We got an alert from an in-house connector that sits between Sailpoint VA and an in-house app that a create account operation had failed due to a duplicate email address.
After investigating it turns out this happened because a user had 2 access requests open for the same source without an existing account on the source. The reviewer approved both of the requests within 1 second which caused IDN to trigger 2 create account operations at the same time. The first one went through fine and the second errored as expected.
This hasn’t happened before and I assume it’s not often that 2 requests are approved at the same time but despite that, are there any ways to mitigate this? Since the 2 api calls were sent at the same time, IDN didn’t have time to aggregate the identity.
Not sure if anyone will read this - but would be good if there were concurrency controls in place, especially for create_account operations(per user). I’m guessing if this were to happen on a system that generates UID’s for each new account you can end up with duplicates.
Yeah it would be great to get a comment from Sailpoint around how to best handle these.
I think their answer would be to make one access request containing all items - but with approvals/etc taking place from other people, it could take forever for all items to get approved and complete out
@colin_mckibben any ideas perhaps? We’ve had some other issues caused by this that we’re not sure how to work around.
Is this expected behaviour or are we using IDN wrong in some way?