You can reset the password, not only by using the ISC username, but also the account name. In contrast, you can only log on with the username, not the account name.
We have received a case related to security concerns related to users when they are not authenticated.
Please allow me to reproduce these cases in my tenant and get back with a result.
As part of design, we have a flow where if user enter wrong username and send an email, it will show them that an email has been sent so that they don’t do brute force trial.
2024-12-10:
SailPoint Support says that is by design to display the message that the identity does not exist.
Thanks for your patience, I took my time and had a look at code and this is by design where we display the message ‘Referenced IDENTITY “tres.more” was not found.’ }
I have reached out to the product team through message to see what they have to say about this behaviour.
I am confused, how can the design be checked in code? Is there any separation between code and the design documentation?
If there is a bug in the code, is it then by design?
I checked and the fix for this issue lies in backlog and will be deployed in some time.
Since there is no action pending on sailpoint support team, I will mark this as a proposed resolution and I will request you to check for an update on this development with your CSM or reply on this email thread in next quarter using the reference case ISCANT-8422.