This does work but I am really only concerned about the ones that have not changed in the Authoritative source. For example we have a walk out term so we change LCS to terminated manually . . . i want to know that HR really terms that person. Or HR says this person is back from LOA please enable while we are waiting for the real change in the HR system. I want to know that HR really moves them from LOA back to active.
You can build a search query or Identity List that compares current identity LCS with the authoritative source’s value (e.g., from a correlated attribute like source_LCS). Use a transform or identity attribute to store the LCS from the HR system during aggregation. Then compare it with the current SailPoint LCS to detect manual overrides. A scheduled search subscription can alert you when discrepancies occur. This ensures HR is truly driving state changes and helps flag exceptions like early terminations or premature reactivations.