Skip to main content

Identity Management

The Identity Management dashboard is used to manage identity lookups that should be included in the identity merge process. The contents of these lookups are used to create the primary identity collection, considering the priorities of the selected lookups. The priority of a lookup determines its importance in relation to the other lookups, with higher priorities taking precedence over lower priorities. For example, if two lookups are selected for merging and they both contain the same field names, the lookup with the priority of 1 will be considered more important than the lookup with the priority of 2. In cases where a particular field name exists in both lookups and the values differ, the value from the lookup with the priority of 1 will be used in merging and the value from the lookup with the priority of 2 will be excluded from the merge.

To add a new identity lookup, click the New Identity Lookup button. In the New Identity Lookup modal, select the desired lookup’s definition name (transform) for the Source field. The Name field will auto-populate with the source value but is editable and can be named anything. The name field cannot be changed once saved, however. In the Description field, add a description of the lookup, then add the priority of the lookup in the Priority field. Then, expand the Field Exclusions dropdown and select fields from the lookup to be excluded from the merge process if applicable. Once complete, click the Save button to save the selection.

The selected lookup will now be shown on the table. The lookup is enabled by default, but can be disabled by clicking the Disable button. Disabled lookups are excluded from the merge process entirely. To enable a disabled lookup, click the Enable button. To edit the lookup, click the Edit button in the Actions column. The Source and Name fields cannot be altered once saved, but the Description, Priority, and Field Exclusions are editable. Once satisfied with the edits, click the Save button to save the changes. To delete a selected lookup, click the Delete button in the Actions column and confirm the deletion. Once deleted, the lookup will be removed, and the priorities of the other selected lookups will automatically adjust. For example, if a lookup with the priority of 1 is deleted, the lookup with the priority of 2 will be promoted to priority 1.

Identities can be merged directly from the Identity Management dashboard. Click the Execute Merge Search button to execute the merge process on the selected lookups. The merged identities can be viewed within the identity_lookup_expanded KV store collection. To view the merged identities, execute the following SPL search in a Splunk search window:

| inputlookup identity_lookup_expanded