System of Record (SoR)
The authoritative source for a given piece of identity data. In a well-designed identity architecture, exactly one system is the SoR for each attribute — everywhere else holds a copy that flows downstream from the SoR. Identifying which system is the SoR for each attribute is fundamental to PIAM design; otherwise reconciliation conflicts produce drift that the operator can't resolve deterministically.
Typical patterns at large enterprise: - Workday / SAP HR / PeopleSoft: SoR for employee identity (name, employee ID, hire date, manager, department) - SAP Fieldglass: SoR for contingent worker identity - SailPoint: SoR for identity lifecycle state (active / pending termination / off-boarded) - Okta / Entra ID: SoR for application access entitlements (downstream of HR/IGA) - AE Guardian: SoR for physical access entitlements + badge / credential records
When AE Guardian's connectors are configured, customers explicitly designate which connector reads-only (consuming SoR data) and which writes (provisioning derived state). Bidirectional connectors require clear delineation of which attributes flow which direction — otherwise reconciliation loops can corrupt data.
What other systems call it
Per-vendor / per-standard terminology for this same concept.
| System | Term / Notes |
|---|---|
 AlertEnterprise | SoR (Guardian's data model designates SoR per attribute) |
| SASailPoint | SoR for identity lifecycle state in many enterprises |
| WOWorkday | SoR for full-time-employee identity in cloud-HCM deployments |
| SASAP | SoR for FTE identity in on-prem SAP HR deployments |
Used by 12 connectors
Connectors in the catalog that reference this concept.