Override usernames

Last modified 27 Nov 2025 19:21 +01:00
Table of Contents

Imagine a situation where the automated username generator creates a username that is inappropriate. That can happen because the generator takes the first given name letter and combines it with (a part of) the surname. The result may be or resemble an insulting or offensive word. That is the situation you are about to face and learn handling in this module.

What awaits you in this module

You will create a user with a "problematic" name-surname combination in the HRIS. Once the HRIS reconciliation task synchronizes the user into midPoint, the Person Object Template mapping script creates a username for the user in the jsmith82 format. You will promptly see that the user cannot go by the automatically generated username. Thus, you will override it manually. The object template mapping is weak, meaning you do not have to worry about midPoint overwriting the manual value.

Create new user to test with

We do not have an "inappropriate" name combination in the sample data prepared for this guide. Thus, you need to first create a new user:

  1. In the HRIS user interface, click Register user in the top bar.

  2. Fill in the form:

    • First name: Samuel

    • Surname: Hits

    • Employee number: 9007

    • Locality: Fast River City

    • Job: 191#Accountant

    • EmpType: FTE

    • Status: In

  3. Click Register user

  4. Click Export users to csv file at the bottom of the user list.

Check the new user in midPoint

After the recurring HRIS reconciliation task runs, check the new user in midPoint.

User Samuel Hits receives an inappropriate username generated by the mapping script
Figure 1. User Samuel Hits receives an inappropriate username generated by the mapping script

Obviously, this person cannot go by this username.

You can also head over to the AD resource UI directly and check the username there.

Fix the username manually

The fix for the situation is, in this case, surprisingly easy. You can manually alter the username value in midPoint without fearing that midPoint will overwrite it. That is because the mapping in the object template which generates usernames is weak. It touches the attribute only if it is empty. In no other case does it alter the value of the attribute.

Be careful to not use a username that already exists; in such a situation, midPoint would show an error message on changes preview or saving the user.

  1. In Users > Persons, open the user Samuel Hits for editing.

  2. Rewrite Name to, e.g., sahits.

  3. Click Preview changes to see what will be saved to midPoint and the target system.

    • You can see that midPoint would immediately provision the new username to the target AD resource.

      Preview what happens when you change the username
      Figure 2. Preview what happens when you change the username

  4. Click Save to actually make the change.

    • You can also Continue editing and then Save your changes in the main user profile screen.

With this done, you have successfully mitigated an HR crisis of a user having an unacceptable username. However, if you ever use such an automatic username generation system in a larger organization, we strongly advise to use an automatic system to check against a database of known offensive and inappropriate words the generator might produce.

Conclusion

In this module, you have learned how to manage precarious situations when automation fails you. The solution is not universal but throughout the course, you have learned to notice and work with mapping strengths and lifecycle states, giving you the power the efficiently solve such issues that may arise during the IGA solution deployment in your organization.

This is the last module in the First steps methodology. We hereby congratulate you on finishing the course.

Was this page helpful?
YES NO
Thanks for your feedback