Hi
I have a user who is having 2 same account from auth source but with different worker_type.
When the ISC aggregate the user at first time the Emp record is pulled back and ISC will do the provisioning for this user.
When the next scheduled aggregation is happened ISC pulls the Contingent worker record and do the provisioning and deprovisioning for Emp users. And vice-versa.
This is happening continuously when the aggregation happened.
in workday Employee and contigent worker are 2 distinct type of account(more or less).
I think the problem is on the account ID, usually the filenumber. The same person can have the same FILENUMBER for employee and contigent account, this depends on organization configuration.
You can try to set userID like account ID, but like FILENUMBER could be not unique.
This happens sometimes when a person is converted from contractor to employee and vice versa.
Workaround was to pull record from workday based on the latest assignment type. I dont have a solution on how it can be done in workday connector, but this filter was used by the workday team to generate the data for us.
Maybe you can try creating 2 separate workday sources (cloned connector for same source).
One aggregates only worker type (can filter easily from aggregation settings) and set FILENUMBER as accountID for this.
Second one to aggregate only contingent workers (to filter you may need to set Exclude Employees to ‘true’ in the Response group setting) and set UserID (or any unique attribute other than FILENUMBER) as accountID for this.
For each of these user types, create:
Separate identity profiles
Separate access models (access policies, roles) to create separate accounts and manage them without interfering.
In your setup, do both the records for a user have same FILENUMBER value in workday? If yes, then it is working expectedly. It is not going to create another identity (contingent) record for the same user and instead will always link earlier created worker identity, based on FILENUMBER (accountID).
You need to tell sailpoint how two records from workday are different from each other and provisioning/aggregation for both have to be done on respective records.
I doubt workflows can help achieve anything here (or maybe I am not able to think of any solution using workflow). Workflows are meant to automate an operation in ISC, it may not be able to manipulate internal working of provisioning engine or aggregation engine in ISC.
