There are some scenarios where, after signing up, the person is dissatisfied with the generated login and requests the creation of a username different from the one that was automatically generated.
Since the same username is used in the Sailpoint identity and in Active Directory (AD), we can manually change it in AD, but the old username would remain in the Identity.
Is there any way to manually change the generated username for the identity in ISC in these scenarios? Do you have any other ideas for these cases?
What is the username mapped to in your authoritative source? I’m thinking if you manually update the account attribute that is mapped to the identity username that should achieve what you’re looking for.
Generating the username through an Identity Attribute Cloud Rule is not considered a best practice. Instead, you should generate the username during AD account provisioning, using either a usernameGenerator transform or an appropriate provisioning rule, based on your requirements.
After the username(sAMAccountName) is created in AD, you can write it back to the identity attribute by attaching a account attribute type transform.
When creating the identity, you will need a username because the AD account will be created later.
After creating the AD account, can I change the identity username to reflect the username of the AD account created later?
In my case, the authoritative source would be SAP Success.
Please note that updating the user ID of an identity breaks the current identity and will create a new one which might cause a lot of issues in terms of provisioning new accounts etc.
if you are referring to “Username“ (uid) on the identity profile, yes technically you can use a transform to update it. but “name” attribute on the cube remains same. on the other hand, once an AD account is created, do you have any other use case that needs to be sync’ed? you can do that too from transform based on account attributes.
I am assuming you might want the same username in AD to be used to login for sailpoint?
if so, can you use direct connection to available on identity profile config’ or use SSO?