How To
ForgeRock Identity Platform
ForgeRock Identity Cloud

How do I resolve the Found Already Linked situation in Identity Cloud or IDM (All versions)?

Last updated Jan 12, 2023

The purpose of this article is to provide assistance if you encounter the Found Already Linked (FOUND_ALREADY_LINKED) situation in ForgeRock Identity Cloud or IDM when running a reconciliation.


The Found Already Linked situation typically occurs when you delete and re-create source objects with exactly the same data, and then run a reconciliation. It essentially means the target object is still linked to the old source object (now deleted) and therefore cannot be linked to the new source object.

Firstly, you should try to avoid this situation by running a reconciliation before you re-create the source objects. The high-level steps for this are:

  1. Delete the source objects.
  2. Run a reconciliation on the source with the Source Missing (SOURCE_MISSING) situation set to UNLINK.
  3. Re-create the objects in your source.

If the Found Already Linked situation has already happened, you can resolve it using one of the following approaches (it is not possible to “relink” these records):

Manually delete invalid links

You can manually delete invalid links using REST by specifying the ID of the link you want to delete.

In Identity Cloud, you will need to replace <tenant-env-fqdn> with your Identity Cloud tenant name and <access-token> with the access token you obtained when you authenticated to the Identity Cloud REST API (Authenticate to Identity Cloud REST API with access token) when you use this REST call.

For example, you can use a curl command such as the following:

  • Identity Cloud: $ curl \ --request DELETE 'https://<tenant-env-fqdn>/openidm/repo/link/<link-ID>' \ --header 'authorization: Bearer <access-token>' \ --header 'Accept-API-Version: resource=1.0' \ --header 'content-type: application/json'
  • IDM 7 and later: $ curl -X DELETE -H "X-OpenIDM-Username: openidm-admin" -H "X-OpenIDM-Password: openidm-admin" -H "Accept-API-Version: resource=1.0" -H "Content-Type: application/json" "http://localhost:8080/openidm/repo/link/<link-ID>"
  • Pre-IDM 7: $ curl -X DELETE -H "X-OpenIDM-Username: openidm-admin" -H "X-OpenIDM-Password: openidm-admin" -H "Content-Type: application/json" http://localhost:8080/openidm/repo/link/<link-ID>

Creating a reverse mapping to unlink records

By creating a reverse mapping, any records which previously were shown as Found Already Linked will now show as Source Missing and can be unlinked.

You can create a reverse mapping to unlink records as follows:

  1. Create a mapping with the source and target reversed compared to the original mapping. This reverse mapping should:
    • Use the same links setting as the original mapping. See Reuse links between mappings for further information.
    • Only include required properties.
    • Update the Behaviors as follows:
      • Set the action for the Source Missing situation to UNLINK.
      • Set the action for all the remaining situations to IGNORE.
  2. Run a reconciliation to unlink all records which have a missing source.
  3. Delete the new mapping.

See Also

FAQ: Synchronization in IDM

Synchronization in IDM

How IDM assesses synchronization situations


Related Training


Related Issue Tracker IDs


Copyright and Trademarks Copyright © 2023 ForgeRock, all rights reserved.