Identity and access management systems become crucial part of e-infrastructures. They provide delegation of access rights management which means each group or resource can be managed by a different managers. Thanks to that, functional ecosystem was made, enabling autonomous management of access rights across whole infrastructure without need of global administrator of identity and access management system. We would like to extend possibilities of autonomous management even more by incorporating CSIRT teams (CSIRT - Computer Incident Response Team) into the access management systems. In case of security incident when user account is compromised, the CSIRT team needs to suspend that account across all services within whole infrastructure. By doing that the attacker cannot continue with the attack. New role was created in a workflow inside the identity and access management system in order to support CSIRT teams. This role can override access rights granted by manager of group or resource which implies suspending user accounts on related services. Support of identity deprovisioning by identity and access management system is necessary requirement to implement described functionality. In addition, it is possible not only to suspend access of compromised account to the services themselves but also to suspend running jobs within the services, for example suspend already running virtual machines in cloud infrastructure or running jobs on computational grid. Incorporation of CSIRT teams into identity and access management systems is simple straightforward evolution of existing capabilities of current AAI infrastructures. Proper implementation of this solution significantly helps with security incident mitigation which is beneficial for both users and members of the CSIRT team. Real life example will be show on a identity and access management system Perun which supports described functionality.