Perform manual identity administration in Global Identity Builder

With every Global Identity Builder project, there is usually an element of manual intervention required after initial project creation. This is because the quality of the data in identity sources makes it difficult to come up with enough combinations of correlation rules to match 100% of the overlapping identities. The manual tasks that an administrator can perform are described in this chapter.

During the design and configuration of the global profile view (when real-time persistent cache refresh is not running), you may need to remove the entire contents of the global profile or just identities from a specific source. From the configured project, select Upload/Sync. In the Bulk Upload section, select Reset All to delete all identities from the global profile view. To only remove identities uploaded from a specific data source, select Reset next to the identity source in the Single Upload section.

Identity unlinking

To manually unlink an identity in the global profile, use the global profile identities browser to locate the identity.

On the main project page, select Identities Browser.

Search for and choose the identity to unlink.

A list of data sources the user is from is displayed. Select Unlink for the identity you want to remove. The unlinked identity goes into the list of unresolved.

If the user is not linked to any other identities in the global profile, selecting Unlink removes them from the global profile and adds them to the list of unresolved.

An unresolved identity is one that either did not match a global profile identity, or matched more than one identity in the global profile based on the correlation rules defined for the identity source.

You can view unresolved identities per identity source. From the main project page, select next to the identity source.

From the drop-down list, choose Unresolved to just view the identities that were flagged as unresolved in this source.

For each unresolved identity, you can view the source attributes, their current status in the global profile (Correlation Status tab), and if there are any correlation rules that would match them to a global profile identity (Rules Matches tab). You can also search the global profile to find an identity to link the user to (Link Manually tab).

Any unresolved identity can be manually added to the global profile as a new entry, or linked to an existing global profile entry from the source identity browser. You can view unresolved identities per identity source. From the main project page, select next to the identity source.

From the drop-down list, select Unresolved to just view the identities that were flagged as unresolved in this source. Choose an unresolved identity and you can manually add the identity into the global profile by selecting Add to Global Profile on the Correlation Status tab.

If you want to manually link the identity to an existing global profile identity, select the Link Manually tab and enter search criteria to locate the global profile user. The results from the global profile are returned and you can link the source identity to this profile by selecting Link.

If the unresolved user matches multiple global profile users based on correlation rules, the Rules Matches tab displays which global profile users are a potential match. You can link the source identity to a profile by selecting Link.

A login attribute is one that an application uses to uniquely identify a user that needs to be authenticated. Therefore, the attributes configured as login attributes for the project should be populated and unique across all identities in the global profile view. If a login attribute does not have a value and/or the value is duplicated across multiple global profile identities, those identities are flagged as Login Conflict.

To view all identities with a login conflict, go to the Main Project configuration and select Edit > Login Analysis. If you disabled the Automatic Logic Attribute Analysis in the project properties, you must run the Login Analysis from here.

In the example below, a user (Levi Lee) in the global profile, has a login conflict (mail has been designated as the login attribute) with another global profile entry (Larry Lee).

As another example, a user (Harrison Barnes) in the global profile, has a login conflict (mail has been designated as the login attribute) because he has no value for his email address.

Possible ways to resolve a conflicted identity are:

1. Verify that the Global Profile entry has been correlated properly. If it has not, fix your correlation rules, reset and re-upload the identity sources. If correlation logic is insufficient, you can always manually link identities.

2. Change the attribute mappings that populates the login attribute from one (or more) of the identity sources. Then re-upload the identity sources.  

3. Change the data in the identity source so the login attribute pushed to the global profile has a unique value.

Launch login analysis

The attributes designated as the Login Attributes in the project configuration is analyzed during uploads. When the real-time persistent cache refresh process is running, the login analysis is performed for every insert, update and delete operation that is applied to the global profile.

During the design phase of your project (while real-time persistent cache refresh is not running), if you have already uploaded identities into the global profile and decide to change the login attribute (to some other attribute already existing in the global profile), you can re-launch the login analysis without having to re-upload the data. To manually launch the login analysis, go to the Main Project configuration and select Configure > Login Analysis.

To learn more about the post-creation process, please read the chapter that describes how to manage real-time persistent cache refresh.