We have observed Create account event triggered on the each Identity refresh task for existing accounts for most of the application in SailPoint IIQ 8.3.
Could you please suggest if any configuration change required?
Please share any images or screenshots, if relevant.
[Please insert images here, otherwise delete this section]
Please share any other relevant files that may be required (for example, logs).
[Please insert files here, otherwise delete this section]
Share all details about your problem, including any error messages you may have received.
[Replace this text with the problem that you are facing]
Hi @cbskiet1986 - Can you provide additional context? Typically if Identity refresh is causing account creation it is due to Process events being selected and possibly a Joiner Workflow launching, there are other causes as well. Is this an authoritative account? A little more info will help us track this down.
Yes it can be correlation. If say Role assignment is happening and the user’s original target account is not correlated, then a new one will be created.
Yes, correct, check if the correlation is properly done. Do you see the application link for the particular user, where you see sailpoint has pushed created instead of Modify?? is it happening to all the application just one application??
@cbskiet1986 Please share the task xml, identity xml and application xml on which you are seeing the issues. There could be multiple reasons for it, some are:
Correlation Issue where the accounts are not properly correlated to the identities.
Native Identity Rename: IIQ maintains the mapping of native id and assignment details in Preference tag. If native id is changed at application end, IIQ will try to create account with the old native identity which is still available in Preference tag.
Some issue with your one of the workflow in Life Cycle Events.
Please share the artefacts mentioned above for further troubleshooting.
Note: Found a fix?Help the community by marking the comment as solution. Feel free to react(,, etc.)with an emoji to show your appreciation or message me directly if your problem requires a deeper dive.
Hi @cbskiet1986 These accounts will be created when you configure the target app provisioning in the identity mapping, even when you run the identity refresh. If you implemented an increment by 1 account if the username already exists, check these two places.
,
, etc.)with an emoji to show your appreciation or message me directly if your problem requires a deeper dive.