We are working on an integration between SailPoint and AWS Identity Center. Our goal is to automatically disable a user’s account in SailPoint when they are disabled in AWS Identity Center. We have a connector set up, and basic provisioning is functional, but we need guidance on handling the disable flag specifically.
We need to know the recommended method for getting the “disabled” status of a user from AWS Identity Center to trigger a disable action in SailPoint. We want this to be an automated process as part of our identity lifecycle management.
Questions:
Is there a specific attribute in the AWS Identity Center schema that we can map to the SailPoint IIQDisabled flag during aggregation?
If an attribute-based mapping isn’t standard, what is the best practice for detecting a disabled user in AWS Identity Center?