Troubleshooting Duplicate Users: Why Does One User Appear Twice in the 'Reporter' Field?

Hi @Prasad Bonthu 

This is an interesting case, and based on similar scenarios I’ve encountered, here are some possible causes and investigation steps:

Possible Reasons for the Duplicate ("Ghost") Account

1. Migration Artifacts – If your instance underwent an on-prem to cloud or cloud-to-cloud migration, a user might have been created earlier with a different account ID, resulting in two separate profiles.
2. Active Directory / Identity Provider Sync – If your site syncs with AD or an IdP (Okta, Azure AD, etc.), the user may have been provisioned automatically before the formal invitation.
3. Domain-Based Auto-Access – If your site access settings allow anyone with a specific domain to join automatically, the user could have been created on June 5th when she first accessed the site (even before being officially invited).

Steps to Investigate the "Ghost" Account

• Check User Management – Compare both accounts’ email addresses. Ensure there isn’t a typo or alias (e.g., jane.doe@ vs jane_doe@). Each user must have a single unique email.
• Audit Logs Beyond Invitations – Look for any "user created" or "site access granted" events around June 5th. Not all activities appear under “invitations,” so expand your search to product access logs.
• Check Site Access Settings – Review whether "Anyone with [company domain] can join" was enabled.
• Review Identity Provider Logs – If SCIM provisioning is used, check if the user was auto-provisioned via IdP before the formal invite.

Preventive Measures

• Ensure strict domain access controls are in place.
• Regularly audit for duplicate or inactive accounts.
• Follow best practices for user provisioning—SCIM/IdP syncs are more reliable than manual invitations.

Kind Regards
Utkarsh