Hello All,
We have been experiencing this issue for quite some time now. When any user is terminated from Workday, for a few users, IDNow is completely deleting their identities. The issue arises when a new user with the same name joins, as the system uses the same username for the identity. This results in an error because the user still exists in Workday, which maintains data for terminated users for 730 days. The same issue occurs with Active Directory (AD).
Thanks!
How have you configured your SailPoint username/uid.? This needs to be unique for every user in your ISC tenant as the uid uniquely identifies each user.
If you are using a non-unique value for the username, you will need to re-consider it and try using a unique value that’s in your HR system. If there is no such unique value, try using attribute combinations or counters to make the uid value unique in ISC.
2 Likes
Hi @jesvin90 ,
We are using the samAccountName as username which we are generating at IDCenter only.(loginename concate with counter).
Thanks!
The issue, if I understand correctly is that your ISC tenant deletes the identities, and not the AD accounts, right.?
For that, you will need to look at the uid value used within ISC (aggregated from workday), not the username value being pushed to AD.
Hi @jesvin90 ,
We are using the samAccountName as username which we are generating at IDCenter only.(loginename concate with counter).
Thanks!
As @jesvin90 mentioned, you need to verify the uniqueness of SailPoint username (uid) in ISC which is normally a unique account attribute from authoritative source and it must be unique across all identities. Since it is a Workday, you may consider FILENUMBER attribute to map it to uid. When you are using the samAccountName,
- It may not calculated during identity refresh which could cause the identity deletion or
- The earlier aggregated uncorrelated accounts from samAccountName attribute source creates the uid and may not show up in UI until you get a valid identity.
It is a case by case scenario based on how the identity refresh takes place and the accounts aggregating, you cannot control it. So, it is recommended to map a unique attribute which is unique across the identities.
You can refer the documentation Creating Identity Profiles - SailPoint Identity Services
This topic was automatically closed 60 days after the last reply. New replies are no longer allowed.