Our Harmonizer module builds upon SailPoint IdentityIQ’s native capabilities and Instrumental Identity’s decade of IIQ experience to provide top-tier Attribute Synchronization to all of your provisioning targets.
What is attribute sync?
Attribute Sync updates attributes on your target systems when something changes. When a user’s first name changes in Workday, that new name ought to be updated in Active Directory, Office 365, Oracle ERP, SalesForce, and any other system that displays the user’s name. The same is true of job titles, student registrations, third-party emails from guest accounts or social logins, and innumerable other identity attributes.
This quickly becomes overwhelming, thanks to what seem like edge cases, but, in practice, are quite common.
Tricky attribute sync scenarios
Have you ever encountered any of these scenarios?
- Selective mapping: IIQ should distribute the user’s preferred name if one exists – but not on every target application. Some applications only want the legal name.
- Many-to-many updates: A single source field change ought to trigger a multitude of downstream changes. Or, alternatively, a multitude of source changes ought to trigger the same downstream change.
- Complex transformations: Values require complex transformations to make them suitable for the great variety of systems in your environment, even something as complex as rendering a slew of attributes and other values into JSON.
- Account selection: IIQ should update only a subset of accounts in one target system (e.g., a user’s primary account) but not others (e.g., a secondary admin account).
- Selective updates: IIQ should skip certain field updates, but only sometimes. Or, IIQ should only set an initial value, leaving it alone after it’s been set.
- Complex operations: Setting an attribute value is more complex than just “replace the existing value”. Some applications require that you remove the previous value before you add a new one.
- Performance: IIQ should synchronize attributes after certain Identity changes, but not every change.
Harmonizer does it all!
Our Harmonizer module, part of our IIQCommon library of tools, handles all of these use cases with ease. Harmonizer builds upon the lessons from other attempts at Attribute Sync within IIQ, overcoming their weaknesses while building upon their strengths.
Our module has proven itself in production IIQ environments with millions of users, synchronizing both simple and complex attributes with only minimal effort.
Accelerator pack replacement
SailPoint’s official “Accelerator Pack” is no longer supported in the latest versions of IdentityIQ in favor of Rapid Setup”. Unfortunately, Rapid Setup does not include an Attribute Sync component.
If you are using the Accelerator Pack for its advanced attribute sync features, our Harmonizer can be a quick replacement.
Best practices
As IIQ developers ourselves, we want our Harmonizer module to promote a high-quality developer and administrator experience.
- All configuration can be stored and modified easily in source control.
- Although the defaults work quite well, virtually every feature can be customized or extended.
- The module builds on native and supported IIQ functions, like Lifecycle Events and Workflows.
- Testing and admin tools are provided, allowing you to simulate behavior in your development environment before you deploy it.