Account reconciliation and orphan accounts
Reconciliation uses an adoption policy to determine the owner of an account, or to identify the account as an orphan.
An adoption policy does not alter the ownership of accounts that are already owned within IBM Verify Identity Governance.
Reconciliation uses either a global or a service-specific adoption policy. Reconciliation determines whether the user ID attribute for an account on a managed resource matches an alias attribute for a IBM Verify Identity Governance user. If no match occurs, the account is identified as an orphan. Later, an administrator can manually assign orphan accounts to owners.
By default, during reconciliation, the global adoption policy is evaluated to determine the owner of an account by matching the account UID to the user UID.
Adoption policies can be defined at a global level, for a service type, or for a particular service instance. If more (or fewer) than one person is evaluated as the owner of the account, the account is orphaned.