Skip to content
English
More support Sign in
Contact us
  • There are no suggestions because the search field is empty.

Identity Source of Truth FAQ

Q: What is a Source of Truth?

A: A Source of Truth refers to a reliable and authoritative data source against which identities are verified or resolved. In the context of Unify, it is a reference point like Active Directory or an HR system that provides the definitive or most accurate information about an identity.

Q: Who owns the tools that may act as a Source of Truth?

A: Generally, the Identity and Access Management team manages these tools, however, any technical resource with administrative privileges may assist if their responsibilities and technical acumen are appropriate to the task. Common tools utilized for this purpose are Workday, Microsoft Entra, Sailpoint IdentityNow, Okta.

Q: How can I identify the Source of Truth in my organization?

A: Collaborate with technical leaders or the IAM team to identify the optimal Source of Truth for user data. A best practice is to evaluate which of your systems serves as the most authoritative – typically the primary repository where user records are initially created, updated, and maintained.

Remember that the Source of Truth should be the system that provides the most reliable, up-to-date, and comprehensive user information across your organization.

Q: Why is declaring a Source of Truth important?

A: A Source of Truth is required for Unify as it confirms that user profiles hold accurate information needed to generate an accurate security risk score. These profiles also include aliases that help in linking events and behaviors. Additionally, they contain segment data that can be utilized for filtering, configuring impact modifiers, and surfacing key information for high-risk individuals.

Q: What details are typically included in an Identity profile from the Source of Truth

A: An Identity Profile is typically inclusive of the various aliases, attributes, and account identifiers that are associated with the account. Some examples of what might be included are listed below:

Aliases:
  • Email Address
  • Employee ID
  • Workday/Generic Username(s)
  • Manager Employee ID or Email Address
  • Manager Name
  • Identity GUIDs(Service ID/Directory ID)
Segments:
  • Job Title
  • Department
  • Organization
  • Business Unit
  • Employee Type
  • User Type
  • Company Roles (can be used to identify Elevated Access/Sensitive Data Access)
  • Employee Level or Organization Level
  • Region or Office Location
  • Country
  • Hire Date
  • Termination Date(If prepopulated can be used trigger Impact Modifier)
  • Active Status
Generic Attributes:
  • Full Name
  • Display Name

Q: How can I validate that the my declared Source of Truth is sending over the correct data?

A: Within Unify, expand the People header from the left-hand menu and select Identities. Click any Verified Identity (denoted by the blue 'v' icon next to the name) and compare the values in the identity's scorecard with those in your Source of Truth. You can also turn on the Active Identity filter to see only the identities with insights detected.