Above, you can see the email returned to one of our admins when they attempted to request an access profile. This admin has both a normal user account and an admin account. Additionally, we have test accounts in Active Directory (AD).
My confusion arises because many users have test accounts in AD with similar names, and a handful of users possess admin/privileged accounts, yet we do not usually receive this email response. I am trying to determine the cause of this request failure.
When I check in Access Request Administration, there is no record of the request, only the email sent back to the user. Does anyone have any insight into why this might be happening?
Hi @jared-fox For the users who have multiple accounts but can have successful requests for this AP, are their multiple accounts all correlated with their Identity?
I am one of those users. There are multiple correlated to mine. I had an uncorrelated account and so did the other admin. I correlated the accounts to see if it helped. When testing again I was granted access and the other admin experienced the same failure. Very odd.
I was actually expecting the failure when multiple accounts (same source) were correlated with the request subject’s identity. I feel that is expected behaviour. When a successful request was made for an Identity with multiple accounts, which account did it get fulfilled on?
IDN does not support access request provisioning when an Identity holds multiple accounts in a source. The workaround that is being used by customers is to create different sources for each account type, so that multiple accounts are not correlated to the same source.
The email that you receive is as expected whenever an access is requested for a user with multiple accounts on a source - check here
There also seems to be some background work from SailPoint team to make this feature available soon. Link here
