You can specify users to exclude from syncing during reconciliation by using the validSource trigger within the IDM mapping to evaluate whether the source account (for example, an LDAP account) is valid based on specific criteria. The criteria should be scripted in a way that returns a boolean value true or false. Only users who meet the conditions specified by the validSource trigger (boolean value returned = true) are synced.
You can implement the validSource trigger as follows:
- Add the validSource trigger in the sync.json file (located in the /path/to/idm/conf directory). You can either specify the condition to meet or the script to call. For example: