Uniqueness (AD target systems)
Use the uniqueness feature to prevent HelloID from mapping already-existing values into target account attributes during enforcement. This is useful to avoid collisions on fields like sAMAccountName and cn. Collisions are then resolved by suffixing the pending mapped value (e.g., connie.van.den.winth → connie.van.den.winth1).
To configure uniqueness, you must do the following:
Choose which mapped fields should be checked for uniqueness, using the Unique Fields dropdown on the Account tab. Each selected field will be checked for uniqueness during each lifecycle stage for which it has a mapping configuration on the Fields tab. The maximum number of fields you can select is 10.
What happens when the script runs during enforcement depends on the mapping type:
For fields with Fixed, Field, or None mappings, enforcement terminates with an error.
For fields with Complex mappings, the mapping's Iteration variable is incremented and its complex mapping script is re-run.
The script timeout is 30 seconds.
Tip
To detect and link together duplicate accounts instead of merely preventing mapping collisions, use the Correlation feature.
Synchronize Unique Fields (AD target systems)
When Synchronize Unique Fields is enabled, all Complex mappings in this system that you've selected in the Unique Fields dropdown will have their Iteration variables synchronized. HelloID automatically finds and uses the lowest Iteration value that results in collision-free mappings across all unique complex mappings.
This ensures that fields within the same target user account (e.g., username and email address) are appended with the same value. For example: username jdoe2 + email address jdoe2@company.com, instead of a mismatch like jdoe2 + jdoe1@company.com.
Caution
Use caution with this feature if any of your complex mappings on the Fields tab have configurations for lifecycle stage(s) other than Create. The iteration variable counts from zero each time a mapped field is calculated or recalculated. It does not retain the iterator value from the original account entitlement grant. This can cause the iterator value to become desynchronized in subsequent enforcements, resulting in mismatched user attributes.