How to map 'disabled' flag to SailPoint during AWS Identity Center integration

rbheemreddy · November 19, 2025, 7:17pm

Which IIQ version are you inquiring about?

8.4P2

We are working on an integration between SailPoint and AWS Identity Center. Our goal is to automatically disable a user’s account in SailPoint when they are disabled in AWS Identity Center. We have a connector set up, and basic provisioning is functional, but we need guidance on handling the disable flag specifically.

We need to know the recommended method for getting the “disabled” status of a user from AWS Identity Center to trigger a disable action in SailPoint. We want this to be an automated process as part of our identity lifecycle management.

Questions:

Is there a specific attribute in the AWS Identity Center schema that we can map to the SailPoint IIQDisabled flag during aggregation?
If an attribute-based mapping isn’t standard, what is the best practice for detecting a disabled user in AWS Identity Center?

alfi_fulgencio · November 20, 2025, 1:45am

You should use the schema attribute “active“ for this. We are using the scim2.0 connector

rbheemreddy · December 5, 2025, 12:39pm

Hi Alfi, Thank you for the suggestion. I’m new to SailPoint, so could you please elaborate more?

alfi_fulgencio · December 5, 2025, 9:09pm

so scim connector has a field called “active“ which is a boolean. in the customization rule you create a rule and add code like this example:

boolean isActive = Boolean.TRUE.equals(object.getAttribute(“active”));

String acctName = object.getIdentity();

if (“Active”.equalsIgnoreCase(isActive)) {
object.put(“IIQDisabled”, false);
log.debug(" [" + acctName + “], assuming active account.”);

} else {
object.put(“IIQDisabled”, true);
log.debug(" [" + acctName + “], marking IIQDisabled as true.”);

}

rbheemreddy · December 5, 2025, 9:14pm

Thank you for the detailed explanation, let me try this.

rbheemreddy · December 5, 2025, 9:59pm

Actually, we are using out-of-the-box AWS IdC connector, it doesn’t have any attribute which says active or inactive to override.

alfi_fulgencio · December 12, 2025, 3:53am

hmm ok , try adding that field and see if you can pull it .

pattabhi · December 12, 2025, 4:18am

Useful article to understand active and inactive accounts and identities.

Understanding active and inactive accounts and identities: IIQDisabled - Compass

system · February 10, 2026, 4:18am

This topic was automatically closed 60 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Disabled accounts ISC Discussion and Questions identity-security-cloud , provisioning , accounts	6	1399	January 28, 2024
SCIM 2.0 Enable and Disable Response ISC Discussion and Questions identity-security-cloud	3	565	July 13, 2023
Disable Account / Lock Account IIQ Discussion and Questions identityiq	7	39	February 12, 2026
SAP GRC - Access Management Integration mode - Identity attribute inactive = true then disable all SAP GRC Systems IIQ Discussion and Questions identityiq	2	125	August 6, 2024
How do I disable the SailPoint source? ISC Discussion and Questions	6	2728	July 19, 2023

How to map 'disabled' flag to SailPoint during AWS Identity Center integration

Which IIQ version are you inquiring about?

Related topics