You can add this below config, under Source Config → connectorAttributes, You do not need to touch SSBP Rule
- Event config1 deletes account when last entitlement (groups, you need to change this to your entitlement attribute name)
- Event config2 deletes account when user LCS changes to inactive and disable operation on account which you might have configured already under Identity Profile → Provisioning → Inactive–> Sources to Disable
I used 1st event config many times, not the 2nd one yet, test it out.
"cloudServicesIDNSetup": {
"eventConfigurations": [
{
"eventActions": [
{
"Action": "ChangeOperation",
"Value": "Delete"
}
],
"Operation": "Modify",
"Entitlement Cardinality Update Triggers": [
{
"Attribute": "groups",
"Operation": "LastRemoved"
}
]
},
{
"eventActions": [
{
"Action": "ChangeOperation",
"Value": "Delete"
}
],
"Identity Attribute Triggers": [
{
"Attribute": "cloudLifecycleState",
"Value": "inactive",
"Operation": "eq"
}
],
"Operation": "Disable"
}
]
}