I am hoping to find information on how to track non-employees in NERM as a regulatory requirement, but who do not need to be provisioned. Our current workflow in NERM lets sponsors create a new people profile, then their assignment. Then, the connection from IdentityNow to NERM brings over those identities on aggregation, and they are provisioned in AD through that connection.
What is the best way to still track those identities but not have them provisioned in AD? Could it involve adding an option to the “Non-employee Type” attribute in NERM and use that option as criteria in a new IDP in IdentityNow for this specific use-case? If I create a second IDP for NERM, can I disable all provisioning and accomplish what I’m looking for that way? Thank you for your help!
There are several options to accomplish what you need and the ideas you have would work too. I believe a clean and easy to manager going forward way to achieve this would be by creating a new lifecycle state that will be applied to users that you want to aggregate but not provision an AD account for your existing Identity Profile for NERM.
Then use either a transform or rule to determine the relevant lifecycle state for the identities. For users that match the new lifecycle state, ensure there is no provisioning configured through the Identity Profile or exclude them on any existing roles that auto-provision as birthright.
I hope I understood your problem correctly and hope this helps.