Is it possible to configure One Identity as master on a subset of all AD-groups? We want to be able to take full control over specific groups (preferably via a flag on the groups) while still remaining in partial control over all other groups.
- If a user is added directly in AD and not in OneIM, this membership is removed in the next sync
- If a user is added directly in AD and not in OneIM, this membership is synced into OneIM
I'm thinking that I can create a new mapping/workflow in the sync-project for the full control groups, but I'm not sure how to solve this.