🔗Linking User Accounts

8/2024

Overview

Many scenarios exist where the same human user has access to multiple discrete users accounts, either within the same IDP or across different IDPs -

  • Admins with both a regular user account and one or more privilege accounts, including across multiple Active Directory domains in an AD forest

  • Users with separate accounts in non-federated IDPs, perhaps due to a recent M&A event

  • Users with both a individual account and access to or ownership of a shared account

In these cases, it's extremely important to maintain a link between these accounts, both for user lifecycle events (deprovisioning ALL users accounts when a user leaves the org) and during security investigations or incident response. For more details around the importance of this concept, please see our Release Notes for this feature.

There are two ways to link users in Identity Intelligence - manually or through linkage suggestions. The video below provides instructions on how to use the manual aspect of this feature.

Instructions for how to link users manually and through linkage suggestions can also be found below.

How to Manually Link User Accounts

  1. Navigate to one of the accounts for a user that has multiple accounts

  2. Scroll to the bottom of the User's Overview tab, to the Linked Users tile

  3. Click Add and search for another account to link to this user. Click Add to link the accounts.

  4. Note that the account(s) are now linked in both the tile and the dropdown under the User's name in the top right.

How to Review and Accept User Linkage Suggestions

User Linkage Suggestions are determined based on an exact match of either the user name or employee ID (ex: John Doe and John Doe).

There are two places to review User Linkage Suggestions - via the Users Table or via a specific User's Overview Tab

Via the Users Table

  1. To review suggestions across all users in your tenant, navigate to the Users Table tab and click the Link Tips icon to the right of the search bar

  1. Clicking the Link Tips icon will open a modal with a handful of accounts across your tenant that may possibly be the same user because these users have either the same exact user name or employee ID

  1. In the modal, review the user linkage suggestions to determine if the suggestions should be accepted. If the users suggested are indeed the same person, select Link to link the specified users to each other

  2. If the suggested users are not the same person, select Reject and the specific suggestion will never re-appear. If you are unsure if the users are the same person, or just want to review the suggestion later, select Skip for now which will snooze the suggestion for a few days so it can be re-reviewed at a later date.

    1. If you want to look more closely at a user to determine if it may be the same person, select the Open in New Tab icon next to each user's user name

  3. Click Confirm Linkage to save your selections

  4. Once you have linked a set of users, the linkages will appear in the Linked Users widget at the bottom of the User360 Overview tab for a specified user, You can review existing linkages or remove linkages from this view

  1. You can also see the number of users linked to a specific user in the tag next to the user's name on the Overview Tab and in the dropdown under the User's name in the top right

Via a specific User's Overview Tab

  1. Navigate to a specific user's User360 Overview Tab. If there are user linkage suggestions available for the selected user, you will see a yellow banner indicating that there are user linkage suggestions to review. If there is no banner for the selected user it means there are no linkage suggestions available for this user

  1. Click Review to open the modal where you can review the linkage suggestions for the selected user, or click Dismiss to remove the banner for the duration of your session

  2. In the modal, review the user linkage suggestions to determine if the suggestions should be accepted. If the users suggested are indeed the same person, select Link to link the specified users to each other

  1. If the suggested users are not the same person, select Reject and the specific suggestion will never re-appear. If you are unsure if the users are the same person, or just want to review the suggestion later, select Skip for now which will snooze the suggestion for a few days so it can be re-reviewed at a later date.

    1. If you want to look more closely at a user to determine if it may be the same person, select the Open in New Tab icon next to each user's user name

  2. Click Confirm Linkage to save your selections

  3. Once you have linked a set of users, the linkages will appear in the Linked Users widget at the bottom of the User360 Overview tab for that user (See Step 6 above in Via the Users Table for screenshot). You can review existing linkages or remove linkages from this view

  4. You can also see the number of users linked to a specific user in the tag next to the user's name on the Overview Tab and in the dropdown under the User's name in the top right (see Step 7 above in Via the Users Table for screenshot)

Removing Account Linkages

Accounts can be unlinked from the Linked Users tile on one of the user's account Overview tab. Click the . . . button on the right of the row for the user you want to unlink, and select Unlink from all to remove the user in that row from its link to the user who's page you are on

Filtering for Linked Accounts

In the main Users page, you can use the Linked Users filter on the left bar to find just users with an existing account linkage.

Note: a small Link icon also appears next to the names of users who have been linked to other users

PreviousChecks TabNextUser Statuses

Last updated