What you will learn
In this lesson, you will learn how identity teams keep user data accurate across HR systems, directories, IAM platforms, and target applications. You will understand account matching, source-of-truth logic, duplicate handling, attribute consistency, and reconciliation basics.
Why it matters
Identity data drives provisioning, deprovisioning, access reviews, reporting, and policy enforcement. Clean identity data improves lifecycle accuracy, governance support, provisioning quality, exception handling, and overall identity hygiene. When data quality is strong, access decisions become faster, safer, and easier to audit.
The main idea
Identity data quality means every digital identity has the right attributes, the right links to authoritative records, and the right access state across connected systems. Reconciliation is the process of comparing records between systems, finding mismatches, and bringing them back into alignment. Lesson 11 in the roadmap focuses exactly on “Identity data quality and reconciliation” and highlights account matching, source-of-truth logic, duplicate handling, attribute consistency, and reconciliation basics, with SailPoint IdentityIQ Engineer as the associated certification.
Key concepts
Account matching: Connects the right account in a target system to the right person or identity record. Matching often uses employee ID, email, username, or a defined correlation rule.
Source of truth: The authoritative system for a given attribute. HR might own legal name and manager, while Entra ID might hold sign-in identifiers, and an IAM platform may orchestrate access decisions.
Duplicate handling: Identifies and resolves situations where one person has multiple unintended identities or where multiple people are linked incorrectly to one record.
Attribute consistency: Ensures fields such as department, title, manager, location, and employment status remain aligned across systems.
Reconciliation: Compares identity and account data across systems to detect orphan accounts, missing links, stale attributes, and provisioning mismatches.
Exceptions management: Handles records that fail policy or matching rules and routes them for review and correction.
Identity hygiene: The ongoing discipline of keeping identity records complete, consistent, and trustworthy.
Simple real-world example
A global company hires a new finance analyst named Sofia Ruiz. HR creates Sofia’s employee record with the correct employee ID, department, manager, and start date. The IAM platform receives the record and provisions accounts in Entra ID, Salesforce, and a finance reporting tool.
Later, the finance reporting tool shows two accounts for Sofia:
sruiz
sofia.ruiz
One account has the correct department. The other has outdated values from an earlier contractor profile. During reconciliation, the IAM team detects that both accounts appear linked to the same person. They apply account matching rules, confirm the active identity, remove the incorrect duplicate, update attribute values, and keep only the valid account connected to Sofia’s identity.
The result is better lifecycle accuracy, cleaner governance records, and more reliable provisioning outcomes.
How to explain it in an interview
You can say:
“Identity data quality and reconciliation ensure that identity records remain accurate across source systems, IAM platforms, and target applications. I focus on account matching, source-of-truth logic, duplicate detection, and attribute consistency so provisioning and governance decisions are based on trusted data. Reconciliation helps identify mismatches such as orphan accounts, stale attributes, and incorrect account links, which improves lifecycle accuracy and access control quality.”
Common mistakes
Treating every connected system as equally authoritative for all attributes
Matching accounts only by display name instead of stable identifiers
Leaving duplicate identities unresolved after migrations or rehires
Ignoring stale attributes such as old department or manager values
Running reconciliation without a clear exception review process
Fixing individual records manually without improving matching logic or data standards
Mini practice
A user appears in the IAM platform as Daniel Lee. HR shows:
Employee ID: 47291
Department: Procurement
Manager: Ana Gomez
The target application shows:
Username: dlee
Employee ID: blank
Department: Operations
Manager: blank
Ask yourself:
Which system is the source of truth for department and manager?
Which attribute would be strongest for account matching?
What reconciliation issue is visible?
What update should happen first to improve consistency?
Suggested answer:
HR is the likely source of truth for department and manager. Employee ID would be the strongest matching attribute when available. The visible issue is attribute inconsistency between systems. The first improvement is to populate and align the application account with authoritative identity data and confirm the account is correctly correlated to Daniel’s identity.
Knowledge check
What is the purpose of reconciliation in IAM?
A. To create more user accounts
B. To compare records across systems and resolve mismatches
C. To replace MFA
D. To remove all manual approvals
Correct answer: B
What is a source of truth?
A. The oldest system in the company
B. Any system with a user interface
C. The authoritative system for a specific data element
D. The system with the most accounts
Correct answer: C
Which issue most directly affects identity hygiene?
A. Clear password length guidance
B. Duplicate accounts linked to one person
C. Fast Wi-Fi in the office
D. A new laptop model
Correct answer: B
Why does attribute consistency matter?
A. It improves the visual design of dashboards
B. It ensures provisioning and governance decisions use reliable data
C. It removes the need for directories
D. It replaces access reviews
Correct answer: B
Final summary
Lesson 11 focuses on the quality of identity data that powers lifecycle management and governance. You learned that strong identity operations depend on accurate account matching, clear source-of-truth ownership, disciplined duplicate handling, consistent attributes, and regular reconciliation. These practices improve provisioning quality, exception handling, lifecycle accuracy, and trust in the IAM environment.
Associated certification
SailPoint IdentityIQ Engineer