I was hoping to get your take on a rather unique issue that we're having with usernames, API and SSO.
A bit of context behind the query, we're on 220.127.116.11 (Hosted) and are trying to create usernames that are unique to the user. Currently the users email is the username.
The problem that we noticed is that an email is unique to the user for the duration that the employee is with the company however if they leave the company and another employee is hired (several months later) with the same name, we run into issues as the external identifiers will not matching with the users email / account. If we remove the external identity from disabled users, there is a risk that new employee's may inherit the existing account.
My intended ideal solution...
We have a script that runs nightly and connects to the API and our internal AD servers to see if a users account is disabled in AD, if it is, the account will be disabled in Jive through the API. I suspected it would be simple enough to update the username for disabled users from firstname.lastname@example.org to john.smith@deactivated to mitigate the issue. However it appears that the username field cannot be changed with the API once the user is created; however the username can be changed through the admin console (not sure if anyone can explain why?).
I would love to hear any advice on the situation, or possible alternatives that other folks may have done.