A new Flexera Community experience is coming on November 18th, click here for more information.

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 

SaaS Mgr O365 Import - Duplicate FNMS ITAM Accounts

Hello-

We just integrated our development O365 tenant with SaaS Manager (in FlexeraOne). 

We're getting duplicate accounts in ITAM:

  1.  The existing AD which we had in ITAM normally
  2. Then the 2nd created when SaaS Manager passes that o365 user record over to the ITAM portion of FNMS, it creates a brand new record.
    1. (This also doesnt match the user record in SaaS mgr, as that is the regular email)

This is probably because of the emails being different between our local AD and the microsoft tenant. I am wondering how to avoid duplicate accounts, or if anyone has seen this before?

Hopefully that makes sense....🤔

I found this Solved: How does SaaS Manager consolidate user accounts? - Community (flexera.com) which seems to suggest that the Email ID is the unique identifier. However, i can't add email aliases in SaaS Mgr or at least dont see an option to.

I also found this: https://docs.flexera.com/flexera/EN/ITAssets/Usr-Props-Details-Tab.htm#:~:text=The%20email%20address,the%20user%20records. I am not sure if "Alternate Email" in the user details page needs to be linked up? Not sure how we'd do that at scale however. 

Thanks in advance for any ideas! 

(1) Solution

@johnksilverwood - If you look at a User within FNMS/ITAM and go to the Details tab you will see an Email address field as well as an Alternate Email address field.  The main Email address field should be linked to your Active Directory.  If your M365 Portal has a different email format, then you need to populate your M365 email address into the Alternate Email address field for each user.  This can be performed with a Business Adapter.

During your license reconcile, when a User Email address is received from the M365 Portal, FNMS will attempt to find an existing user by matching on the User Email field.  If a match is not found, then FNMS will attempt to find an existing user by matching on the User Alternate Email field.

View solution in original post

(7) Replies

@johnksilverwood - If you look at a User within FNMS/ITAM and go to the Details tab you will see an Email address field as well as an Alternate Email address field.  The main Email address field should be linked to your Active Directory.  If your M365 Portal has a different email format, then you need to populate your M365 email address into the Alternate Email address field for each user.  This can be performed with a Business Adapter.

During your license reconcile, when a User Email address is received from the M365 Portal, FNMS will attempt to find an existing user by matching on the User Email field.  If a match is not found, then FNMS will attempt to find an existing user by matching on the User Alternate Email field.

Thanks @kclausen ! In the All SaaS Users part of SaaS Mgr- does that fill "Email Aliases" based off of ITAM Alternate Email data?

I just found the email aliases option that this article refers to. Would this be something that we could also edit with business adapter, or would that have to be done manually? (Or best case it takes it from ITAM Alternate Email) 

The Alternate Email address in ITAM and the Email Aliases field in SaaS Manager are independent from one another.  Within SaaS Manager, you can add other email address fields to a User so that when you look at Usage for a specific user within SaaS Manager across different SaaS Applications, you will see a consolidated view.

WIthin ITAM, the Alternate Email address is used when importing SaaS information.  The primary email address of the user in SaaS Manager is imported into ITAM, and then within ITAM a match is attempted against ITAM Users on the Primary Email as well as the Alternate Email.  If an ITAM user cannot be found by matching on the SaaS Email Address, then a new ITAM User will be created.

@kclausen ,  After we update the alternate email to the correct user record, what happens to the duplicate user record (created because of email mismatch) ? Will FNMS delete this duplicate record (with remote device linked) or should we manually delete these records?

For what it's worth, i am pretty sure FNMS removed the alternate record when i added the alternate email to the ITAM record i tested on. I only did this with 1 record however.

@ImIronMan - AFAIK, the duplicate User records created from the O365 Adapter do not get automatically deleted once you correctly assign the Alternate Email Address.  However, I cannot state this with 100% confidence.  I would suggest you update a couple of the User Records created from AD with the alternate Email Address and after another import from O365 see if the duplicates remain or get deleted.

Based on the feedback from @johnksilverwood - it sounds like there is a possibility that the duplicates do get deleted.

ImIronMan
By Level 6 Flexeran
Level 6 Flexeran

It didn't work for me. I've updated alternate email for around 300 users for one O365 license but looks like still the same duplicate users with remote devices users exist in the consumption. So now, I want to test it by deleting duplicate users from consumption ( with remote devices) and running the import again. Is there any way that I can delete only duplicate users with remote devices in one go for only this license?