I know that we can exclude groups, users or object types from being aggregated into ISC by writing an LDAP filter on the integration source itself, but is there a way to still aggregate the data in and just exclude them from password sync?
Hi @daveboisvert !
I do not believe you can exclude users/accounts from a password sync group. If a source is part of a password sync group, any password reset will propagate to the other sources in the sync group.
If you are looking to do this because users have something like secondary accounts (maybe an admin account or something), or you have a subset of accounts that are just handled differently, I would suggest creating a second LDAP connector for these accounts you want to exclude. Write a filter to exclude these accounts on your original source, and an inverse filter to only aggregate in these accounts on your new source. The new source won’t be part of the password sync group and users can reset passwords for those accounts separately.
Let me know if this helps!
- Zach