I would like to use the synchronize-attributes-for-identity API to issue an update operation for an account that will provoke an IQService after rule from within a workflow.
Assuming I have some attributes mapped (e.g., firstName, lastName, email) for synchronization, and one more mapped but not synchronized (e.g., department), if the after-script modifies the department, can I send back the new value so it appears on the identity?
I don’t think that is possible, Also the synchronization works from IDN/ISC to Target application. Unless the change come from Auth source the Identity value cannot be changed.
As Yathisha said, attribute sync goes from ISC to the target source. Further, it is only going to update if it detects that there is a mismatch between what is in ISC and what is in the target system. So, it you trigger synchronize-attributes-for-identity, you will only see a modify event on the IQService if the data has changed.
To your second question, if you change the attribute department in Active Directory and then aggregate, you will have the new value stored in the AD account. You can map this value on your Identity Profile. One caveat, if some users may not have a department, you will need to use a transform in the mapping to specify what to do if the value is null.
Hi @agutschow ,
To be honest, I assumed the API call would force an update regardless of whether a discrepancy was known.
It’s been sometime now that ISC no longer waits for the scheduled processing to synch attributes, so if this API didnt force the update regardless, it would seem of no use.