Processing Identity Resolution Alerts
- 30 May 2025
- 3 Minutes to read
- Print
- DarkLight
- PDF
Processing Identity Resolution Alerts
- Updated on 30 May 2025
- 3 Minutes to read
- Print
- DarkLight
- PDF
Article summary
Did you find this summary helpful?
Thank you for your feedback!
This document walks you through the the available actions and some common scenarios with recommended actions for the alerts found in the Identity Resolution tab.
Actions Explained
Configuring an application to be a Source(s) of Truth, means that no Identity Resolution Alerts will be generated for the application. All s will first be matched to an existing Identity, then if no matching Identity can be found, and new Identity will be generated based on the attributes available for the . Any deactivated or disabled users will not be processed automatically (either to existing Identities or generate new Inactive Identities based on the service user).
Grant to Identity
This option lets you select an already existing Identity in your Clarity tenant and attach the Service User to that Identity. You can also optionally choose to add the User Identifier to the Identity’s list, so any future applications with the same username, will automatically match.
.png?sv=2022-11-02&spr=https&st=2025-06-07T02%3A01%3A40Z&se=2025-06-07T02%3A11%3A40Z&sr=c&sp=r&sig=C%2F4OJqLbZ%2FUXVjah8MlSX9ZDwcmyxWg89%2BLbuKwInf4%3D)
Create New Identity
Create a new Identity in Clarity to which the Service User will be reconciled.
Terminate
This option will trigger the Service User Terminated workflow, which would mean Clarity would attempt to Deactivate or Delete the Service User in the Downstream Application.
Ignore
This option will hide the alert permanently. In the future, you will be able to review ignored alerts, and reverse the Ignore status.
Common Alert Examples
Scenario | Recommended Action | Reasoning |
|---|---|---|
Service Account Non-human account used by applications or systems to interact with resources. |
Optional: Assign the responsible employee as their supervisor in Clarity. | Creating a New Identity is the correct action, as you cannot have more than 1 Service User from the same application assigned to a single Identity. You should assign a Supervisor in Clarity so it is clear who is responsible for the account, and related access review items can be easily assigned to someone. |
Admin Account Special account in an application (Ex: Active Directory) which has higher privileges. |
Followed by linking the new Identity to the existing primary Identity | An Identity in Clarity should only have 1 Service User per application associated with it. Since an Admin account usually exists as a secondary user object with elevated permissions in a platform like Active Directory, we create a second Identity, and then link these 2 identities together (See Linked Identities to learn why this is important). |
Contractors/Vendor Accounts Users found in your Applications, but not in your Source(s) of Truth. |
Optional: Assign the responsible employee as their supervisor in Clarity. | Creating a New Identity is the correct action, as you cannot have more than 1 Service User from the same application assigned to a single Identity. You should assign a Supervisor in Clarity so it is clear who is responsible for the account, and related access review items can be easily assigned to someone. |
Application without Emails Address Some applications don’t have usernames or Emails for Clarity to automatically match |
| Sometimes an application does not have usernames or email address that match to existing values already known by Clarity, so you need to manually match these Service Users to their correct Identities. |
Unmatched Orphan Account |
| A user was found but not matched to an existing active Identity because that Employee has already been terminated. This lets you directly clean up the extra user using Clarity, or if you handle outside of the Clarity platform, this Alert will disappear after the Application Sync that confirms the user has been deleted or deactivated. |
.png?sv=2022-11-02&spr=https&st=2025-06-07T02%3A01%3A40Z&se=2025-06-07T02%3A11%3A40Z&sr=c&sp=r&sig=C%2F4OJqLbZ%2FUXVjah8MlSX9ZDwcmyxWg89%2BLbuKwInf4%3D)
.png?sv=2022-11-02&spr=https&st=2025-06-07T02%3A01%3A40Z&se=2025-06-07T02%3A11%3A40Z&sr=c&sp=r&sig=C%2F4OJqLbZ%2FUXVjah8MlSX9ZDwcmyxWg89%2BLbuKwInf4%3D)
.png?sv=2022-11-02&spr=https&st=2025-06-07T02%3A01%3A40Z&se=2025-06-07T02%3A11%3A40Z&sr=c&sp=r&sig=C%2F4OJqLbZ%2FUXVjah8MlSX9ZDwcmyxWg89%2BLbuKwInf4%3D)
.png?sv=2022-11-02&spr=https&st=2025-06-07T02%3A01%3A40Z&se=2025-06-07T02%3A11%3A40Z&sr=c&sp=r&sig=C%2F4OJqLbZ%2FUXVjah8MlSX9ZDwcmyxWg89%2BLbuKwInf4%3D)
.png?sv=2022-11-02&spr=https&st=2025-06-07T02%3A01%3A40Z&se=2025-06-07T02%3A11%3A40Z&sr=c&sp=r&sig=C%2F4OJqLbZ%2FUXVjah8MlSX9ZDwcmyxWg89%2BLbuKwInf4%3D)
Need Help?
{{snippet.ClarityContactInfo}}
Was this article helpful?
