Hello Community members
We have one AD source and users have 2 AD accounts. Both are from the same AD source and don’t want to create separate AD source.
I want to do attribute sync only for primary account not the secondary one.
Any possibility we can achieve this in ISC OOB or customized way ?
Thank you in advance.
Hi @manan7108 Currently the filter is not supported in attribute sync. You may consider to use either Update provisioning plan where you can check the account type is not admin by using transform to update the attributes or use Before Provisioning rule to do the same for attribute updates.
Hi @manan7108
You can try to use Before Modify Rule and write a logic which can identify the admin account like if admin account starts with ADM- or if there is any attribute that defines that the account is admin account, based on that you can stop the provisioning value to not modify the particular account even though SailPoint triggered attribute sync for both the accounts. This way you will be using before modify rule powershell script to not populate particular attribute for ADM account.
