Written by: Bhanu Prakash K (@bhanuprakashkuruva)
Many people are confused and in fact, I was also bit confused regarding the Identity Attribute and Display Attribute in application configuration (Schema). I just want to give some clarity. Please let me know if I am wrong. Let’s get start.
Let us talk about identity attribute first
The Identity Attribute is used to take or pick up the unique data from the application which is to be onboarding to get the unique identities with link of the application. If it contains duplicate data in the attribute value’s list, then it will take last/latest value creates the link object of the application to the identity only. Rest of the duplicated identities will be aggregated but the link of the application to the identities will not be created.
Consider following sample to data for better understanding, Assume Customer1.csv which contains CNumber, CName, Ccountry attributes. In the CNumber we have duplicate CNumber values “67254”. CNumber (67254) is same for Menno.Peters, Paul.Mayer and Nitesh,Kunwar. If we aggregate, we will get Nitesh.Kunwar identity with link of Customer1 application. Rest of the duplicate identities will create identity without creating link of the application to the identities. As shown in below. Note: This is a required field.
| CNumber | CName | CCountry |
| 10983 | Aravind.Golla | India |
| 18753 | Juhe.Begam | Pakistan |
| 23254 | Karanam.Karthik | Germany |
| 99355 | Rajesh.Illa | Germany |
| 67254 | Menno.Peters | USA |
| 67254 | Paul.Mayer | SA |
| 67254 | Nitesh.Kunwar | India |
Now, we will be onboarding the application by specifying the CNumber attribute as the Identity Attribute as show in the below diagrams.
Aggregate the application, you will see the results as follows. Identities created 7.
But if we see the application accounts, we can have only 5 accounts has been created under the application instead of 7 since we have in task results because rest of two accounts are duplicated. Identity Attribute will exclude those duplicate values and will take latest/last value and aggregate the identity with link of application.
Hope you understand the importance of Identity Attribute clearly.
It is time to talk about display attribute
The Display Attribute is used for as the object name as it appears throughout the IdentityIQ application and which done default correlation based on it which attribute do we specify over there. Let’s try to understand with some examples.
Let’s onboard the application Employee1 which by specifying “employeeName” as the Display Attribute and run the account aggregation as follows.
Employee1.csv
| employeeId | employeeName | empLocation |
| 201 | Rohit.Sharma | Hyd |
| 202 | Virat.Kolhi | Krl |
| 203 | Dhoni.Ms | Che |
| 204 | Dhoni.Ms | MH |
In correlation, not selected account correlation and not correlation rule also. Run the account aggregation task by enabling Detect deleted accounts and Disable optimization of unchanged accounts options.
See the results,
Accounts scanned: 4
Identities created: 3
Identities updated: 1
If we observe the above result screenshot, we can see 201 (Rohit.Sharma), 202 (Virat.Kohli), 203 (Dhoni.Ms) were created. 204 (Dhoni.Ms) was not created newly. It is CorrelateNewAccount with Dhoni.Ms because the identity which contains Dhoni.Ms was created before it (specified employeeName attribute in Display Attribute). So, it is correlating. By this we can come to know based on attribute what we specify in display attribute. Does this make sense?
Observe below screenshots.
Cool, let’s try in another way for getting clarity on whether correlation is going to be done identity attribute or display attribute.
Consider Employee2.csv
| employeeId | employeeName | empLocation |
| 203 | Dhoni.Ms | MH |
| 204 | Adharsh.Katte | Joburg |
| 208 | Amar.Nath | Santon |
| 334 | Karthik.Kota | RoseBank |
Let’s configure the application. But just consider here, select Identity Attribute as employeeID and Display Attribute as empLocation and run the aggregation task.
See the results,
Accounts scanned: 4
Identities created: 4
By this result we can come to know the correlation is not going to be done based on Identity Attribute because mentioned in schema Identity Attribute as employee. 203, 204 were already present in IIQ, so should not create new one. It should simply correlate and gives the results like this,
Accounts scanned: 4
Identities created: 2
Identities updated: 2
But couldn’t happen means correlation is not happening based on Identity Attribute. Then how identities were created?
Cool, see the below screenshot
Identities were created based on attribute what we specified in Display Attribute. Let’s take another use example.
Consider Employee3.csv
| employeeId | employeeName | empLocation |
| 7645 | Adharsh.Katte | Joburg |
| 9856 | Amar.Nath | Santon |
| 12345 | Karthik.Kota | RoseBank |
| 987 | Harish.Kandha | USA |
Configure the application by specifying the employeeId as Identity Attribute and employeeName as Display Attribute and run the account aggregation and see the results,
Accounts scanned: 4
Identities created: 2
Identities updated: 2
The employeeName (we have specified as Display Attribute) Adharsh.Katte and Harish.Kandha were only created rest of two were just correlated because of were already there. We can see task results. Action field.
Conclusion
So, by this entire explanation we can come to know few things.
- Identity is created based on Display attribute (search in identity warehouse).
- Correlation is not happening based on Identity Attribute if we don’t select any Account Correlation or Correlation rule.
- The correlation is going to be done based on Display Attribute only.
- Identity Attribute is used for pulling unique data from the application and aggregate it into IIQ
- Irrespective of selecting option Authoritative Application it will apply for both cases.
