Foreign Security Principal (FSP) objects supported?

Hi Experts, 

We're working on an environment with Foreign Security Principal objects (for external trusted domains), there are no references related to supporting these objects.

Any experience with these? Wondering if adding the external domains will pull and display the correct information (accounts with permissions to a folder due to the FPS)?

Any special considerations?



0 Kudos
2 Replies


A possible fix to this might be in the Identity Collector.

When looking up the domains, you need to tick the box "Synchronize External Trusts" so FAM can attempt to read the External Identities. If the external trust is a Full Transitive Trust, and the Service account has rights to said domain, FAM might be able to read the identities from there.

See below, use case is not exactly the same, but same principle applies when reading identities.

From: SailPoint IdentityIQ File Access Manager Administrator Guide 8.1 :: P152

Normalization Process Challenges
Expand Groups and Nested Groups:
The Identity Application in File Access Manager represents either a single domain or multiple domains that are in a trust relationship. If these domains are not synchronized in File Access Manager through the Identity Collector, it will not be possible to expand nested groups, and the Normalization process will fail.

Thanks Don, I'll give it a try

0 Kudos