Skip to main content

Identity Unification

JupiterOne has a unified entity UnifiedIdentity class of object, and replace the existing Person entities with this new entity.

Note that the entities still carry the Person class, so any existing queries against Person will continue to work, although some properties are changed (see below).

What is UnifiedIdentity?

The legacy User -IS-> Person mapping logic relies on the legacy system mapper engine, which will no longer be supported from April 2025. The legacy engine relied on per-integration rules that were difficult to maintain and provided good, but not perfect results. The new Unifier (as first released for UnifiedDevice) has proven to be significantly more accurate in it's unification and has additional capabilites regarding latency and self-healing.

In summary we can provide a better user experience and a more reliable adherance to the data model with the new system.

What are the features?

THe most notable feature is the Unified view for identities. You will be able to access this view by running the query FIND UnifiedIdentity which will give you the canonical list of all identies in the system and their source User objects.

This view will also give you easy filtering for some new derived properties, specifically admin, active, and mfa; allowing for easy filtering of potentially vulnerable or over-privilidged identities.

What do you need to do?

Nothing! The deployment of the UnifiedIdentity system is automated and as soon as you ingest compatible User entities it will start to show the UnifiedIdentity records. It is recommended to review the data model for UnifiedIdentity to understand how these entities are derived and how they can be queried.

What Properties will be available?

The UnifiedIdentity entities have the following properties available:

PropertyFormatNotesCorrelation
usernameString[]A set of the source username values from the source User entities.yes
emailString[]A set of the source email values from the source User entities.yes
shortLoginIdString[]A set of the source shortLoginId values from the source User entities. This property is normalized in the integrations and derived from the email property, removing the domain element and any plus aliasing.yes
firstNameString[]A set of the source firstName values from the source User entities.yes
lastNameString[]A set of the source lastName values from the source User entities.yes
emailDomainString[]A set of the source emailDomain values from the source User entities.
employeeIdString[]A set of the source employeeId values from the source User entities.
userIdsString[]A set of the source userIds values from the source User entities.
activeenum {'Active', 'Not Active', 'Unknown', 'Conflicting'}A derived property from the source User entites isAdmin property
adminenum {'Admin', 'Not Admin', 'Unknown', 'Partial Admin'}A derived property from the source User entites isActive property
mfaenum {'MFA Enabled', 'No MFA', 'Unknown', 'Conflicting'}A derived property from the source User entites isMfaEnabled property
guestenum {'Guest', 'Empplyee', 'Unknown', 'Conflicting'}A derived property from the source User entities isGuest property