Hi,
I am struggling with this situation wherein I have a JDBC connector with the provisioning rule updated in it. It worked fine in the beginning but now I see that every time I delete the entry from the DB and aggregate an identity now identity refresh automatically recreates the deleted row with the same entitlements.
There may be an Access Request that was approved for the identity in question that will recreate the account until a Certification is created to remove/deny the access.
Think of IDN as an Actual State vs. Desired State type of machine. If there’s an Access Request Approved for the access then it will detect this missing access and try to restore it. The way to prevent this is a Certification that supersedes the Access Request revoking the access.
This is to correct issues that IDN assumes were “out of band” (i.e. native changes) to keep it in control.