Account reconciliation and orphan accounts

Reconciliation uses an adoption policy to determine the owner of an account, or to identify the account as an orphan..

An adoption policy does not alter the ownership of accounts that are already owned within ISIM.

Reconciliation uses either a global or a service-specific adoption policy. Reconciliation determines whether the user ID attribute for an account on a managed resource matches an alias attribute for a IBM Security Identity Manager user. If no match occurs, the account is identified as an orphan. Later, an administrator can manually assign orphan accounts to owners.

By default, during reconciliation, the global adoption policy is evaluated to determine the owner of an account by matching the account UID to the user UID.

Adoption policies can be defined at a global level, for a service type, or for a particular service instance. If more (or fewer) than one person is evaluated as the owner of the account, the account is orphaned.

Parent topic: Adoption policies