Identity Unification
JupiterOne has a unified entity UnifiedIdentity
class of object, and replace the existing Person
entities with this new entity.
Note that the entities still carry the Person
class, so any existing queries against Person
will continue to work, although some properties are changed (see below).
What is UnifiedIdentity?
The legacy User -IS-> Person
mapping logic relies on the legacy system mapper engine, which will no longer be supported from April 2025. The legacy engine relied on per-integration rules that were difficult to maintain and provided good, but not perfect results. The new Unifier (as first released for UnifiedDevice) has proven to be significantly more accurate in it's unification and has additional capabilites regarding latency and self-healing.
In summary we can provide a better user experience and a more reliable adherance to the data model with the new system.
What are the features?
THe most notable feature is the Unified view for identities. You will be able to access this view by running the query FIND UnifiedIdentity
which will give you the canonical list of all identies in the system and their source User
objects.
This view will also give you easy filtering for some new derived properties, specifically admin
, active
, and mfa
; allowing for easy filtering of potentially vulnerable or over-privilidged identities.
What do you need to do?
Nothing! The deployment of the UnifiedIdentity
system is automated and as soon as you ingest compatible User
entities it will start to show the UnifiedIdentity
records. It is recommended to review the data model for UnifiedIdentity to understand how these entities are derived and how they can be queried.
What Properties will be available?
The UnifiedIdentity
entities have the following properties available:
Property | Format | Notes | Correlation |
---|---|---|---|
username | String[] | A set of the source username values from the source User entities. | yes |
email | String[] | A set of the source email values from the source User entities. | yes |
shortLoginId | String[] | A set of the source shortLoginId values from the source User entities. This property is normalized in the integrations and derived from the email property, removing the domain element and any plus aliasing. | yes |
firstName | String[] | A set of the source firstName values from the source User entities. | yes |
lastName | String[] | A set of the source lastName values from the source User entities. | yes |
emailDomain | String[] | A set of the source emailDomain values from the source User entities. | |
employeeId | String[] | A set of the source employeeId values from the source User entities. | |
userIds | String[] | A set of the source userIds values from the source User entities. | |
active | enum {'Active', 'Not Active', 'Unknown', 'Conflicting'} | A derived property from the source User entites isAdmin property | |
admin | enum {'Admin', 'Not Admin', 'Unknown', 'Partial Admin'} | A derived property from the source User entites isActive property | |
mfa | enum {'MFA Enabled', 'No MFA', 'Unknown', 'Conflicting'} | A derived property from the source User entites isMfaEnabled property | |
guest | enum {'Guest', 'Empplyee', 'Unknown', 'Conflicting'} | A derived property from the source User entities isGuest property |