SecurID® Governance & Lifecycle Knowledge Base
Article Number
Applies To
RSA Version/Condition: 7.1.0 P03+, 7.1.1, 7.2.0
Issue
Unable to create an account with the name [XXXX]. The name is already used by an Active Account or a Disabled Account.
There is already an account with the name [XXXX]. A new account cannot be created with same name.
- An account is created with the Create Account button under the Accounts tab of the related Directory or Application.
- An account is created with the Add Entitlements button under the Access tab of the user.
Image description
Example 1: Using the Create Account button under the Accounts tab
Image descriptionThis error occurs when there is no account template:
Image descriptionThis error occurs when there is an account template:
Image descriptionExample 2: Using the Add Entitlements button under the User Access tab
Image description
Image description
Image descriptionCause
This problem occurs when the following four conditions are met:
- An account with the same name was disabled in RSA Identity Governance & Lifecycle.
- At a later time, the same account was deleted from RSA Identity Governance & Lifecycle.
- The Business Source is configured with Entitlements Require Account set to Yes.
- Under Admin > System > Settings, RSA Identity Governance & Lifecycle is configured with Enable Disabled Accounts for Entitlement Requests set to No.
Setting Enable Disabled Accounts for Entitlement Requests to No is meant to prevent disabled accounts from being used again since they are still existing accounts. The problem is that when these accounts are deleted, RSA Identity Governance & Lifecycle still considers them disabled and will not re-use them when this setting is set to No.
Resolution
- RSA Identity Governance & Lifecycle 7.2.1
This introduces a new configuration setting for the ADC (Account Data Collectors) collectors called "Allow Account Reuse". This new configuration setting is optionally enabled when the "Account Disabled" Feature of the collector is enabled and the ADC is configured to collect or set the Is_Disabled flag of the Account. These settings are available on the Search Configuration For Accounts page when editing the Account Data Collectors.
The "Allow Account Reuse" configuration setting changes the way RSA Identity Governance & Lifecycle sets and maintains the Account Disabled status of the Account in the Is_Disabled attribute.
With the Allow Account Reuse disabled (default setting)
- Accounts that are Disabled will remain Disabled even after they are Deleted.
With the Allow Account Reuse enabled.
- Accounts that are Disabled will remain Disabled only until they are Deleted. When the Accounts are Deleted the Is_Disabled flag will immediately be set to False.
Note that when checking the "Allow Account Reuse" option is enabled the following warning dialog is displayed.
WARNING: When you enable this option the all existing deleted Accounts for this ADC (Accounts with the Is_Deleted=True) will have the "Is_Disabled" flag immediately set to false. This is not reversible.
Workaround
- In the RSA Identity Governance & Lifecycle user interface, go to Admin > System > Settings.
- Click the Edit button.
- Scroll down to Data > ENTITLEMENTS > Enable Disabled Accounts for Entitlement Requests.
- Select Yes to enable the option Enable Disabled Accounts for Entitlement Requests.
- Click OK to save the changes.
Image descriptionWARNING: The parameter Enable Disabled Accounts for Entitlement Requests is a global setting and as such enables all existing disabled accounts available for re-use. If this is not the system-wide desired behavior, then temporarily enable this setting, create the account or accounts that need to be re-created, and then disable this setting.
In this article
