An orphan account is a login account which is not linked to a (valid) identity. In other words, while it is evident that the account exists, it is unclear who it belongs to.

Orphan accounts represent two kinds of security risk:

  • If the account actually has no owner, or the owner has left, they represent an elevated risk of misuse, since any unusual use of the account will not be detected by the account's (absent) owner.
  • Orphan accounts cannot be reliably deactivated when their owner leaves, because of the missing linkage to that owner.

Orphan accounts are related to, but not the same as, orphan users, which are users whose relationship to the organization is undefined, but whose identity is known.

A dormant account is one with no recent login activity. A dormant user profile is one that contains (at most) only dormant accounts. An orphan account is one not attached to a user profile (owner). An orphan user profile is one not linked to the organization, through a supervisor/manager.

Hitachi ID Identity Manager can be used to find orphan and dormant accounts and orphan and dormant user profiles:

  • ID mapping processes (automated, attribute-based or self-service) link accounts to user profiles.

  • Org-chart import (from HR, AD, etc.) and update workflows link users to their managers.

  • The last login time and date can be extracted from each managed system, for each account. Accounts that have not logged in recently can be flagged as dormant.

Reports are provided in Hitachi ID Identity Manager to identify orphan and dormant accounts and user profiles as per the above definitions. Report output can be fed directly into remediation requests (e.g., to disable dormant accounts) or into audit requests (e.g., to request further investigation).

Return to Identity Management Concepts