When integrating an Identity & Access Management automated routine with a human resource system, locating a unique identifier to be used across each system is key. Typically, the employee ID or social security number is optimal, as it unique to each employee.
Within many industries, it is common for an employee to work at various sites. Depending on the how the organization is structured, the employee may get paid by each site independently, and may have more than one record/employee ID within the human resource system. If an automated routine is executed within an environment where an employee has two records within the source system, therefore having two different employee ID’s, by default the routine will want to create one account per record, leading to a duplicate.
A solution to this issue is to modify the configuration of the routine to search the target system for users with the same name prior to creating the new account. In the case an account is located with the same name, the new account request would be queued up for an administrator to review via a web interface. The administrator can then link the new account to an existing account, therefore a duplicate account is not created. If the new record is not related to any existing account within the target system, the administrator can approve the account, and then new account is immediately created automatically.
From a management interface, the administrator can review all linked accounts and make any modifications required. With this method implemented within an organization, it is guaranteed that your target system will remain clean and not be flooded with duplicate accounts.
Another common network pollution aside from duplicate accounts, is excess access or unstructured data. Automated reporting tools can now highlight this pollution so that organizations can address the pollution and thus, mitigate the risk of internal data breach.