There are two possible resolutions to this issue:
- Restore from a backup
- Restore to the latest backup prior to the issue.
- Fix the misconfiguration and/or source data. Fix the collector definition if incorrect or remove/cleanup the data (users/identities, accounts, and entitlements) in the data source.
- Run collections/unification again.
- Terminate/delete the duplicate users (terminated users remain in the user interface)
- Fix the misconfiguration and/or source data. Fix the collector definition if incorrect or remove/cleanup the data (users/identities, accounts, and entitlements) in the data source.
- Run collections/unification again. This will flag all the duplicate records as terminated/deleted and functionally achieve what is required by marking only one identity as active.
As per RSA Identity Governance & Lifecycle Engineering, Engineering does not recommend deleting the duplicate identities as deleting the identities might lead to data inconsistency, data corruption, and missing references. It might also impact audit and compliance which would defeat the purpose of the product. Hence, Engineering does not provide a script to purge or hard-delete users/identities, accounts, and/or entitlements.