Hi Team, We have a requirement to update identity attribute (isDormant) based on account attributes from OnPrem AD and Entra ID applications. Basically, the criteria is to set the identity attribute to “True” if
ADattribute: lastlogondate >90 days and Account expires < current date
and Entraattribute: lastsignindate >90 days
We could think of 2 ways to achieve this.
Either, create Global Rule in the Identity mappings to set identity attribute
or, create Application Rule in Account mappings to set searchable account attributes in both the accounts and another Rule to set Identity attribute.
Can you please provide insights on which is performance intensive?
I would say it depends on your requirements. If you have a requirement where you will need to search on AD Attribute lastLogonDate & account expires as well as Entra attribute lastSignInDate, then certainly I would recommend making a searchable Link attribute for those.
If you don’t, I don’t believe there is a need to create Link attributes for them since regardless you will have to create a Global Rule to set the value at the identity level since isDormant is dependent on 2 separate applications to compute the value.
As far as a performance impact, you would see increased performance looking up searchable attributes over iterating over links and looking for specific link attributes. However, you would want to consider the overhead and impact of adding additional searchable attributes to your database. Hope this helps!
@DivyaSubha If this is a centralized dormancy rule where based on the AD+Entra attributes you need to consider the complete identity as dormant, then you can go with Identity attributes. Else, if you have separate dormancy criteria for each app, then you can go with searchable account attribute, based on which you can initiate subsequent modules like a custom task/workflow or policy or etc.
Note: Found a fix? Help the community by marking the comment as solution. Feel free to react(, , etc.) with an emoji to show your appreciation or message me directly if your problem requires a deeper dive.
, 
, etc.) with an emoji to show your appreciation or message me directly if your problem requires a deeper dive.