I want to enable attribute sync in SailPoint IDN for the AD source. I have onboarded 2 sources.
Authoritative source: SAP ECC (HR/HCM connector)
Other source: AD
There are thousands of existing accounts in AD and read into SailPoint already. We want to turn on attribute sync but the concern is does it impact all the existing user accounts once I turned on?
We do not want SailPoint to sync attribute for all the existing accounts. We only want the changes for the new AD accounts created via SailPoint after sync is turned on. And for the accounts who are having identity attributes change from SAP.
Remarks: Delta aggregation is turned on in SAP source.
Attribute sync will update account attributes in target sources whenever a difference is detected between the account attribute value and the identity attribute value that has been mapped to sync with the account attribute. This is irrespective of whether the account already existed in the downstream application or was created by SailPoint. However, as long as identity attribute matches with account attribute, no action will be taken. You might have also noticed that Attribute sync can be configured for only those account attributes that are mapped from identity attributes, and not rule, transform, static string.
Once you turn on sync it will update for all the correlated accounts on a source.
As mentioned by @Abhishek_1995 that will useful when attribute sync fails, the request is requeued and retried for up to 10 times. After the problem is resolved, an administrator can either manually resync individual identities or use the Sync option on the Attribute Sync configuration page to force a bulk resync for the source.