I have an identity attribute rule that generates a unique id. Sometimes when running several aggregations, rule generates duplicates, which is expected as is not thread safe.
What alternative do I have instead of using a rule? In other clients that have AD connector, I use a powershell before operation rule for generating the unique username for AD and ISC. In this environment I have a cloud Entra ID connector..
you can use before provisioning connector rule for Azure/Entra connector too if its its not SaaS based but if its SaaS based, the cloud rule will do on create operation :
VA based rule type : “ConnectorBeforeCreate“
For Entra ID cloud connectors, use the Username Generator transform in the create profile instead of identity attribute rules. The transform supports uniqueCounter for generating unique usernames like firstname.lastname## and is designed for provisioning operations, avoiding the thread-safety issues of rules during aggregation (discussion).
Unlike AD’s before-operation rules, cloud connectors rely on transforms configured directly in the source’s create profile attributes for account creation operations.