We have onboarded AWS Identity Center to SailPoint ISC with the CIEM AWS connector, but the connector does not support disabling of accounts.
Now we have a number of terminated identities who still have an active AWS account, because it is a manual process, that is not always followed, which is becoming a problem.
Can SailPoint add the Disable and Delete features to the CIEM AWS connector, so we could automate this?
Hello and welcome back,
For this you need to set up 2 connectors. One for CIEM and one for provisioning. From my understanding the CIEM connectors are Read-Only. You will want to set up an AWS Connector with out CIEM enable to set all the provisioning policies. Also verify that in your Identity Profile you have added this connector to the inactive life cycle state as an account you want to have disabled.
We were advised by a SailPoint Engineer to work with support on setting up CIEM connectors. This is so that you can be sure that it was set up correctly as from what we were told this config is more complex then what first meets the eye.