If two users with the same user name attempt to access the same protected resource, authentication will fail. This may occur if you link multiple identity sources to the same deployment and users with the same User ID exist in each identity source. In these cases, you have the following options:
Map the User ID to another field where there are no duplicate values. For example, for an Active Directory identity source, you might be able to map to the UPN field or to a user’s email address.
Change one of the User IDs in the identity source so that both User IDs become unique. This option may not be practical if the User ID is used for other applications.
Assign authenticators to only one of the users with the duplicate User ID. This option is not practical if authenticators must be assigned to more than one user with the duplicate User ID.
You can allow one user to authenticate with a logon alias, and you can prevent this user from authenticating with the default User ID.