In Salesforce, the FederationIdentifier attribute is used for user authentication. This is a unique attribute - a user can have multiple accounts across Salesforce applications in an enterprise, but each account has a different FederationIdentifier. Account creation will fail if you try to set a FederationIdentifier to a value that already exists. We set the FederationIdentifier to EmployeeID, unless that value is already in use. In that case, we set FederationIdentifier to email.
If I try to request a new account for a user that already exists in Salesforce, setting the new account FederationIdentifier to the same EmployeeID that already exists in Salesforce, in the provisioning comments of the Saviynt task, I see "Error in user creation: This Federation ID is already in use. Use a different Federation ID."
How might we determine, at the time of provisioning, if the EmployeeID of the user requesting a new Salesforce account is already in use as a FederationIdentifier in another Salesforce app in the enterprise, to then default to the user's email as the FederationIdentifier instead?
