Workaround to remove duplicate identities resulted to mapping of account to a terminated account instead of the active one
Originally Published: 2017-05-01
Article Number
Applies To
RSA Version/Condition: All versions
Issue
And what you did to resolve this was:
1. To get the original IDC (first introduced prior to the duplicate) to return zero rows, and have its Users terminate so there would be only one of the two duplicates active in the system.
2. The second IDC created would instead be the only one returning the active User.
The issue this caused is that the system maintains mapping to the terminated/disabled account instead of the active one.
Is this proper behavior, or should the system ideally know to move mapping to the active User?
Resolution
In this scenario, the mapping of an account to a deleted user is working as designed.
This is a required functionality from other Customers as this is a security hole.
The problem that can occur is this:
i.e. A user can be terminated/deleted, but if they still have access to the account, then if someone were to get access as that 'user', they would have access to the privileges to the account as well.
There are other scenarios where users were subsequently rehired by companies in a different role.
If this mapping is not identified then a returning employee may have privileges that their new role does not require.
This is a required functionality from other Customers as this is a security hole.
The problem that can occur is this:
i.e. A user can be terminated/deleted, but if they still have access to the account, then if someone were to get access as that 'user', they would have access to the privileges to the account as well.
There are other scenarios where users were subsequently rehired by companies in a different role.
If this mapping is not identified then a returning employee may have privileges that their new role does not require.
Related Articles
Some entitlements appear duplicated in RSA Identity Governance & Lifecycle Number of Views How to search for users with RSA Mobile administration GUI Number of Views How to remove entitlements of a decommissioned application from user access in RSA Via Lifecycle and Governance Number of Views How to manual deploy Federated Identity Manager (FIM) 2.5 / 2.6 Number of Views How to configure private key settings for Internet Explorer on Microsoft Vista Number of Views
Trending Articles
The Template ({Connector Template Name}) has missing file content error when creating AFX Connectors in RSA Identity Gover… Downloading RSA Authentication Manager license files or RSA Software token seed records RSA MFA Agent 2.5 for Microsoft Windows Installation and Administration Guide Troubleshooting RSA MFA Agent for Microsoft Windows RSA Release Notes for RSA Authentication Manager 8.8
Don't see what you're looking for?
