Workaround to remove duplicate identities resulted to mapping of account to a terminated account instead of the active one
Originally Published: 2017-05-01
Article Number
Applies To
RSA Version/Condition: All versions
Issue
And what you did to resolve this was:
1. To get the original IDC (first introduced prior to the duplicate) to return zero rows, and have its Users terminate so there would be only one of the two duplicates active in the system.
2. The second IDC created would instead be the only one returning the active User.
The issue this caused is that the system maintains mapping to the terminated/disabled account instead of the active one.
Is this proper behavior, or should the system ideally know to move mapping to the active User?
Resolution
In this scenario, the mapping of an account to a deleted user is working as designed.
This is a required functionality from other Customers as this is a security hole.
The problem that can occur is this:
i.e. A user can be terminated/deleted, but if they still have access to the account, then if someone were to get access as that 'user', they would have access to the privileges to the account as well.
There are other scenarios where users were subsequently rehired by companies in a different role.
If this mapping is not identified then a returning employee may have privileges that their new role does not require.
This is a required functionality from other Customers as this is a security hole.
The problem that can occur is this:
i.e. A user can be terminated/deleted, but if they still have access to the account, then if someone were to get access as that 'user', they would have access to the privileges to the account as well.
There are other scenarios where users were subsequently rehired by companies in a different role.
If this mapping is not identified then a returning employee may have privileges that their new role does not require.
Related Articles
How to remove entitlements of a decommissioned application from user access in RSA Via Lifecycle and Governance Number of Views DBSM - Unable to remove the last user from a role Number of Views Remove a Custom Console Logon Banner Number of Views How to remove the Edit Users button from Account Review Results in RSA Identity Governance & Lifecycle Number of Views How to remove all user data stored in the RSA Identity Governance and Lifecycle application database Number of Views
Trending Articles
RSA Authentication Manager 8.9 Release Notes (January 2026) RSA MFA Agent 2.3.6 for Microsoft Windows Installation and Administration Guide Downloading RSA Authentication Manager license files or RSA Software token seed records RSA Release Notes for RSA Authentication Manager 8.8 Deploying RSA Authenticator 6.2.2 for Windows Using DISM
Don't see what you're looking for?
