Query all Identities for Username Generation?

Hello friends and sailors,

The organization I am implementing IDN for has a requirement for username generation that does not utilize numbers (so, uniqueCounter is not something I can use). I have specific patterns that I must follow, which I can do. However, they also have the requirement that, once a username has been granted to a user, that username can never be used by another person, ever again. Therefore, there has to be a permanent record/repository of usernames that have been utilized. This will exist in the Identity Cube of each user, regardless of their lifecycle status with the organization; all identities will be retained permanently.

In order for this to work, I will have to have the username generation take place on the Identity Profile level so that, during the identity creation, a unique username is generated and checked for its uniqueness by looking at all existing identities, but I do not know how to query a specific identityAttribute for ALL identities… is that even possible?

Thank you for your help and support in advance.

Hi @Brennen. Please see this post, which asked if it was possible to use A-Z for username generation rather than numbers. It’s most likely that what you are trying to accomplish is possible via transforms, but will require some creative combination of different transform operations to achieve it. Without knowing what your patterns are, it’s hard to say though.

Thanks @colin_mckibben! It looks like I found a partial answer in one of the comments:

Currently, I have a usernameGenerator transform in place for distinguishedName, which is the Account ID for Active Directory (which is the default setting). Apparently, switching the Account ID to another attribute (such as sAMAccountName) causes issues, so I had to switch it back.

There are 3 values in AD that need a unique value: sAMAccountName, Distinguished Name, and User Principal Name (which should be the same as sAMAccountName). If I can only use usernameGenerator once, how am I supposed to generate values for the others?

My patterns are as follows (“fi” is first initial of first name, “f2i” is first 2 initials of first name, “f3i” is first 3 initials of first name):


When this executes, an error occurs saying that all of the patterns have been exhuasted, and that it failed to generate a unique username within the 25 attempts. Why would it be failing like this?

Did you ever figure out a solve for this? I have the exact same situation as you right now (same pattern and problem).

@Brennen @bhicks-adaptive

Can you update your last pattern to the following: $fi$ln${uniqueCounter} using curly brackets rather than parenthesis?

I believe this could be one reason as to why it is failing. I am updating this in our documentation for the usernameGenerator transform as currently it shows using parenthesis as the correct syntax.