Resolve Correlation Cases

Last modified 05 Jun 2025 19:31 +02:00
Table of Contents

Correlation cases in midPoint address scenarios where automated identity matching fails, requiring manual resolution.

What Is a Correlation Case

When the identity correlation in midPoint can’t produce a 100%-certain match between a resource object shadow (like an account) and a corresponding focus object, midPoint creates a case for review. These correlation cases give you an option to analyze attributes, confirm ownership, or adjust mappings if need be. This process ensures accurate connections between resource shadow objects and their corresponding focus objects, which are already linked to other resource object shadows belonging to the same identity.

While still evolving, this feature aligns with the broader case management capabilities for approvals, remediation, and access certification.

Causes Behind Correlation Cases

A common scenario leading to a correlation case is a discrepancy in data between multiple resources. For example, a user may have different names or an employee number in the HR system compared to another system, such as Active Directory or LDAP.

When it is impossible to reliably determine the corresponding focus object for a resource object, midPoint creates a correlation case with a list of possible candidates. And that’s where you come in.

You inspect the possible candidates, pick the right match, and correlate the identities manually. From that point on, the identity is bound between the systems. The logical next step is to correct the data in one of the systems so that both systems contain consistent and accurate information.

correlation case list
Figure 1. List of cases pending resolution

Resolve Correlation Cases

  1. You can find all cases under  Cases >  All cases.

    • Select any subsection under  Cases to list cases of a specific category.

  2. Click the name of the case to open its details:

    •  Basic shows details about the particular case.

    •  Correlation shows how closely the resource object shadow and its suggested focal object match.

    •  Workitems is the workbench for correlation cases resolution.

  3. Check the suggested resource object shadow owners on the  Workitems screen.

    • If any of them is the right one, click the the Correlate button in the particular candidate column.

    • If no suitable owner exists in midPoint, you can Create new focal object in midPoint.
      However, that’s not recommended for cases with authoritative systems like HR systems,
      as the focus objects in midPoint should reflect the state of the authoritative system.
      It is better to find the root cause of the discrepancy and fix it, rather than create new focus objects arbitrarily.
      This, however, depends heavily on your particular situation, of course.

ldap hris correlation case workitem resolution
Figure 2. Workitems screen in the cases section of midPoint, showing a suggested resource object shadow owner candidate
Refer to the following resources for details about correlation and case management:
Was this page helpful?
YES NO
Thanks for your feedback