Re-Hire AD Account Correlation and Creation

Hi Everyone–

We have a situation after our recent go-live where Re-Hires are being added to the identity source and new identity cubes are being created as expected. However, the user previously had an AD account that remains uncorrelated. When the identity cube is created, the uncorrelated AD account does not correlate to it immediately (since correlation only happens with an unoptimized AD aggregation) - leading the birthright Role to create a new AD account. Once AD aggregation is run, the old account correlates and the identity ends up with two AD accounts. What is the best practice for avoiding this behavior?

This can be done with a correlation rule. See the second use case in this doc, titled Rehire an account who comes back after 5 years with the same AD account.

1 Like