Users requested access for account for with name for ex: AC1234, but application team had created account with different name for ex: ACAHTI. (Connector Type : Snow Based Application).
Now We have deployed the same application using automated connector and marked current application as -OLD and enabled the maintenance mode.
Data has been recon from application where account name is ACAHTI.
Now Somehow Sailpoint is triggering account creation for newly onboarded application with account name as AC1234 and duplicate account is getting created in target application.
We are unable to figure out what could be the reason to trigger this account creation referring to old request.
Guess you have some Roles with some assignment criteria.
Are you generating Native identity at SailPoint side, if yes then maybe it is different from what user has already, If native identity is different, it will consider as a new account request.
We do not see roles provisioned to user. But the issue seems to be because in the older access request requested account name was = ‘AB1234’ however manual fulfillment team created it in the format ‘ABCUser’. Now when Identity refresh is executed on this user it picked up this OLD request and created a provisioning transaction with the same name which was in original request.
Native identity is set as user’s login id however for some of the older acct cases those were fulfilled with the different account name than present in access request.
What all identity requests objects SailPoint IIQ tries to re-process when identity refresh task is executed for a user?
E.g., Request with execution status - Verifying, Completion status - Pending?
Or is it like only if the difference in the nativeIdentity present in request and on the account link is detected then its retried?
Actually I found one more request in PROD where - execution status = completed, completion status = success but because of the nativeIdentity mismatch in the original request and the account (manual created by fulfillment team) is different, again duplicate account creation was initiated. Is this a known issue? Not able to understand why does IIQ tries to even process the requests which are completed.