Hey Amar!
I don’t believe there is an easy way to do this currently. Entitlement requests have gotten a lot of changes recently, but unfortunately the do not currently have the multiple account options like Access Profiles.
IDN in general isn’t great at handling identities that have multiple accounts in one source.
The two options I can think of to help with this would be to either switch to using Access Profiles for access requests, or create a second AD source to filter on each account.
Switching to Access Profiles for these types of requests will let you use the Multiple Account Options to help determine which account to provision the access to.
Creating a second source would essentially split the accounts that the users have into 2 seperate sources. For example, if users have a domainA and a domainB account, one connector will just look for the domainA accounts and the other would look for the domainB accounts so users only have one account on each source. This would duplicate the entitlements in the entitlement catalog, but it would allow you to just make the domainA groups provisioned to the domainA accounts. It is fairly common to have multiple sources to support users having multiple accounts, we have 3 ourselves, in order to only have one account from a source linked to an identity, but it can get a bit messy.
Here are some other topics regarding having multiple AD sources that may be helpful.
Please let me know if this helps!
- Zach