Currently, I am working on a usecase with AzureAD. The setup is as follows: we have a security system with two endpoints, let's say one is the parent endpoint which only provisions guest/invited users, and the other endpoint provisions only admin accounts(Note that both endpoints provision to a single AzureAD and admins have ‘.admin’ extension before the domain part).
Now the JML is working perfectly, let's say the accounts are disabled at the AzureAD. When I start to test the Rehire scenario, enable account tasks are getting generated correctly for the two accounts of two endpoints. Still, a new account task is also generated(because joiner has the same conditions) because the invited users have a different extension and the accountNameRule is written differently.
In the user update rule, I am creating enable account tasks for both endpoints and re-running the technical rules which I have just for this scenario. The technical rules contain only the AADGroups for the parent endpoint and another technical rule contains only the AADGroups needed for the admin endpoint.
What can be done here so the new account task won't be generated? Or is there a way that we can check if an account exists at a particular endpoint so it won't generate another new account task?
Another thing to note here is that when I tried to trigger the rehire rule for user1, it triggered the perfect tasks that were needed, but when I tried to trigger the same rule for the new user, it triggered the new account task.