Workaround to remove duplicate identities resulted to mapping of account to a terminated account instead of the active one
Originally Published: 2017-05-01
Article Number
Applies To
RSA Version/Condition: All versions
Issue
And what you did to resolve this was:
1. To get the original IDC (first introduced prior to the duplicate) to return zero rows, and have its Users terminate so there would be only one of the two duplicates active in the system.
2. The second IDC created would instead be the only one returning the active User.
The issue this caused is that the system maintains mapping to the terminated/disabled account instead of the active one.
Is this proper behavior, or should the system ideally know to move mapping to the active User?
Resolution
In this scenario, the mapping of an account to a deleted user is working as designed.
This is a required functionality from other Customers as this is a security hole.
The problem that can occur is this:
i.e. A user can be terminated/deleted, but if they still have access to the account, then if someone were to get access as that 'user', they would have access to the privileges to the account as well.
There are other scenarios where users were subsequently rehired by companies in a different role.
If this mapping is not identified then a returning employee may have privileges that their new role does not require.
This is a required functionality from other Customers as this is a security hole.
The problem that can occur is this:
i.e. A user can be terminated/deleted, but if they still have access to the account, then if someone were to get access as that 'user', they would have access to the privileges to the account as well.
There are other scenarios where users were subsequently rehired by companies in a different role.
If this mapping is not identified then a returning employee may have privileges that their new role does not require.
Related Articles
How to remove entitlements of a decommissioned application from user access in RSA Via Lifecycle and Governance Number of Views Unable to remove a Role Membership Rule from a Role in RSA Identity Governance & Lifecycle Number of Views DBSM - Unable to remove the last user from a role Number of Views How to remove all user data stored in the RSA Identity Governance and Lifecycle application database Number of Views How to remove the Edit Users button from Account Review Results in RSA Identity Governance & Lifecycle Number of Views
Trending Articles
Passwordless Authentication in Windows MFA Agent for Active Directory – Quick Setup Guide RSA Authentication Manager 8.9 Release Notes (January 2026) RSA Authentication Manager Upgrade Process RSA Authentication Manager 8.7 SP2 Setup and Configuration Guide An example of SSO using SAML and ADFS with RSA Identity Management and Governance 6.9.x
Don't see what you're looking for?
