I have a jdbc connector with sync feature turned on for some attributes. I realized that when connector performs an account aggregation, sync is thrigered for all identities who has an account on this source.
This generates a lot of work (about 12k itens in WPS), and turn tenant unusable until it ends.
Besides the identity refresh events, what other events triggers sync? Why sync is triggered for all identities, instead of being triggered only for identities which attributes differ from account attributes values?
This honestly feels like a bug to me. The sync should only fire off events, provisioning transactions, and work items, etc, for accounts where something has changed.
That is not the expected behaviour. But often that might happen due to case sensitivity of the attributes. Eg: if email from identity is Uday.kilambi@test.com and the email on account attribute is uday.kilambi@test.com, the the sync is expected to trigger. Make sure the cases are aligned in your situation
This could have happened if you have updated attr sync and pushed it for all users when you saved it. if its not in your prod region, you may want to close all the account activities using {{baseUrl}}/access-requests/close which will take tracking id as input array upto 500 count. you might see some progress slowly and steadily