Orphaned accounts are user accounts or identities (human or non-human) that remain active in a system despite no longer having a valid owner, purpose, or authorized user — often left behind when employees leave, projects end, or applications are decommissioned.
⚙️ How Does It Work?
IGA platforms identify orphaned accounts by comparing active accounts against HR records and application usage data. Accounts without a matching active employee or recent usage are flagged for review and decommissioning.
📍 Where Is It Used?
Every enterprise environment — orphaned accounts accumulate over time and are a pervasive, often underestimated security risk.
💡 Real-World Example
A penetration test discovers an orphaned service account from a decommissioned application two years ago. The account still has domain admin privileges and a 5-year-old password. The tester uses it to take over the entire Active Directory — demonstrating how orphaned accounts become prime attack vectors.
🔗 Related Terms
Stay Ahead in Identity Security
Get weekly IAM, PAM & IGA insights via Identity Pulse.
Subscribe to Identity Pulse →