Sporadic 409 Errors on Various Identities from Same Source


Seemingly randomly, but usually around the time that an authoritative source has aggregated recently, I will see that just about every identity from that source will display an error like this when I try to view it:

For all of them, it gives this error:

Despite the UI pointing me towards Identity Exceptions, the actual Identity Exception column is not visible, leading me to believe that something is buggy in the error-handling process here.

This is for our Workday connector authoritative source in particular, in our sandbox environment. Usually, the problem will resolve itself if I simply re-aggregate the authoritative source in question, but I wanted to know if anyone else has come across this particular issue, and if it’s a known one by the SailPoint development team? At times it takes more than 1 re-aggregation attempt and thus can become tedious to deal with when testing in our lower environment, and is potentially more critical should it occur in our higher environment.

Hi @imckenzie , this particular error is very eye-catchy “This identity is missing a user name (uid)”. Do you see this error for all existing identities or it only comes for new identities aggregated from Workday?
For new identities, it takes some time to get fully created in IDN, this is something I have seen a lot in Sandbox tenants. And if you try to open the new identity in partial created form, it will give errors.

Hi Gaurav, these errors are for existing identities in Workday, and it seems to happen at times that I would not expect identity processing to be happening.

Ok, so since there are no identity exceptions + issue is intermittently occurring for all identities then it could be possibly be some environment issue on your Sandbox tenant, did you get a chance to raise a support case with SailPoint and get their response?

Also, what’s the max limit of identities your tenant supports. You can see this in Admin > Global > System Settings > System Features

Thanks Gaurav, think you nailed it with the tenant limit. I was unaware of that cap. Our limit is 1300 and we’re seeing about 2850 identities total coming into our lower environment, so I guess it makes sense we see inconsistent behavior then. Thanks for the help!

I would also note, however, that we have the same cap in place in our production environment (1300). I have not seen the same issues occur in production though. Do you know if there’s anymore indication or configuration of the differences in computing power/etc. for prod vs sandbox tenants that could explain this?

hey @imckenzie , glad to know you verified the limit for identities in prod and non-prod tenants. Well, for computing power etc. - I am not sure 100% because it’s totally managed within SailPoint walls but I have observed Prod tenants have more computing power, high availability than non-prod tenants based on my experience.
You may verify this with your CSM or via support ticket channel. I hope you get your complete answer there!

All the best!

@imckenzie Check if the account attribute present in identity profile mapping against uid has valid value.

This topic was automatically closed 60 days after the last reply. New replies are no longer allowed.