But in developement environment we are in 3.17, and we were made aware that com.saviynt is now deprecated and can't be used anymore.
You are trying to use the accountID/UPN for a user account if the user already has the AD account linked to them? Is my understanding correct?
Yes you are right, we want to use existing account if there is one.
If you want an example, here you go
This is one of the application in the AD endpoint filter.
This application can be requested, but should not created a new AD account if user already have 1.
Therefore, the above code to perform this check.
@Romain Please follow this thread. This should solve the problem for Child Endpoint Accounts - https://forums.saviynt.com/t5/identity-governance/not-to-create-2nd-account-creation-in-ad-when-usin...
If this reply answered your question, please click the Accept As Solution button to help future users who may have a similar problem.
I'll try and revert, but issue might be on the Account Name itself.
As per business needs, we are generating numerical IDs (450127)
But users can ask to have alphanumerical IDs instead, after creation (rrozalski).
We don't want the account to be created twice or with the wrong ID.
I confirm that issue will be that name can be changed in AD, therefore it will not follow default AccountNameRule.
Due to that, new parent account will try to be created.
what is the reason for not having an additional part in the account matching rule?
so the system should be able to match both the numeric and alphanumeric identifiers to the correct user object.
This should prevent the creation of new unwanted accounts for that user.