I have implemented native change detection in Gsuite in our tenant and I have found idn is triggering native change detection events even in those cases where change was made by identitynow itself.
One common example is “suspended” attribute. We disable/enable Gsuite accounts from idn and it is very rare to do this on end source so we are detecting native change on suspended attribute.
The problem we have observed is when identitynow disables account , connector is not setting suspended to true once disable provisioning plan is successful. Account is disabled on end source and it is shown disabled on identitynow but suspended is still false under account attributes.
In next aggregation, identitynow finds mismatch between account attribute fetched from end source and on idn side and it triggers event but actually idn made that change.
To solve this problem we can send attribute request for disable action and this would solve this problem but wanted to highlight this in group and seek how others are using native change detection and overcoming this problem of false detection because of the way connector and provisioning plan is implemented.