We’ve a SCIM based target system, where we’ve licensing restrictions on total number of user objects.
I’m thinking that user need to provision to target system only during the event of when any access is given to the user in IDM (relationship to a role/custom managed object or implementing a custom multi-valued string array type on user object).
I’ve implemented similar use case with other IDM solution. However, not sure what are the options with ForgeRock IDM tool? (‘Assignments’ do allow us to provision attributes based on a condition. However, in this case, we need to provision the user itself based on a condition (access to a resource)).