We are facing one issue for Azure Active Directory, we have not configured anything for account creation setup in AAD source, because accounts are getting synced from Active Directory account. We have 2 birthright roles to validate the account creation and provision birthright access based on LCS (only active) and Azure Account status (enabled).
We are performing modify operation using access request configuration, but we have identified that for few users, after 30 days of termination (this is a separate LCS), during identity refresh create account operation is triggered and failed with error: <>. Can anyone please help why create operation is getting triggered during identity refresh.
Note : Identity does not matching the birthright access criteria once it is moved to inactive.
Thanks for your reply, We have only one entitlement as requestable and remaining are not requestable, during identity refresh its trying to create the user by adding the entitlements which are not requestable.
I know you have mentioned that Identity does not match the birthright access criteria once moved to inactive.
Please double check if that entitlement part of any birthright role and matching the criteria (make sure you are using technical names of attribute used in the criteria).
I would recommend you to thoroughly check the account activity and the event for the trigger of adding entitlement and create account in AZ.