Scenario 1.When user is set to delete in okta, LCS of user is delete (disabled user is enabled and disabled in before provisioning rule) in IDN, I am trying to update values email and loginRename attribute to ‘[email protected]’ in source okta by using Okta Before Provisioning Rule and PowerShell script values are set in Active directory as well. Everything sync up on aggregation.
Scenario 2.When user is set to undodelete in okta, LCS of user is undodelete (active) in IDN, we have to set values to email and loginRename attribute to ‘[email protected]’ this values we are not able to set through Before Provisioning rule (user is suspended in okta after undo delete it has to be active) and for that reason I did write transform to set okta values email and loginRename attribute to AD email.
Here my questions are
Question 1. in okta if user is suspended and being activated before provisioning rule set values doesnt work?
Question 2. if Transform values are being set its overwriting before provisioning rule values in ‘delete’ scenario how to overcome? sync is enabled in attribute sync in okta for email and loginRename attributes