row of the source you want to delete, select the Action menu icon and select Delete Source.
   
   

3. Select Continue on the confirmation message to delete the source.
   
   

If the source is still in use, an error will display.

Tip

You will see more details about the places where the source is in use if you try to delete it from the source details page.

To delete from the Source details page:

1. Go to Admin > Connections > Sources.

2. Select View to see the Source details page of the source you want to delete.

3. Select Delete Source.
   
   

   If the source is still in use, a list of items connected to the source displays. You must remove these connections before you can successfully delete the source.
   
   

4. If the source is not in use, select Continue on the confirmation message to delete the source and all its related data.
   
   

   Note

   The appearance of this message may differ slightly depending on the type of source selected.

Troubleshooting

How can I verify that my sources are working as expected?

You can check the following to ensure that your sources are working correctly after an update:

Identity System Checks

• Check the Virtual Appliance Health.
• Validate that VA clusters have a status of Normal.
• Check the health of your sources:
  • Check the System Status dashboard to validate that you're not seeing any errors on sources.
  • Look for status banners on the source pages.
  • If you go to a source and select Test Connection, you see the Connected message.
  • Validate that user/group aggregations are functioning appropriately.

Verifying Provisioning

• Validate the role is providing the expected entitlements.

• Validate attribute synchronization operates as expected.

• Validate lifecycle state changes operate as expected.