000038042 - After upgrading to 7.1.0 P03 or higher, the rehiring process in RSA Identity Governance & Lifecycle is failing to create new accounts for the rehired users

Document created by RSA Customer Support Employee on Oct 9, 2019
Version 1Show Document
  • View in full screen mode

Article Content

Article Number000038042
Applies ToRSA Product Set: Identity Governance & Lifecycle
RSA Version/Condition: 7.1.0

 
IssueAfter upgrading to 7.1.0 P03 or higher, the rehiring process in RSA Identity Governance & Lifecycle fails to create new accounts for the rehired users. The change request attempting to create the new account has the following Admin error:
 
There is already an account with name [Rhoda Report]. A new account can not be created with same name. Unable to create an account with the name [Rhoda Report]. The name is already used by an Active Account or a Disabled Account


There is a corresponding error message in the aveksaServer.log:
 
08/17/2019 09:39:32.114 ERROR (CR-Creation-3) [com.aveksa.server.core.cr There is already an account with name [Rhoda Report]. A new account can not be created with same name. Unable to create an account with the name [Rhoda Report]. The name is already used by an Active Account or a Disabled Account


Please refer to RSA Knowledge Base Article 000030327 -- Artifacts to gather in RSA Identity Governance & Lifecycle to find the location of the log files for your specific deployment.
CauseThis problem occurs when the rehired user's original account was both disabled and deleted when the user was originally terminated. During the rehire process, RSA Identity Governance & Lifecycle attempts to create a new account for the user but the name already exists. Prior to 7.1.0 P03+, this was not a problem and a duplicate account would be created. Due to a defect fixed in 7.1.0 P03 and up where new pending accounts were created when there were existing deleted accounts with the same name, the rehire process is no longer allowed to create duplicate accounts.
ResolutionThere is a configuration option that will allow disabled accounts that have also been deleted to be reused. With the fix to pending accounts available in 7.1.0 P03 and up, this configuration option is now enforced. This option is called Enable Disabled Accounts for Entitlement Requests and is available in the RSA Identity Governance & Lifecycle user interface under Admin  > System > Settings tab > Edit. Scroll down to Entitlements and set the flag to Yes. Press OK to save the changes.
User-added image


NOTE: This is a system-wide setting.
 

Attachments

    Outcomes