Environment Details

On the Identity Provider Linked To Vanta test, you may see the following message:

"Unable to load user from identity provider. 
Loading this user would cause there to be multiple active users in Vanta with the same email address."

Cause

When an email is synced from an IdP like Google workspaces, Vanta will automatically links any exisiting HRIS info with a person based on a combination of email address and name matching.

If the email account is deactivated in the IDP for any reason, then reactivating it again, Vanta will detect this as 'new employment' and attempt to create a new user profile. This is done to show proof that during an employee's tenure at an organization, they successfully completed their onboarding and offboarding. If they are re-hired, a new user is created in Vanta to show that they have completed onboarding again.

If the previously connected HR Data is still active and connected to original IdP 'employment period', it's unable to create a new user profile for the updated employment period, and will result in this error. 

Resolution

• From the People Page, click on the 'More' drop down, then select 'Manage HR Data'

• Select Linked and open the dropdown for the appropriate person 
• Select Clear

• Navigate back to the Identity Provider Linked To Vanta test, and select the Refresh option found next to the test name

• You should now have two users with the same email in Vanta - a 'Former employee' user representing their first employment period and a 'Current employee' user representing their current employment. These dates are pulled from the IdP profile. 

• Navigate back to the Manage HR Data window and link the HR user data to the updated IdP user profile with the appropriate start date. 

Additional Resources

• How Does a Person's Employment Status get Determined?
• Having Multiple “users” in Vanta for the Same Person
• Employee start dates when only using an Identity Provider
• How to Manually Link/Unlink HR Data