Was wondering if anyone has experienced this issue with the Cerner Connector. We recently changed our aggregation option from Active to All in order to aggregate all accounts from cerner regardless of Status. While this works, we are noticing that the when the link is created for certain accounts that are either inactive or suspended, the username attribute is not brought in despite it being on the Cerner Target. I tried to write a rule and get the resource object being utilized for aggregation and got the same result. Interestingly once you enable the account on the target and rerun aggregation, then the username shows up in the link. If you disable it again and wait a few minutes, then it disappears. This is really frustrating as it's impacting our ability to aggregate all accounts and make changes.
Was curious to see if anyone has implemented the aggregation of all accounts and if so did they run into this issue. By the way we are on 8.1p3 looking to upgrade soon
Yes we have the same issue. I think the API returns the username for an inactive account in a slightly different form which is what causes the discrepancy. As a workaround we have added a custom personnelAlias aliasPool value called SAILPOINT_ID to our Cerner accounts.
Then we are using a customization rule to parse that value out of the personnelAlias and populate a custom field I added to the Cerner Schema in Sailpoint. (This allows for easier Correlation)
We haven't been able to get all of our Cerner accounts populated with the new personnelAlias value. but I am populating that value as I touch and provision Accounts. so moving forward we should be able to correlate more and more of the Inactive accounts.
We also experienced that same issue. We created an attribute on the Identity for the cernerId and updated our correlation rule to use either username or cernerId. As long as the Identity exists, it seems to be aggregating and joining correctly.
