|Applies To||RSA Product Set: Identity Governance & Lifecycle|
RSA Version/Condition: 7.1.0
|Issue||After upgrading to 7.1.0 P03 or higher, the rehiring process in RSA Identity Governance & Lifecycle fails to create new accounts for the rehired users. The change request attempting to create the new account has the following Admin error:|
There is already an account with name [Rhoda Report]. A new account can not be created with same name. Unable to create an account with the name [Rhoda Report]. The name is already used by an Active Account or a Disabled Account
There is a corresponding error message in the aveksaServer.log:
08/17/2019 09:39:32.114 ERROR (CR-Creation-3) [com.aveksa.server.core.cr There is already an account with name [Rhoda Report]. A new account can not be created with same name. Unable to create an account with the name [Rhoda Report]. The name is already used by an Active Account or a Disabled Account
Please refer to RSA Knowledge Base Article 000030327 -- Artifacts to gather in RSA Identity Governance & Lifecycle to find the location of the log files for your specific deployment.
|Cause||This problem occurs when the rehired user's original account was both disabled and deleted when the user was originally terminated. During the rehire process, RSA Identity Governance & Lifecycle attempts to create a new account for the user but the name already exists. Prior to 7.1.0 P03+, this was not a problem and a duplicate account would be created. Due to a defect fixed in 7.1.0 P03 and up where new pending accounts were created when there were existing deleted accounts with the same name, the rehire process is no longer allowed to create duplicate accounts.|
|Resolution||There is a configuration option that will allow disabled accounts that have also been deleted to be reused. With the fix to pending accounts available in 7.1.0 P03 and up, this configuration option is now enforced. This option is called Enable Disabled Accounts for Entitlement Requests and is available in the RSA Identity Governance & Lifecycle user interface under Admin > System > Settings tab > Edit. Scroll down to Entitlements and set the flag to Yes. Press OK to save the changes.|
NOTE: This is a system-wide setting.