New Ebook // 2024: A Year of Identity Attacks

Ready to help

What happens when I merge employee records?

If you have employees who use multiple email addresses, you may wish to merge those employee records in Push so that they can be treated as a single human.

Common reasons for merging employee records include:

  • You have employees with a user email address and an administrator email address, such as IT, security, or help desk staff.

  • You recently changed your company email domain or merged with another company and need to associate employee records with a new domain in Push.

  • You use different values for employees’ User Principal Name (UPN) and email address in your identity provider, resulting in duplicate employee records getting created in Push when employees log in with both identities (e.g. janedoe@acme.com vs. jdoe123@acme.com).

How to merge employee records

You can merge employee records in the Push admin console or via the Push REST API.

If you are merging a small number of records, you can do so in the admin console. If you have a large number of records or wish to specify a pattern (e.g. janedoe.support@acme.com → janedoe@acme.com) to map secondary records to primary records, we recommend using the API.

From the admin console, go to the Employees page and select the records you want to merge. You can merge up to 5 records at a time. Then under the Bulk actions dropdown, select Merge employees.

Merge employees - bulk action - KB 10127

You’ll see a modal that prompts you to specify which record should become the primary employee record after the merge is complete.

Merge employees - select primary - KB 10127

After the merge, you can view an employee’s secondary email addresses by opening the employee details slideout from the Employees page and clicking the dropdown under their name. With the dropdown open, you’ll see the secondary email addresses used by that employee.

Merge employees - show secondary email address - KB 10127

Impact of merging employee records

After merging employee records, the Push platform will:

  • Reduce your in-use license count so that only the primary employee record is licensed.

  • Combine all app, account, and OAuth integration data tied to the merged employee records into the primary record, visible on the employee details slideout.

  • Combine all account security findings for the merged employee records into the primary record.

  • Combine all enrolled browsers tied to the merged employee records to the primary record.

  • Combine all “Other apps” data, including records of logins to internal apps, for the merged employee records to the primary record.

  • Associate any detected mail rules for the merged employee records to the primary record.

  • Resolve any shared account findings that existed for accounts used by both the primary and secondary employee records for the same person.

How to unmerge employee records

You can unmerge employee records by opening the employee slideout for the primary record and then selecting the dropdown to view their secondary records. Click the unlink icon to unmerge.

Merge employees - unmerge - KB 10127

You can also unmerge records via the API.

Important! When you unmerge employee records, Push will also unenroll their browser extensions. If you have previously performed a managed deployment of the extension, those users’ extensions will re-enroll automatically the next time that Push observes the identity of those users through their browser activity. If their extensions were manually enrolled using a link sent via email or using the browser enrollment landing page option, you will need to prompt the employees to re-enroll their browser(s) by sending a new enrollment link.

Unmerging records will also result in the following changes:

  • A license will be consumed by both employee records.

  • Data associated with those employee records for apps, accounts, security findings, etc., will be separated and re-associated with the individual records.

  • Note that any shared account findings that were resolved when you merged the employee records originally will not be re-opened until Push observes login activity for those accounts again.