resolving duplicate user account because of domain change and SSO login
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
yesterday
I have a user that was missing some of their incidents on their account that seems to have been related to a change we made in our domain. We changed the users email address in our AD domain from domain1 to domain2 to match the new name of the division they are apart of. This happened for any new employees a while ago but this employee had been with the company before this switch happened. But there UPN are still using domain1.
In SNOW I changed their User ID and email address to domain1 to see if this would resolve the incident issue they had. They logged in with SSO using username@domain1 and could see all of there incidents correctly. But this created a new account in SNOW with domain2 as the user id and email address. Whats the best way to resolve the duplicate accounts I have now for the user? I see most of the incidents are actually tied to the original account which is using domain1 for the user id and email address.
- Labels:
-
Incident Management
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
yesterday
Hi @adamabel ,
Right now your user has two accounts in ServiceNow because of the mismatch between their Active Directory login (UPN) and the email/user ID you set in ServiceNow.
The old account (domain1) is the one tied to all their incidents.
The new account (domain2) was created automatically when they logged in with SSO, because SSO saw the domain2 UPN and ServiceNow treated it as a new user.
How to fix it
1. Decide which domain you want to use long‑term
If your company standard is domain2, then that should be the account you keep.
If you’re still using domain1 for this user, then keep that account instead.
2. Align AD and ServiceNow
Make sure the user’s UPN in Active Directory matches the email/user ID you want in ServiceNow.
This way, SSO will always point to the same account and won’t create duplicates.
3. Clean up the duplicate
If you’re keeping domain2: reassign the incidents from domain1 to domain2, then deactivate the domain1 account.
If you’re keeping domain1: deactivate the domain2 account so it doesn’t keep getting used.
The duplicate happened because SSO saw a different domain in the UPN than what you had in ServiceNow. Once you align those values, ServiceNow will stop creating extra accounts. Then you just need to decide which account to keep and move the incidents if necessary.
