now we have a case where we have to integrate a system with One Identity Manager through manual provisioning. For example, a user create a request for access to the system, and when a request is approved the administrator of a system give an access for the user in a system manually, IDM doesn't make a provisionong operations in a system.
Now we see two way for solve this case:
1. When a request approved of all approvers the request come to the last step of approval workflow (Admins of a custom system). Admins make a changes in a system manually and then "approve" this request on their step.
2. When a request approved of all approvers provisioning processes start (for example processes of event Insert to ADSAccountInADSGroup table). In that processes we create a request to the Admins of a system to make a changes.
What way do you prefer? What are the best practice for this case? What do you think?