Area: Product Issues
Sub-Area: User Account Management / Authentication
Issue
DataHub treats email addresses as case-sensitive identifiers during user account creation. As a result, if a user attempts to log in or accept an invitation using the same email address with different letter casings (for example, user@example.com, USER@example.com, and USER@EXAMPLE.COM), DataHub may create a separate user account for each unique casing variant. These duplicate accounts are functionally distinct within DataHub's user store, but they all represent the same person and lead to confusion around permissions, roles, and data ownership.
You Might Be Asking
- Why does my DataHub instance show multiple user accounts for the same person?
- Are accounts with the same email but different letter casing considered duplicates in DataHub?
- How do I clean up duplicate user accounts caused by case differences in email addresses?
- Will deleting a duplicate account affect the active user's access or permissions?
Solution
-
Identify duplicate user accounts. Navigate to Settings → Users & Groups in the DataHub UI and review the user list for accounts that appear identical except for letter casing in the username or email address (e.g.,
user@example.com,USER@example.com,USER@EXAMPLE.COM). - Confirm which account the user is actively using. Ask the user to log in and confirm the exact email address or username associated with their active session. This is the account that should be retained. The remaining accounts with alternate casings are safe to remove.
-
Delete the duplicate accounts. An admin can remove the unused duplicate accounts via the DataHub UI:
- Go to Settings → Users & Groups.
- Locate each duplicate account (those with alternate casings).
- Select the account and choose the option to remove or delete it.
Replacemutation removeUser { removeUser(urn: "urn:li:corpuser:USER@EXAMPLE.COM") }USER@EXAMPLE.COMwith the exact URN of the duplicate account to be deleted. The URN is case-sensitive and will reflect the casing used at account creation time. Repeat for each duplicate. - Verify the active account retains correct access. After deleting the duplicates, confirm that the user can still log in successfully with their active account and that their group memberships, roles, and any data ownership assignments remain intact.
- Prevent recurrence. When sending invitation emails or provisioning users via SCIM or SSO, ensure that your identity provider (IdP) consistently normalizes email addresses to a single casing convention (typically all lowercase) before passing them to DataHub. This avoids triggering the case-sensitive matching behavior at account creation time.
Additional Notes
DataHub's internal user URN system is case-sensitive, meaning urn:li:corpuser:user@example.com and urn:li:corpuser:USER@example.com are treated as entirely separate entities. This is a known platform behavior rather than a bug in the traditional sense, but it can cause operational issues when users access the platform through multiple flows (e.g., direct invite, SSO, or API-based provisioning) that do not enforce consistent email casing. If your organization uses SSO or OIDC, verify that the identity provider is configured to emit a consistently cased email claim. DataHub Cloud customers can contact DataHub Support to have duplicate accounts identified and removed on their behalf.
Related Documentation
- Configuring OIDC SSO in DataHub
- DataHub GraphQL API Overview
- Adding and Inviting Users to DataHub
- DataHub Roles and Access Management
Tags: duplicate-users, case-sensitive-email, user-management, authentication, account-cleanup, SSO, OIDC, user-provisioning, GraphQL, invite-flow