Please be sure you’ve read the docs and API specs before asking for help. Also, please be sure you’ve searched the forum for your answer before you create a new topic.
I would like to generate unique email where uniqueness has to be checked with email, upn and proxy address attributes. Along with this we also want to make sure if multiple users with same name are onboarded at the same time. The logic should be able to handle this as well.
In order to generate the unique emails we have used a rule to generate the emails but when multiple users with same name are onboarded at the same time, it is not able to handle the uniqueness and ends up generating the same email id and provisioning to AD fails.
How can we ensure the uniqueness in this case?
Please consider addressing the following when creating your topic:
What have you tried?
What errors did you face (share screenshots)?
Share the details of your efforts (code / search query, workflow json etc.)?
What is the result you are getting and what were you expecting?
Hi @suresh4iam When it is executing those users parallely then the rule is also executed parallely adding a wait, how will it ensure it generates unique values if 100 Pradeep Gupt are onboarded at the same time?
You should Not generated unique values on Identity Attributes. They work in paralel on the processing and at the time of testing two different identities can have the same name , and return the same value as the time of the checking the other didnt exist.
The best option is to do it in the Ad Account creation, that way all the identities values were processed, you test it against ad and any other apps or attributes.
Yes, it is a race scenario, and unfortunately you cannot avoid it and there is no easy way. You may use “Create Unique LDAP Attribute” rule which have the ability to check the AD, but you will stuck with a specific pattern. If you want to use a different pattern, you may need to engage with support team to build a custom rule to perform the AD account lookup.
Or you need to update the provisioning policy via BeforeCreate connector rule where you can query the AD to get the next available email ID and regenerate it and update the same in the provisioning policy just before the account creation.
Basically, you need to build an iterator to get next available email id from AD.
Please be sure you’ve read the docs and API specs before asking for help. Also, please be sure you’ve searched the forum for your answer before you create a new topic.