Naming Service
Generate enterprise-grade usernames, emails, and display names from YAML policies and Jinja2 templates. Pluggable uniqueness strategies prevent collisions. Atomic reserve/commit handles bulk operations. 40+ language transliteration gets international names right. 12 ms per transform.
Key advantages
The naming nightmare
"Every Monday morning we onboard 50–200 people. Two of them are always 'John Smith.' Our help desk spends 30 minutes per collision figuring out which john.smith3 is taken and which isn't — across AD, Exchange, and SAP. Last quarter we provisioned the wrong account twice." — IAM Engineering Lead, Global Enterprise
Naming collisions during provisioning
Parallel onboarding creates duplicate usernames. Help desk wastes 30 minutes per collision resolving conflicts manually.
Inconsistent naming across systems
AD uses first.last, Exchange uses firstinitial.last, SAP uses employee ID. No single policy governs all systems.
International character failures
Müller becomes Mueller in one system, Muller in another, and fails entirely in a third. No consistent transliteration.
Zero admin visibility
Naming rules live in undocumented scripts. When the author leaves, nobody knows what the logic does or how to change it.
No collision prevention in parallel
Two provisioning flows running simultaneously both check uniqueness and both pass — then one fails at commit time.
Custom scripts per system
Each target system has its own naming script — different languages, different maintainers, different failure modes.
Why alternatives fall short
How it works
Define naming rules in YAML, render with Jinja2, apply character transforms and uniqueness checks, then atomically reserve and commit. Three steps from identity attributes to collision-free identifiers — in 12 ms.
Define & template
- →YAML rules define naming patterns per system, per attribute set
- →Jinja2 templates render first name, last name, department — any identity attribute
- →Per-system granularity: AD gets first.last, SAP gets employee ID prefix
Transform & check
- →50+ character transforms: lowercase, strip diacritics, transliterate, truncate
- →40+ language transliteration — Müller, O'Brien-Smith, Nakamura handled correctly
- →Pluggable uniqueness check: append_number, append_random, or custom Python plugin
Reserve & commit
- →Atomic TTL reservation in Redis — name held until provisioning completes
- →Commit on success — reservation becomes permanent record
- →Release on failure — TTL expires, name becomes available for next request
Performance
Capabilities
Six core capabilities that turn ad-hoc naming scripts into a governed, collision-free provisioning pipeline.
Jinja2 template engine
Full Jinja2 syntax · filters · conditionals · loops
Jinja2 template engine
Full Jinja2 rendering engine for naming templates. Use any identity attribute — first name, last name, department, location — with filters, conditionals, and loops to generate complex naming patterns.
- Example:
{{ first_name[0] }}.{{ last_name }}@{{ domain }} - Built-in filters for lowercase, truncate, transliterate
- Monaco editor in admin UI with syntax highlighting and live preview
YAML rule definitions
Declarative policies · per-system rules · version-controlled
YAML rule definitions
All naming rules defined in YAML — no code required. Each rule specifies a target system, template, character transforms, and uniqueness strategy. Version-controlled and auditable.
- Per-system rule granularity — AD, Exchange, SAP each get their own policy
- Priority ordering for fallback patterns
- Git-friendly — diff, review, and roll back naming policy changes
Pluggable uniqueness strategies
append_number · append_random · custom Python plugins
Pluggable uniqueness strategies
When a generated name collides, the uniqueness strategy determines the resolution. Built-in strategies cover common patterns; custom Python plugins handle enterprise-specific logic.
append_number: john.smith → john.smith2 → john.smith3append_random: john.smith → john.smith.x7k2- Custom Python plugins for domain-specific logic (e.g., department prefix)
Reservation system (Redis)
Atomic reserve/commit · TTL expiry · parallel-safe
Reservation system (Redis)
Redis-backed atomic reservation prevents parallel provisioning collisions. A name is reserved with a TTL during provisioning — committed on success, released on failure or expiry.
- Two parallel flows for "john.smith" — second one gets "john.smith2" instantly
- Configurable TTL per rule — short for real-time, longer for batch operations
- No orphaned reservations — TTL guarantees cleanup on failure
International character handling
40+ languages · Unicode CLDR · per-system rules
International character handling
Built on Unicode CLDR transliteration rules for 40+ languages. Each target system can specify its own character handling — AD might accept umlauts while SAP requires ASCII-only.
- Müller → Mueller (German), O'Brien-Smith → obrien-smith, 中村 → Nakamura
- Per-system transliteration profiles — preserve diacritics where supported
- Compound name handling: hyphens, apostrophes, spaces — all configurable
4-tab admin UI
Monaco editor · live testing · help desk self-service
4-tab admin UI
Visual admin interface with four tabs: Rule Editor (Monaco), Transform Tester, Reservation Monitor, and Audit Log. Help desk staff test naming output without touching YAML files.
- Monaco editor with YAML syntax highlighting and validation
- Live transform tester — enter a name, see output across all target systems
- Help desk self-service: look up reservations, test transforms, preview collisions
Business impact
30 min per collision → 3 min automated
Atomic reserve/commit eliminates race conditions
Policy-enforced naming across every target system
Self-service UI replaces manual naming workflows
Frequently asked questions
How is this different from built-in naming in SailPoint/Saviynt?
Built-in IGA naming generators offer basic first.last patterns with limited collision handling. EmpowerNow Naming Service provides full Jinja2 templates, YAML-defined per-system rules, pluggable uniqueness strategies (including custom Python plugins), atomic Redis-backed reservation for parallel safety, and 40+ language transliteration via Unicode CLDR. The visual admin UI lets help desk staff test and troubleshoot without touching code.
How does the reservation system prevent collisions?
When a name is generated, it is atomically reserved in Redis with a configurable TTL before provisioning begins. If two parallel flows generate the same name, the second reservation fails instantly and the uniqueness strategy produces an alternative. On successful provisioning, the reservation is committed as a permanent record. On failure, the TTL expires and the name becomes available again. No orphaned locks, no race conditions.
What happens with international names?
The service uses Unicode CLDR transliteration rules for 40+ languages. Each target system can define its own character handling profile — AD might preserve umlauts while SAP requires ASCII-only output. Compound names with hyphens, apostrophes, and spaces are handled per configurable rules. Jürgen Müller becomes juergen.mueller for one system and j.muller for another, all from a single YAML policy.
Can we customize the uniqueness strategy?
Yes. The service ships with built-in strategies (append_number, append_random) and supports custom Python plugins per rule. A plugin receives the base name and collision context, and returns the resolved unique name. Plugins are hot-loadable — no service restart required. Each rule can specify a different strategy for different target systems.
Standards & protocols
Protocols
Observability
Compliance-ready
Use cases
Related reading
Ready to see it live?
Book a 15-minute walkthrough with an engineer. We'll map Naming Service to your architecture, show real event flows, and answer every technical question.