Match KIM to IAM people
There are 2 graphs that run for this. The first is matching on Entity_Id, Principal_Id, and Principal_Name so these fields must not be "null". The second is matching only on Entity_Id because the IAM records it uses have null Principal information.
The purpose of this graph is to keep the KIM data synchronized with IAM.
Using the IAM extract file with duplicates removed, and the KIM extract, sort each by the same keys (MOTHRAID/EntityId, UUID/PrincipalId, USERID/PrincipalName) and then find matching records.
- Additions – Any records on IAM not matched to KIM.
- These records go through an additional check since KIM will not allow duplicates of the principal keys (id and name) so we must remove them.
- We send these records through the RemoveKimDuplicatePrincipal graph where the exiting/conflicting principal name and id have "dup" inserted thus removing the duplication and allowing the new entity to get the no-longer conflicting principal information.
- Also, we check to see if these are new principal keys for an existing entity, then we just add the new principal data.
- These records go through an additional check since KIM will not allow duplicates of the principal keys (id and name) so we must remove them.
- Deactivations – Any records on KIM not matched to IAM.
- NOTE: at this time nothing is ever deactivated unless there is a specific request, it is done manually.
- Updates – All matching records must be checked for possible updates.