Hi everyone,
We seem to have a use case where a contingent worker switches to becoming an internal employee and this causes the identity to be deleted / recreated. Some background information: Workday is our authoritative source and we assign roles/provision to Active Directory. The Unique Workday account id (Filenumber) remains the same when switching from external to internal.
The impact of the new identity is that the active directory account seems to still be linked to the previous identity and the account now shows up as an identity exception. SailPoint will also attempt to provision a new account.
Has anybody dealt with a similar use case and how would we be able to prevent this from happening? Is there some configuration in the source we can make via the SailPoint API for this?
Kind regards,
Mike Schouten
You have mentioned identity getting deleted and recreated. Can you confirm if one of the aggregation is dropping the account(this can be only reason of identity getting deleted). If that’s the case then you can stop deleting accounts if they are not coming from end source.
You need to set checkDeletedDisabled as true under connectorAttributes. This will make sure accounts are not deleted from IdentityNow even if they are not coming from end source aggregation. This will not delete identity altogether.
Do note this is not ideal solution as it will keep all identities irrespective of they are in workday or not. So think about it before implementing this.
1 Like
@chirag_patel and @MikeSchouten
I am assuming that the Filenumber remains the same when that user’s record is converted rather than the organization creating a new record for the converted worker, is that create? Is there any way to manage this conversion if the organization is creating a new record? For example, I’ve heard about a Universal ID but I’d rather avoid that if possible.