Which IIQ version are you inquiring about?
8.4p1
Currently we have requirement as below, when a user is added/removed to group/memberof starts with MG-TEST-Group*, we need to provision/de-provision a Salesforce Application Account.
Note: Group/memberof is not added/removed to user profile in Sailpoint, it is directrly added/removed in AD application.
How we designed is,
For the AD Application, we have enabled the Native Chnage detection, on userdefined attribute, memberof for create,modify,delete operations.
We created a Native Change Lifecycle Event, in these for Included Identities(Identity Selector), we have kept some rule, to fetch list of native change detections from identity and those nativechnages are for these particular groups mentioned above, and return true or false.
We have added a user to a group/memberof starts with MG-TEST-Group in AD application. And performed the single user aggregation. During aggregation itself Native Change Identity Selector rule is getting triggered, but on the identity object we dont see any native change detections.
What we have done is, on the Native Change event,for Included Identities(Identity Selector), instead of rule, we have kept as All, now we are able to see native change detections, tag in identity Object.
Now the question is, why we are not able to see, native chnage detections, when identity selector is mentioned with some rule.
Expectation is using that rule, we can fetch native change detections, as identity argument is avaliable. And to do some technical calculations, so that it will not lauch for all kind of groups addded in AD.