How to prevent sudden source changes

AsGoyal · February 17, 2026, 5:09am

Hey All,

Just wanted to check if there is any way similar to account deletion threshold under source configuration for aggregation to prevent bulk/sudden changes to number of active or inactive accounts?

Kind regards,

Aayush

Chaithu9110 · February 17, 2026, 9:53am

No we don’t have that option in SailPoint ISC. you can subscribe notification via workflow but you can’t cancel

JackSparrow · February 17, 2026, 9:57am

Yes, we don’t have any OOTB option. But see if you can play around native change detection option using workflows.

AsGoyal · February 17, 2026, 8:14pm

Hey

sure will check the same.

Deepak_Chaudhary · February 18, 2026, 5:22am

@AsGoyal In SailPoint Identity Security Cloud (ISC), there is no out-of-the-box (OOTB) “circuit breaker” specifically for bulk changes to account status (Active/Inactive) similar to the Account Deletion Threshold

You can use the given best practices:

Native Change Detection (Workflow)
You can build a SailPoint Workflow to act as a monitoring layer:
Trigger: Use the Aggregation Completed trigger.
Action: Use an HTTP Request or Search step to count the number of identities whose lifecycle state or account status changed during that window.
Safety: While this cannot automatically “stop” the aggregation that already finished, it can trigger an immediate alert or a second workflow to “disable” subsequent provisioning to downstream systems if a certain percentage is exceeded.
Identity Profile “Lifecycle State” Safeguards
Since status changes usually trigger lifecycle transitions (e.g., Active to Inactive), you can add a safety buffer at the identity level:
Separate States: Create an “Intermediate Inactive” state that holds users for a period (e.g., 24-48 hours) before revoking access.
Notifications: Configure the transition to this state to email the IGA team if the bulk change was unintentional.
Source Filtering (Connector Level)
If you are using a Direct Connect source (like Active Directory or a JDBC source), you can apply Aggregation Filters to exclude specific OUs or status values. This prevents ISC from even “seeing” the changed records, effectively freezing their current state in the system until you verify the source data.

AsGoyal · February 18, 2026, 6:27am

Thank All,

I will check the approach.

Topic		Replies	Views
Configuring termination thresholds ISC Discussion and Questions workflows , aggregation , identity-security-cloud	5	121	October 27, 2025
Delete account when LifecylcleState changes from inactive to 10days ISC Discussion and Questions workflows , identity-security-cloud	7	247	November 22, 2024
Add a safety threshold for the Delete Accounts feature (in an Identity Profile's Lifecycle state) ISC Discussion and Questions identity-security-cloud , provisioning	3	37	February 10, 2026
How to cancel an in-progress source aggregation ISC Discussion and Questions aggregation , identity-security-cloud	14	657	November 18, 2024
Disable Account Source ISC Discussion and Questions identity-security-cloud , sources	9	568	November 23, 2024

How to prevent sudden source changes

Related topics