Reconciliation is the process of fetching account details and entitlements from target systems and publishing them into Identity Management Systems.

Reconciliation Service feature of IDHub allows resource owners to reconcile accounts and entitlements and publish in IDHUB using the following two methods -

  1. Reconciliation Process using File Template(CSV)
  2. Reconciliation Process using CLI (Command Line Interface)

Log in to Admin Console as an IDHub Resource Owner and ensure your application onboarding request is complete.

Select Reconciliation under Reconciliation Service in the left navigation pane.

Reconciliation Process Using File Template (CSV)

Reconciliation of accounts and entitlements using a reconciliation file is completed by performing the following steps:

  1. Enter the target system name for reconciliation. Click on "Go".
  2. The reconciliation file upload page will appear for the selected target system.
  3. Click on ‘Download Sample File’. The reconciliation file template for the selected target system is downloaded from the Management Console.
  4. Input valid requested data in the file i.e Account and Entitlement details from the target system are populated into the reconciliation file. This is the reconciliation file. Save file.
  5. Browse to the prepared Recon file using the ‘Browse’ button. Click on the open button to add the file to the upload screen. 
  6. Recon file is displayed with 3 buttons - ‘Upload’, ‘Cancel’ and ‘Remove’.
  7. Upload the file by clicking on the ‘Upload’ button. The progress bar will be green on successful upload. The reconciliation file is now uploaded into the management console.
  8. Once the file is successfully uploaded, validation of the file is done. Click on the ‘Validate’ button to validate the input data. The progress bar will be green on successful validate. 
  9. After successful file validation, the reconciliation process is initiated. Click on the 'Process' button to process the input data. The progress bar will be green on successful processing.
  10. If input data is not valid or identifies errors while processing, validation error or processed with error will be displayed in the Status column and the Result is highlighted with a RED bar.
  11. Once the reconciliation process is completed, the result is available in the CSV file which can be downloaded. Open the uploaded file from the table by clicking on the file name. If any error is detected, it will be logged in the file. Correct the error and click on 'Upload' and follow the steps again to validate and process.
  12. To confirm successful upload, validation and processing, open the uploaded file from the table by clicking on the file name. The contents in the file indicate success.

After a successful upload, the Access Manager Role will receive an approval task...CONFIRM.

Note: Prefix filename with Application_Recon to recognize your recon file. If performing reconciliation for multiple applications, create a separate recon file for each application, save and name each file accordingly.

Reconciliation Using Command Line

Reconciliation of accounts and entitlements using the command line is completed by performing the following steps:

  1. Access Key is generated for the target system whose accounts and entitlements must be reconciled
  2. A populated reconciliation file is uploaded to the Management Console using CURL or similar tool
  3. If the user account associated with the access key is not active, then the upload will fail
  4. The reconciliation file will be uploaded for the target system associated with the access key
  5. The validation process will be initiated after upload
  6. The reconciliation process will be initiated after successful validation

Troubleshooting Reconciliation Errors

The following are commonly experienced errors while using the Reconciliation Service.

Error MessageWhat it could possibly mean?What you can do.
Target System details not found

Details for the target system is not found.

The target system details have not been synchronized in the IDM system.

Contact the support team!
User not authorized

Logged in user is not authorized to access this target system.

The logged in user is not one of the IT Owners of the target system.

Search for a different target system!

Contact the support team to be a added as an IT Owner of the target system

Target System not found

The target system with the name specified is not found.


Enter a valid target system name!