Configuring Manager Correlation
Manager correlation links an employee to their manager. This relationship is often used in the certification process and in access request approval processes.
Manager correlation is specified as a match between an identity attribute and an account attribute. It is configured on a source, usually the authoritative source, which contains an account attribute that uniquely identifies the user's manager identity.
For example, the values of the source's
manager account attribute for each employee record might be matched to the
identificationNumber identity attribute of their manager. For each account, the manager correlation process searches all identities'
identificationNumber attributes for a match to the account's
manager attribute value, and creates a link between the two identities whenever the matching value is found.
Setting Up Manager Correlation
Manager correlation requires both of these configurations:
The Manager Name attribute must be mapped in each identity profile.
The source which contains the account data to match must have a Manager Correlation Configuration specified.
Defining the Manager Correlation Configuration
Define the manager correlation configuration on a source containing an account attribute that defines the manager relationship, usually the authoritative source.
Go to Admin > Connections > Sources.
Select the source you want to update.
Go to Import Data > Correlation.
Locate the Manager Correlation Configuration section (below the Correlation Configuration section).
Use the Identity Attribute and Account Attribute dropdown menus to select the attributes to be correlated.
- Identity attribute specifies the identity attribute to examine on the manager's identity.
- Account attribute names the source account attribute that identifies the employee's manager.
Select Save to save your changes.
A user's manager correlation can change when their account attribute value changes.
- If the account attribute becomes null, the manager correlation is removed, leaving the identity with no manager assigned.
- If the account attribute changes to a value that cannot be correlated to assign a new manager, the identity remains correlated to their existing manager.
Applying Complex Manager Correlation Requirements
When manager correlation is more complex than a single field match, the logic can instead be specified programmatically in a manager correlation rule.
If you need assistance determining the identity or account attributes to use for manager correlation or writing and deploying a correlation rule, contact SailPoint Services.