So the standard setup SQL(HR)-> FIM -> AD
IT wants to approve new accounts before they are created in AD, I understand the Sync process bypasses all AuthN & AuthZ workflows.
We're trying to keep away from writing a custom workflow so just wanted to run this by some one to see if something like it is feesable.
Sync process goes from SQL -> FIM and puts the person in a set based on an Attribute that's the "Not Approved Set"
There's a MPR that runs a AuthZ workflow for the IT Approval.
Upon approval the user is moved from the "Un-Approved" set to the "Approved Set" (both attribute based) and then Synced into AD.
Is this secanario even possible, or will the AuthZ workflow still get bypassed because it's the FIM Sync Service running the show?