SailPoint IdentityIQ-Associate Based on Real Exam Environment

The statement is false. The Identity Refresh task is used to update and recalculate identity-related data in IdentityIQ, not to manage open work item reminders. Its purpose is to refresh IdentityCubes after aggregation or identity data changes. Depending on selected task options, Identity Refresh can recalculate identity attributes, apply correlation-related updates, refresh role assignments and detections, evaluate policies, process lifecycle events, update risk-related data, and ensure that the identity model reflects the current state of authoritative and application data.

Open work items belong to IdentityIQ’s workflow and governance execution layer. Reminders, escalations, expirations, and related work item follow-up behavior are handled through work item configuration, workflow behavior, certification configuration, and maintenance-style processing rather than the Identity Refresh task. Although Identity Refresh may trigger downstream actions such as lifecycle events or policy evaluation, it is not the task responsible for notifying users about pending approvals or review items.

Therefore, sending reminders for open work items is outside the purpose of Identity Refresh. Reference topics: Identity Modeling — common Identity Refresh options; Foundational Concepts — tasks versus workflows; Governance — work items, certifications, reminders, and escalation behavior.

The statement is false. In SailPoint IdentityIQ, an uncorrelated account is an account record aggregated from an application that has not been matched to an IdentityCube. Manual correlation is one valid remediation method, but it is not the only method. IdentityIQ can also resolve uncorrelated accounts through configured correlation logic, correlation rules, identity refresh processing, and re-aggregation after application correlation settings are corrected.

Correlation is normally configured on the application using identity attributes, account attributes, or rules that determine how an account should be associated with an identity. For example, an account attribute such as employee ID, email address, user name, or another unique identifier can be used to locate the matching IdentityCube. When the correlation configuration is improved and aggregation or refresh is rerun, previously uncorrelated accounts may be automatically linked without manual intervention.

Manual correlation is primarily an administrative correction path for exceptions where automatic matching cannot safely determine ownership. Therefore, “only manually” is too restrictive and does not reflect IdentityIQ’s correlation model. Reference topics: Applications, correlation configuration, uncorrelated account resolution, account aggregation, IdentityCube association, and Identity Modeling.

Yes. In SailPoint IdentityIQ aggregation, correlation is attempted first to match an aggregated account to an existing IdentityCube. Correlation may use configured attribute mappings, correlation rules, or other application correlation logic. If IdentityIQ cannot correlate the account to an existing identity, the application’s creation rule, when configured, can be invoked to determine how IdentityIQ should handle identity creation for that uncorrelated account.

This is especially relevant for authoritative applications, where aggregated account records may represent people who should exist as identities in IdentityIQ. The creation rule can control identity creation behavior, populate required identity attributes, and apply implementation-specific logic when standard correlation does not find a match. Without appropriate creation behavior, the account may remain uncorrelated and require later remediation through corrected correlation logic, re-aggregation, or manual correlation.

Therefore, the statement is accurate: the creation rule is associated with the aggregation and correlation process and is used when an account cannot be matched to an existing IdentityCube. Reference topics: Applications, BeanShell rules, account aggregation, correlation logic, identity creation rules, authoritative applications, and uncorrelated account handling.

Yes. In SailPoint IdentityIQ, the Identity Warehouse presents identity-centered information collected and modeled inside the IdentityCube. Entitlements are part of that identity view because they represent the user’s permissions or access rights on connected applications. During aggregation, IdentityIQ reads account data from applications, including entitlement-bearing attributes such as groups, roles, permissions, or other managed access values. These are stored on the identity’s application accounts and surfaced in the Identity Warehouse so reviewers, administrators, and governance users can understand what access the identity currently has.

This is distinct from identity attributes such as department, manager, location, or lifecycle state. Entitlements describe access on target systems and are central to access reviews, policy evaluation, role modeling, and access request decisions. Displaying entitlements in the Identity Warehouse allows IdentityIQ to provide a complete access profile for the identity, including accounts, assigned roles, detected roles, policy violations, and application permissions.

Therefore, entitlements are displayed as part of the Identity Warehouse identity details. Reference topics: Identity Modeling, IdentityCube contents, Identity Warehouse, application accounts, entitlement aggregation, managed attributes, and access visibility.