cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

An identity is not appearing in IDM however when creating same identity in IDM, it is giving error in IDM that "Identity already exists in IDM"

Go to solution
former_member225671
Explorer

on ‎11-26-2014 12:45 PM

0 Kudos

Dear Community Members,

When I try to find an identity in IDM, let say unique id is "ABCD" , I'm not able to find it whereas when I'm try to create the same identity "ABCD"

in IDM.I do get an error which says "Identity already exists" in SAP Identity Management.

I understand that somehow the identity is not deleted from IDM database however not reflecting in IDM user interface but unable to understand

the technical possibility of this issue.

Kindly share the reason of this issue and what will be the possible solution.

I do not want adapt the non recommended SAP way of deleting the identity directly from IDM database.

Regards

Girish Almiya

SAP Security Consultant

Show replies
Show replies
Answer

Accepted Solutions (1)

Accepted Solutions (1)

jaisuryan
Active Contributor
‎12-10-2014 11:59 AM
0 Kudos

Hi Girish,

Given that the issue exists for only few users, the quicker remedy would be to delete the user from ID store and recreate.

Kind regards,

Jaisuryan

Show replies
Show replies
former_member225671
Explorer
‎12-10-2014 12:09 PM
0 Kudos

Dear Jai,

I agree with you and understand a quick remedy can be achieved only through your suggested way as i do not have any other option to fix this issue right now.

Regards

Girish Almiya

jaisuryan
Active Contributor
‎12-23-2014 2:18 PM
0 Kudos

Hi Girish,

Great, please close this thread if no further information is required. Thanks.

Kind regards,

Jaisuryan

Answers (3)

Answers (3)

former_member225671
Explorer
‎12-23-2014 2:41 PM
0 Kudos

Dear Jai,

It is complete now.

Thank you to all for answering to this thread

Regards

Girish Almiya

Show replies
Show replies
former_member225671
Explorer
‎12-09-2014 3:39 PM
0 Kudos

Dear Community Members,

Please share you knowledge in this if you have come across with such issue.

Regards

Girish Almiya

Show replies
Show replies
former_member2987
Active Contributor
‎12-09-2014 6:23 PM
0 Kudos

Please check the database and see if the user is there.  A query like: 



select mskey,attrname,searchvalue from idmv_value_ext where mskey in


(select mskey from idmv_value_ext where attrname='MSKEYVALUE' and searchvalue='somemskeyvalue') 


order by attrname

Should give you the information you need.

Matt

former_member225671
Explorer
‎12-09-2014 7:03 PM
0 Kudos

Hi Matt,

User exists in Database but not reflecting in IDM UI.

Regards

Girish Almiya

former_member2987
Active Contributor
‎12-09-2014 7:42 PM
0 Kudos

Hello Girish,

Ok, then see if the user is listed as inactive (MX_INACTIVE) via the database view.  You can also change your UI task to "Use Inactive Entries"

You should be able to see the user now.

Regards,

Matt

former_member225671
Explorer
‎12-10-2014 12:05 PM
0 Kudos

Hello Matt,

User is not listed in inactive user (MX_INACTIVE) as i tried advance search option in IDM UI to check if user is in inactive state but could not find it.

I understand to recreate that user again in IDM.I need to delete his identity entry directly from database (not recommended by SAP) as presently i do not see any way around to fix this issue.

Any suggestion from your end to fix this problem.

Regards

Girish Almiya

former_member2987
Active Contributor
‎12-10-2014 1:43 PM
0 Kudos

Girish,

I would suggest checking this from the database end first and making sure that the Use inactive identities is selected in the UI configuration.

In a worst case scenario you should be able to delete the user from the Identity store in a job where you specify the MSKEYVALUE and use changetype DELETE

Matt

former_member225671
Explorer
‎12-10-2014 1:48 PM
0 Kudos

Hi Matt,

Thank you for your advice. I'm going to use your suggestion to do a quick check in this issue at DB level.

Regards

Girish Almiya

jaisuryan
Active Contributor
‎11-26-2014 1:02 PM
0 Kudos

Hi Girish,

I had this issue as well and for me, it was due to wrong config in UI.

Please check if your UI is configured for the Identity store you are working with.

For newer releases of Netweaver,
Open NWA -> Open Java System Properties -> Search "tc~idm~jmx~app" in application tab -> com.sap.idm.jmx.idstoreid (this should have id of your id store)

Kind regards,

Jai

Show replies
Show replies
former_member225671
Explorer
‎11-26-2014 1:18 PM
0 Kudos

Hi Jai,

Thanks for your speedy response.

I'm wondering that this issue is with only for few ids 4-5 out of approximately 12000 users in system. Settings in NWA for Identity store is fine. Do you see any other issue which could have raised this problem.

Regards

Girish Almiya

jaisuryan
Active Contributor
‎11-26-2014 2:25 PM
0 Kudos

Hi Girish,

Oh, then I can think of only two more thing to check.

1) check if the users are active (i.e. MX_INACTIVE is not set to 1)

2) check if you have set any "Access Limitations" in MX_PERSON entry type. If so, then you need to satisfy the access limitations.

If both not of any help, then we need to wait for the experts to come up with more places to check.

Kind regards,

Jaisuryan

former_member225671
Explorer
‎11-26-2014 2:39 PM
0 Kudos

Hello Jai,

I have already checked on the first point that you have given.

User is not set to inactive state and also during an advance search of that user in IDM, I check marked Inactive option to see inactive user in my search pane. Considering that mistakenly that user has got status changed to Inactive by someone. As usual search in IDM UI does not shows inactive user and only advance search does that by placing a check mark in Inactive square box.

Additionally, I understand from "Access Limitation" in MX_PERSON that no of maximum entries IDM can show for a search criteria and it is also all good.

Regards

Girish Almiya

jaisuryan
Active Contributor
‎11-26-2014 2:47 PM
0 Kudos

Hi Girish,

Ok, but access limitation is not for maximum records to search. It is a criteria if you are allowed to search the user in UI. Anyway, lets check if others come up with better solution. Cheers.

Kind regards,

Jaisuryan

former_member225671
Explorer
‎11-26-2014 2:56 PM
0 Kudos

Hi Jai,

Really appreciate your sharing.

You have given me more insight to check on such issue.

Regards

Girish Almiya

Ask a Question