Hi, I have been trying to change the account name of an identity which currently is the display name. I tried remapping the accountName through the account Schema to its UPN/email but the accountName on the identity is still its display name.
I found a solution where deleting the identity and reaggregating it, changed the account Name, however I cant afford to do this for other identities.
Is there a way to achieve this without deleting the identities?
@nilay_mani You can do the unoptimized aggregation or try to reset the accounts and do the aggregation. Both will work.
Hi @nilay_mani This issue generally happens when aggregation not happened properly in sailpoint ISC, generally perform the account aggregation using API which is unoptimized aggregation that is one way so below is the API kindly execute it using postman.
curl-
curl -L -X POST ‘https://sailpoint.api.identitynow.com/v2026/sources/prasadm/load-accounts’
-H ‘Content-Type: multipart/form-data’
-H ‘Accept: application/json’
-H 'Authorization: Bearer ’
or API reference guide:
Please let me know the response state after execution? If you still encounter the same issue after unoptimized aggregation let me know.
Hi @Santhakumar , I tried unoptimized aggregation, but it still stays as display name. Just an FYI - the identity also has accounts on non-auth sources.
Hi @prasadm , Unoptimized aggregation did not work :(, I tried it using vscode as well as the api you sent. Unoptimized account aggregation triggered successfully (202 Accepted).
Can you try to reset the account from VS code or using postman and try the unoptimized aggregation. Also let me know what type of connector it is (source of truth or target application)?
@prasadm I tried resetting the identity & running the unoptimized aggregation again, does not seem to work. It is an Auth Active Directory, but an fyi - the identity has accounts present in other non auth sources as well.
Also just to clear out any confusion, I am referring to “Account Name” under “Identity” not account, it works well and fine under account but “Account Name” does not change for the identity
Updating the Account Name or Account ID attributes for a source after aggregating accounts is strongly discouraged and can cause significant errors.
The Account Name attribute is immutable, and editing it after accounts have been aggregated can cause duplicate accounts and identities to be aggregated and created. The Account ID attribute is used in multiple places across systems to reference accounts. Changing the Account ID can break these references in serious and unexpected ways.
Managing Source Account Schemas - SailPoint Identity Services?
Hi @Pankaj_IAM_SailPoint , thank you for putting this out, but this is a serious requirement that needs to be solved without deleting the identites and reaggregating them, couldnt find anything on the docs for this.
@nilay_mani You can create a support ticket, they may have some solution for this.
account name of an identity is immutable and can never be changed. It is generated when the identity is created and will be same as the account attribute marked as “Account Name” in the Auth source.
But it will never change even if change the account name of the user in Auth source. This might create a new identity, but if the account is still correlated to the old identity, then account name of the identity will remain same as original