I am trying to understand the “User Name” field on an identity a little better. I understand it comes from the auth source user name configured in the source but if I have an identity that converts from one auth source to another (ex. non-employee to employee) would this field not update automatically?
We have a JDBC repository of historic identities we need to keep for recycling login IDs that can be re-entered into Workday on a rehire event but I am noticing that this “alias” field still shows the JDBC auth source user name, not the Workday FILENUMBER as we have set.
It is as designed by SailPoint. For the first time the account which is coming from the authoritative source the identity id is creating in the backend, with the account name what you have configured in the source. Then the account which is coming from other sources or other auth source, it just linked to that identity object.
So the alias/user name field is static based upon which auth source the identity was originally created in and cannot be updated if the identity profile changes?
Yes, that is correct. Once the identity got created, the username cannot be changed.
The same applicable if any unauthoritative source is aggregated first and auth source aggregated later. In this case, for the first time the account which is coming from the unauthoritative (ex EntraID or Servicenow ) the identity id is creating in the backend as an uncorrelated, then the account which is coming from the authoritative source, it is getting linked to the above identity object. This is the reason it is recommended to aggregate the auth source first.